Mandiant founder Kevin Mandia raises $190m for Armadin

Kevin Mandia, the founder of incident-response firm Mandiant, has raised $189.9 million for a new startup called Armadin that promises “autonomous cybersecurity agents,” according to TechCrunch. The round—seed plus Series A—was led by Accel, with participation from GV, Kleiner Perkins, Menlo Ventures, 8VC, Ballistic Ventures, and the CIA-backed In-Q-Tel.

Armadin’s pitch is straightforward: if attackers will soon use AI systems that can probe, adapt and execute intrusions in minutes, defenders need software that can do the same without waiting for humans to triage alerts. Mandia is selling a mirror image of the threat—an “agentic army” for the “white hats”—but the commercial opportunity is less about raw model capability than about who can credibly promise control. As companies push AI agents into production environments—tools that can change configurations, ship code, open tickets, or isolate machines—the failure modes shift from individual mistakes to system design: permissions, escalation rules, logging, and who is allowed to override what.

That shift is convenient for the security industry. The more autonomy is delegated to software, the more organisations need auditable policy layers, exception workflows, and incident narratives that satisfy boards, insurers and regulators. A tool that can act is also a tool that can be blamed—provided the vendor can point to a customer’s configuration choices, or to a “guardrail” that behaved as designed. In practice, the market often rewards products that generate evidence of diligence rather than products that measurably reduce risk; “autonomous agents” add a new surface area for both.

The investor list also signals where this category is headed. Traditional venture capital is joined by security-specialist funds and a US intelligence-linked vehicle, suggesting that “defensive autonomy” is being treated as strategic infrastructure rather than just IT tooling. That tends to produce a two-track market: one set of products for regulated buyers that demand provenance, monitoring and contractual assurances, and another for the rest, where speed and integration win.

Armadin is entering a crowded field of security platforms, but with a familiar playbook: sell the next threat as inevitable, then sell the organisational permission structure required to respond to it.

Mandia previously sold Mandiant to Google for $5.4 billion; Armadin is now asking customers to let software take the first move in incidents where the cost of a wrong move can be counted in downtime, data loss and legal exposure.