Mandia Launches Armadin With Record $189.9M Raise

Kevin Mandia sold Mandiant to Google for $5.4 billion in 2022. Now he's back with Armadin, an AI-native cybersecurity startup that just pulled in a record-shattering $189.9 million in combined Seed and Series A funding — the largest early-stage raise in cybersecurity history. The message is clear: the man who defined modern threat intelligence thinks everything he built before is about to be obsolete.

The Bet: Humans Can't Keep Up

Mandia's thesis is blunt and uncomfortable. Within a few years, virtually all cyberattacks will be AI-driven. Not AI-assisted. Not AI-augmented. Fully autonomous, operating at machine speed, exploiting vulnerabilities faster than any human SOC analyst can blink. He calls them "hyperattacks," and he believes the only viable response is equally autonomous defense.

That's what Armadin is building. The company's core product is an "agentic attacker swarm" — autonomous AI agents that think like adversaries, reason through attack paths, learn from failures, and adapt in real time. Think of it as red teaming on steroids. These agents don't wait for a scheduled penetration test. They continuously probe, exploit, and stress-test an organization's defenses the way a sophisticated threat actor would, but at a speed and scale no human team can match.

It's offense-as-defense, and it's a philosophical departure from how most of the cybersecurity industry still operates. Most vendors are still bolting AI features onto legacy detection platforms. Mandia is building from scratch, AI-native from day one, with the assumption that the threat landscape of 2028 will look nothing like today.

The Money Behind the Mission

The $189.9 million round was led by Accel, with a murderer's row of co-investors: Google Ventures, Kleiner Perkins, Menlo Ventures, 8VC, Ballistic Ventures, and In-Q-Tel — the CIA's venture arm. That last name matters. When the intelligence community's investment vehicle shows up in your cap table at the seed stage, it signals that national security stakeholders already see this technology as strategic infrastructure, not just another SaaS play.

Armadin had actually been operating quietly since late 2025 with a $24 million seed round. The Series A brings total funding to nearly $190 million — a staggering war chest for a company that's barely a year old. But when your founder's last exit was a $5.4 billion sale to one of the world's most powerful tech companies, you don't have trouble getting meetings.

"In the coming years, virtually all cyberattacks will be AI-based, necessitating autonomous defense systems." — Kevin Mandia, CEO of Armadin

The Team

Mandia isn't doing this alone. Armadin's co-founding team reads like a spec-ops roster for offensive security:

• Travis Lanham — CTO
• Evan Peña — Chief Offensive Security Officer
• David Slater — Chief Architect

The company has already hired over 60 employees and, critically, has begun working with Fortune 100 companies. That's not vaporware. That's production deployment at the highest levels of enterprise security, before most people even knew Armadin existed.

The funds will go toward expanding engineering and research teams, wider platform deployment, and developing additional AI models to handle broader attack types with deeper reasoning capabilities. In other words: more agents, smarter agents, faster agents.

Why This Matters Now

Let's be honest about the state of cybersecurity in 2026. The industry is drowning in alerts, starved for talent, and structurally unable to keep pace with attackers who are already weaponizing AI. The agility gap between offense and defense has never been wider.

Traditional security vendors have responded with incremental AI integrations — a copilot here, an anomaly detector there. Useful? Sure. Sufficient? Not even close. If you believe, as Mandia does, that the attack surface is about to be saturated by autonomous AI adversaries, then patching AI onto 20-year-old SIEM architectures is like putting a jet engine on a horse-drawn carriage.

Armadin's approach is fundamentally different. By deploying autonomous offensive agents against your own infrastructure — continuously, adaptively, at machine speed — you're not waiting for threat intelligence feeds to tell you what last week's attack looked like. You're discovering tomorrow's vulnerabilities today. It's the difference between studying the autopsy report and preventing the death.

The Competitive Landscape

Armadin isn't the only company thinking about autonomous security. Startups like Horizon3.ai and Pentera have been pushing automated penetration testing for years. But Mandia's agentic approach — agents that reason, adapt, and collaborate as a swarm — represents a generational leap in ambition. And none of those competitors walked in the door with $190 million, Fortune 100 customers, and the intelligence community already at the table.

The real competitive threat might come from the hyperscalers. Google, which acquired Mandiant, is deeply invested in AI-powered security through its Chronicle and Mandiant integrations. Microsoft's Security Copilot is gaining traction. Amazon has its own expanding security portfolio. But these are platforms optimized for breadth, not depth. Armadin is purpose-built for one thing: autonomous offensive testing at scale. That focus is its edge.

Our Take

This is the most consequential cybersecurity launch in years. Not because of the dollar amount — though $189.9 million at the early stage is genuinely unprecedented — but because of what it signals about where the industry is headed.

Kevin Mandia built the definitive incident response and threat intelligence company of the 2010s. He understands adversaries better than almost anyone alive. If he's saying that the current paradigm is broken and only autonomous AI defense can fill the gap, the industry should listen. Hard.

The risk? Autonomous offensive AI agents, even when deployed defensively, raise serious questions about misuse, containment, and unintended consequences. An attacker swarm that's "on your side" is still an attacker swarm. Armadin will need ironclad guardrails and transparency to maintain trust — especially with government clients.

But the bigger risk is doing nothing. The hyperattack era is here. The question isn't whether autonomous defense will become standard — it's who builds it first, and who builds it right. With this team, this funding, and this mandate, Armadin has the best shot in the industry.