Scanner Secures $22M Series A for AI-Powered Security Data Platform
March 17, 2026, 3:51 pm
Scanner recently closed a $22M Series A round. This AI-powered security data platform transforms how enterprises manage and analyze massive security logs. It provides sub-second search capabilities across years of cost-effective object storage, eliminating traditional SIEM limitations. This innovation empowers AI-driven threat hunting and human analysts to rapidly identify and investigate sophisticated threats, fundamentally changing enterprise cybersecurity operations and data accessibility at scale. Sequoia Capital led the funding, accelerating Scanner's engineering and platform expansion.
Scanner, a San Francisco-based firm, has fundamentally shifted the cybersecurity landscape. The company announced a substantial $22 million Series A funding round. This investment fuels the growth of its cutting-edge security data platform. It targets a critical gap in enterprise security operations.
Sequoia Capital spearheaded the funding. Mantis VC also participated. CRV joined the round. Strategic angel investors further bolstered the investment. These included the CEO of Vanta and the former GM of Splunk Security. Other notable backers include Christina Cacioppo, Tom Killalea, and Venkat Venkataramani. These figures represent significant expertise in security and infrastructure. The backing underscores Scanner's potential impact.
The fresh capital has a clear mission. It will scale Scanner's engineering team. It will accelerate the development of its AI-native search index. The company plans to expand its platform capabilities. This supports rising demand for "agentic" threat hunting. It focuses on massive log datasets.
Cybersecurity teams face a persistent dilemma. They grapple with vast volumes of log data. Traditional security information and event management (SIEM) systems offer speed. They search data quickly. However, SIEMs are costly. They typically retain data for limited periods, often just 30 days. This creates a visibility gap.
Alternatively, object storage offers low-cost data retention. Services like AWS S3 store petabytes of raw logs affordably. But accessibility is an issue. Searching these massive archives is slow. Investigations can take hours or even days. This makes rapid threat detection nearly impossible. Large portions of critical security logs become effectively inaccessible. Endpoint Detection and Response (EDR) data and Web Application Firewall (WAF) logs often suffer this fate. This leaves organizations vulnerable.
Scanner built its platform to resolve this conflict. It delivers fast search across long-term log storage. It avoids the high ingestion costs of traditional SIEMs. The company developed a novel indexing system. This system is specifically designed for object storage.
When a query runs, Scanner scales compute resources instantly. It finds results rapidly. Once the task completes, compute resources scale down. Organizations pay only for the compute used during the search. This is a pay-per-query model. It offers unparalleled cost efficiency.
This architecture changes the game for security teams. They can analyze months, even years, of historical data. They achieve results in seconds. Instead of limiting investigations to recent activity, teams gain deep historical insight. New threat intelligence can be applied retroactively. This significantly increases the likelihood of detecting intrusions. Attackers are caught before they cause extensive damage.
The platform is becoming critical infrastructure for AI security agents. These agents autonomously correlate findings. They analyze data across EDR, WAF, and cloud logs. AI systems are inherently data-hungry. Scanner provides data at the scale AI demands. It enables an "agentic era" of cybersecurity.
Automated agents now rank among Scanner's most active users. They continuously query log data. They identify suspicious patterns. They triage alerts. They investigate incidents. These AI-driven workflows allow agents to correlate signals. They compile context for human analysts. This dramatically improves investigation efficiency.
Notion, a prominent Scanner customer, exemplifies this. They deployed "Scruff," a security AI agent. Scruff integrates Scanner with tools like Wiz and CrowdStrike. It gathers context from logs, user activity, and system events. It then presents concise analysis to human responders. This collaboration between AI and human intelligence elevates security posture.
High-growth enterprises already leverage Scanner. Notion, Ramp, BeyondTrust, and Lemonade are key clients. Benchling, Postman, and EliseAI also use the platform. These organizations perform threat hunting across diverse log sources. They manage long retention periods. Previously, such comprehensive searches were economically unfeasible or technically impossible.
Customers report significant benefits. Ramp, for instance, experienced a dramatic increase in searchable history. They moved from weeks to months or even years of accessible data. This capability allows for rapid detection building. It enables searching years of logs for Indicators of Compromise (IOCs). This is a game-changer for security at scale.
The investment reflects a broader industry recognition. Investors see Scanner as foundational. They believe it addresses a core problem. Security teams generate massive data. They can only afford to search a fraction. Scanner offers a new approach. It enables companies to embrace the agentic era.
