In Monsters, Inc., three-year-old toddler Boo initially thinks that the 8-foot-tall monster named Sulley is a cat. After all, he’s got a fluffy tail, and soft fur, and so he must be totally benign. It’s only when she sees him at his day job, scaring children by roaring at their bedside, that she runs away terrified.

Detection engineering today works similarly. SOC teams write rules based on historical experience with logs to alert them when something really needs their attention. Fangs? Bad. Soft fur? Good! Valid authentication? Great. Privilege escalation on an authenticated admin account? Totally fine. As a result, insider threat is at an all-time high, and connecting the right events to produce a finding is becoming increasingly difficult.

Elite threat hunters, like Nebulock’s Damien Lewke, connect the dots by systematically drawing hypotheses and mapping attack chains. But their work is time-consuming, costly, and often unsupported by tools that can keep up with the speed of modern attacks. Nebulock is building autonomous, always-on threat hunting agents that surface unknown threats, validate hypotheses, and improve continuously through real-time feedback, driving security outcomes and eliminating the long-tail of ambient risk.

From Nation-State Defense to AI-Driven Offense

Damien’s always been the sort of founder to apply offensive thinking to drive outcomes. In Germany, he played professional soccer as a striker, when the mission came calling to join Northrup Grumman and work on cyber hardening for the nation’s nuclear siloes. After the Russia-perpetrated 2016 DNC Hacks, Damien joined Crowdstrike to work on response and recovery, and helped scale the product through IPO. He eventually managed global accounts in APAC at Palo Alto Networks, where he quickly advanced to the role of senior engineer. He later joined Arctic Wolf as an engineering leader, overseeing the development of AI/ML products.

The best threat hunters must combine telemetry from endpoint, managed service providers, networks, and applications to find attackers that have evaded traditional defenses. Damien’s stints across the security industry make him especially well-suited to creating a purpose-driven threat hunting platform that presents real, high-signal findings.

Built for the Realities of Modern Threats

Many associate threat hunting with chasing known IOCs or running YARA scans after a breach, but both activities amount to looking for a static list of malicious indicators and categorically missing the attacks that don’t ring the front doorbell. Credential-based attacks and account takeovers often look benign, since they use legitimate identities to access legitimate applications. Long-lived processes like rundll32.exe and in-memory malware can evade EDRs that are looking for foreign threats, not domestic.

By using AI agents to inspect what other tools have collected and discarded, Nebulock protects organizations against insider threat, detection drift and detection in-efficacy while saving tremendous amounts of time, driving outcomes for customers from day one in production. The platform integrates with existing SIEMs, EDRs, IAMs, and other products, and produces detections that fit contextual risk within that environment autonomously and with hunters-in-the-loop.

Each detection is accompanied with specific evidence citations and response guidance, ensuring that every alert is actionable. Feedback loops through Slack workflows and past hunting activity continuously train the system to improve quality. Instead of generating additional alerts, Nebulock interrogates the data that organizations already collect to surface signals that conventional security tools miss.

Why Nebulock’s Approach Matters Now

Damien has built an exceptional team of hunters and AI engineers, from companies like Crowdstrike, Palo Alto Networks, Mandiant, Expanse, Expel and Dragos. Enterprises across financial services, healthcare and technology are already deploying Nebulock to run autonomous threat hunts and are uncovering real findings from the start.

Existing gaps in the market are well understood: EDRs are bound by endpoint compute and rely on brittle detection pipelines. MSSPs are episodic, service-heavy and talent-constrained. Services firms are specialized and charge by the hour. Nebulock codifies elite hunting into an always-on platform that only improves with increased usage. When CISOs ask, “What are we missing?”, Nebulock is becoming the platform with answers.

We’re proud to support Damien and the Nebulock team as they build a platform that takes action where others wait.