# 主动式安全智能系统

- 来源：Tomer Tunguz 博客（VC 分析）
- 发布时间：2026-04-14 08:00
- AIHOT 链接：https://aihot.virxact.com/items/cmoczwm660077slkq20iq7aw0
- 原文链接：https://www.tomtunguz.com/artemis

## AI 摘要

前Amazon GuardDuty负责人Shachar Hirshberg与Abnormal Security前AI负责人Dan Shiebler创立Artemis，推出新一代安全智能平台以应对AI时代的自主化攻击。该平台通过语义理解、智能体检测和闭环学习三大技术，将传统SIEM升级为具备自主推理能力的安全系统。Artemis已在数月内部署至十余家大型企业，每小时处理超10亿起安全事件，并完成A轮融资。

## 正文

At the heart of every security team, there’s a database. That database records each time a user logs in, every packet of inbound traffic, & each attempted attack. Architected before AI, these SIEM systems are wooden shields in an era of autonomous attackers.

The consequences are mounting. Deepfake scams have stolen tens of millions. AI-generated phishing bypasses legacy filters. As Mythos has shown, the sophistication of attacks will only increase.

Shachar Hirshberg & Dan Shiebler saw this opportunity. Shachar led the Amazon GuardDuty product, scaling the business to over 80,000 customers. Dan built & led the 60-person AI/ML team at Abnormal Security. Together, they started Artemis to build a database to power defenses for modern security teams. Within a few months, they have more than a dozen production enterprise deployments & are processing over a billion events per hour. We are excited to partner with them at the Series A, along with our friends at Felicis, Brightmind, & First Round.

At the core of this new SIEM are three technologies :

Semantic understanding. To a traditional SIEM, a log is just a string of text. It has no understanding that “jdoe” in Okta & “john.doe” in AWS are the same person, or that a sequence of individually benign actions might constitute an attack. Artemis turns raw logs into a living model of the customer’s environment : users, assets, relationships, & security posture.

Agentic detection. Legacy platforms rely on brittle, hand-written rules. An engineer writes a detection rule : “if events A, B, & C happen in sequence, fire an alert.” It works for a couple months. Then a new service gets added, log formats change, & the rule breaks. Artemis’ detections include multi-step reasoning agents that dynamically query data, perform aggregations, & reason about context to confirm a threat before ever surfacing an alert.

Closed-loop learning. Legacy platforms get worse over time : static detections degrade with changing data & behaviors. Artemis gets better : with each incident or proactive threat hunt, the system identifies new patterns. These are converted into permanent detections that are researched, validated, & maintained fully autonomously.

The result is a platform that doesn’t just store & search data, but reasons about it autonomously.

If you’re interested in learning more or joining this mission, check out the open roles at Artemis & Shachar’s post
