Above Security raises $50M to redefine insider risk in the age of AI agents
Read more
Orel Agmon
Mar 24, 2026
Orel Agmon
Mar 24, 2026
I'm Orel Agmon, Director of Growth at Above Security, and for years I worked in defense and finance. After almost four years in a startup, I decided I wanted to pursue a cyber career (as every Israeli seems to do eventually). The prospect was exciting and terrifying: to effectively transition careers you need new knowledge, and you need to get it from the right people.
So, I started learning. Not from ChatGPT or some online course, but from actual people who've been in the trenches. Real CISOs, security leaders, VCs, founders. Then I met Aviv and was introduced to the concept of insider risk. When he showed me what they were building, I basically told him whether you want me or not, I'm joining. This space is all about understanding human behavior in the context of business. I may hate coding, but I love people and psychology.
I'll never forget one of my early conversations with a CISO at a major organization. This guy had over 3,000 employees, a solid security program, executive buy-in. Everything you'd want. And he told me something that stuck: "We spend a fortune on security. What we don't have is confidence."
The more I spoke with security leaders, the more validated I felt in my decision to join Above. One quote completely reframed how I think about insider risk: "80% of attack models could be categorized as insider threats. Ransomware, phishing. We call them separate problems, but they're all variations of the same thing." That's when it clicked. Phishing creates compromised insiders. Business email compromise works through social engineering. Even sophisticated external attacks rely on legitimate credentials. Everything comes down to insider risk.
What excited me about Above's approach was that we weren't building another monitoring tool — we were solving the context problem. During early demos, I watched CISOs react when we showed them our behavioral narratives. Instead of isolated alerts, they could see the full story of what an employee was doing and why.
Most teams don't have comprehensive insider risk programs, and even those who do struggle to find a baseline for identifying anomalies. From SOC leaders to CISOs, the story was the same: "Simple cases like ChatGPT data uploads take a day to resolve. Complex cases require external forensics help. The challenge is aggregating data to build the complete story."
I remember one demo where we showed a real customer case: a product manager who had applied to a competitor, started following their employees on social media, had an interview, accepted an offer, then created an enterprise account strategy document with sensitive customer information — and asked ChatGPT how to explain their product strategy without disclosing the confidential roadmap. The reaction was immediate: "This is what we've been missing. Not just the alert, but the complete behavioral context that shows intent."
Meeting after meeting, the validation continued. One CISO told me: "I've evaluated many insider threat products over 15 years and generally not impressed. UEBA misses the mark and shows already known information. We've never seen it done right." That was until we walked through our platform.
Here's what drives me crazy about this market: insider risk is THE most talked about threat in cybersecurity, but it's one of the least purchased solutions. Why? Because what everyone calls "solutions" are just more alerts. More noise. More investigations that lead nowhere.
Traditional tools can't detect nuanced threats like a product manager systematically preparing to steal your top 10 accounts. They see individual file accesses, not the behavioral pattern that reveals intent. That's the difference between reactive and proactive defense.
We're not just solving a technical problem — we're solving a confidence problem. Organizations don't need more data. They need confidence in their decisions. Security built on raw alerts creates anxiety and burnout. Security built on context and behavioral understanding creates the confidence that CISOs desperately need.
That's not just a product. That's a fundamental shift in how we think about protecting organizations. The market is ready, the pain is real, and it’s about damn time someone figured this out.
Above Security is an AI-native managed insider threat platform built to make insider risk proactive and operational through behavioral intelligence. Powered by a fleet of highly specialized AI investigators, Above analyzes behavior of both humans and their AI counterparts to surface real risk without rules, policies, or configuration. Above prevents and responds to insider risk with both in-the-moment coaching to stop risky behavior in real time and automatically produced evidentiary timelines that security, legal, and HR can actually use in the event of a real incident.
Want to see how Above Security can up your game?
