Crogl, armed with $30M, takes the wraps off a new AI ‘Iron Man suit’ for security analysts
AI agents are marching across the world of IT, and on Thursday a startup called Crogl is debuting its contribution to the field: an autonomous assistant for cybersecurity researchers to help them analyse thousands of daily network alerts to find and fix actual security incidents. The assistant — described by Crogl’s CEO and co-founder Monzy Merza as an “Iron Man suit” for researchers — has quietly been in deployment already with a number of large enterprises and other big organizations. With today’s move out of private beta, the startup is also announcing $30 million in funding.
The $30 million is coming in two tranches: a $25 million Series A led by Menlo Ventures; and a previous $5 million Seed led by Tola Capital. Albuquerque, New Mexico-based Crogl will be using the funding to continue building out its product, and its customer base.
Security tools, including those aimed at helping parse and remediate the many alerts of potential issues thrown up by existing security software, today number in the hundreds. Sometimes it feels as if there are nearly as many tools as there are security alerts. Crogl, however, is a little different, in part because of who cooked up the idea in the first place.
Merza has a long and interesting background in the security industry. Out of university, he worked in security for the U.S. government’s Sandia atomic research lab. Later he went to Splunk, where he built and led its security business. He then moved to Databricks to do the same.
When Merza started thinking of doing his own thing, instead of launching a startup, he chose to back to industry, taking a job at HSBC, to work among end users to get a sense of pain points from their perspective. With all of that under his belt, he then tapped former longtime Splunk colleague David Dorsey (now Crogl’s CTO) and they got to work.
That was exactly two years ago, with the last year spent building up a customer base in a private beta.
As Merza explained it to me, the name Crogl is a portmanteau of three different other words and ideas. Cronus, the leader of the titans and the god of time, accounts for the first three letters of the name. The ‘g’ comes from gnosis, which means knowledge or awareness. The ‘l’ at the end stands for logic, he added. And in a sense, all that encapsulates what Crogl the startup is setting out to do.
The crux of the problem, as Merza sees it, is that security analysts in operations teams typically can look at and resolve, at maximum, around two dozen different security alerts in a day, but typically they might see as many as 4,500 in that same period.
The tools that have been built up to now, in his view, are not up to the task of being able to evaluate alerts as well as a human can in part because they are coming at the problem in the wrong way.
His and Dorsey’s observation was that security leaders typically like it when their teams see a lot of alerts, because on the principle of reinforcement learning, it means that they are experience and understanding more with each alert they triage.
Of course, that is also untenable, and that is what has driven a lot of security product up to now. “The security industry has been telling people to reduce the number of alerts,” Merza said. “So what if you could have this scenario where every alert was actually a multiplier, and security teams became actually anti-fragile by by having this ability to analyze whatever they want?”
That is effectively what Crogl attempts to address with its approach. Leaning into big data and the idea of the outsized parameters that drive Large Language Models, the startup has built what Merza describes as a “knowledge engine” to power its platform (think “Large Security Model” here). Not only is the platform flagging suspicious activity, it’s learning more about what signals might constitute suspicious activity. And critically, it allows the researchers also to query, using natural language if they want, all alerts to pull out and understand trends and to do more of their work.
Over time, there is potential for Crogl to take on more than just alerts — remediation is a very obvious area, for example, for it to tackle, noted Tim Tully, the Menlo partner who led its investment into the startup.
Tully’s familiarity with the team at Crogl — with also includes founding member Brad Lovering, who had been the chief architect at Splunk, among other impressive roles elsewhere — goes back years: he had been the CTO at Splunk overseeing all their work there.
“I knew what they capable of building. I know that they know the space well. And so it’s that, sort of like the hook in the mouth is just the team in of itself. And I think it’s pretty rare from a venture side that you have like, such experience,” he said. He added that he’d missed the chance to invest at seed stage, and then kept hearing about the product and thought, “enough is enough.” He flew down to Albuquerque, and saw a demo for himself and that sealed the deal. “It felt like the product was like a mapping of Monzy’s security brain in terms of how the problem was solved.”