Scanner’s long-term vision is ambitious. It aims to build the foundational data layer. This layer will power a new era of security operations. In this future, human analysts and AI agents collaborate seamlessly. They operate over complete datasets. This stands in stark contrast to the limited data slices of traditional systems. This comprehensive data access will revolutionize how organizations protect themselves. Scanner is leading this critical evolution. The company is set to define the future of security data.
Scanner, a San Francisco-based firm, has fundamentally shifted the cybersecurity landscape. The company announced a substantial $22 million Series A funding round. This investment fuels the growth of its cutting-edge security data platform. It targets a critical gap in enterprise security operations.
Sequoia Capital spearheaded the funding. Mantis VC also participated. CRV joined the round. Strategic angel investors further bolstered the investment. These included the CEO of Vanta and the former GM of Splunk Security. Other notable backers include Christina Cacioppo, Tom Killalea, and Venkat Venkataramani. These figures represent significant expertise in security and infrastructure. The backing underscores Scanner's potential impact.
The fresh capital has a clear mission. It will scale Scanner's engineering team. It will accelerate the development of its AI-native search index. The company plans to expand its platform capabilities. This supports rising demand for "agentic" threat hunting. It focuses on massive log datasets.
Cybersecurity teams face a persistent dilemma. They grapple with vast volumes of log data. Traditional security information and event management (SIEM) systems offer speed. They search data quickly. However, SIEMs are costly. They typically retain data for limited periods, often just 30 days. This creates a visibility gap.
Alternatively, object storage offers low-cost data retention. Services like AWS S3 store petabytes of raw logs affordably. But accessibility is an issue. Searching these massive archives is slow. Investigations can take hours or even days. This makes rapid threat detection nearly impossible. Large portions of critical security logs become effectively inaccessible. Endpoint Detection and Response (EDR) data and Web Application Firewall (WAF) logs often suffer this fate. This leaves organizations vulnerable.
Scanner built its platform to resolve this conflict. It delivers fast search across long-term log storage. It avoids the high ingestion costs of traditional SIEMs. The company developed a novel indexing system. This system is specifically designed for object storage.
When a query runs, Scanner scales compute resources instantly. It finds results rapidly. Once the task completes, compute resources scale down. Organizations pay only for the compute used during the search. This is a pay-per-query model. It offers unparalleled cost efficiency.
This architecture changes the game for security teams. They can analyze months, even years, of historical data. They achieve results in seconds. Instead of limiting investigations to recent activity, teams gain deep historical insight. New threat intelligence can be applied retroactively. This significantly increases the likelihood of detecting intrusions. Attackers are caught before they cause extensive damage.
The platform is becoming critical infrastructure for AI security agents. These agents autonomously correlate findings. They analyze data across EDR, WAF, and cloud logs. AI systems are inherently data-hungry. Scanner provides data at the scale AI demands. It enables an "agentic era" of cybersecurity.
Automated agents now rank among Scanner's most active users. They continuously query log data. They identify suspicious patterns. They triage alerts. They investigate incidents. These AI-driven workflows allow agents to correlate signals. They compile context for human analysts. This dramatically improves investigation efficiency.
Notion, a prominent Scanner customer, exemplifies this. They deployed "Scruff," a security AI agent. Scruff integrates Scanner with tools like Wiz and CrowdStrike. It gathers context from logs, user activity, and system events. It then presents concise analysis to human responders. This collaboration between AI and human intelligence elevates security posture.
High-growth enterprises already leverage Scanner. Notion, Ramp, BeyondTrust, and Lemonade are key clients. Benchling, Postman, and EliseAI also use the platform. These organizations perform threat hunting across diverse log sources. They manage long retention periods. Previously, such comprehensive searches were economically unfeasible or technically impossible.
Customers report significant benefits. Ramp, for instance, experienced a dramatic increase in searchable history. They moved from weeks to months or even years of accessible data. This capability allows for rapid detection building. It enables searching years of logs for Indicators of Compromise (IOCs). This is a game-changer for security at scale.
The investment reflects a broader industry recognition. Investors see Scanner as foundational. They believe it addresses a core problem. Security teams generate massive data. They can only afford to search a fraction. Scanner offers a new approach. It enables companies to embrace the agentic era.
Scanner’s long-term vision is ambitious. It aims to build the foundational data layer. This layer will power a new era of security operations. In this future, human analysts and AI agents collaborate seamlessly. They operate over complete datasets. This stands in stark contrast to the limited data slices of traditional systems. This comprehensive data access will revolutionize how organizations protect themselves. Scanner is leading this critical evolution. The company is set to define the future of security data.



