When Sunil Kotagiri left a comfortable executive role at Cisco to launch a cybersecurity startup powered by artificial intelligence, he wasn’t chasing a trend. He was responding to a problem he had watched metastasize over two decades in enterprise technology: the sheer volume of cyber threats had outpaced the human capacity to manage them. His company, Astelia, recently closed a seed funding round, and his candid account of the fundraising process, the technical vision behind the company, and the state of AI-driven cybersecurity offers a window into what it takes to build a venture-backed startup in one of tech’s most crowded sectors.
According to Business Insider, Kotagiri’s pitch to investors centered on a straightforward thesis: existing cybersecurity tools generate an overwhelming number of alerts, most of which are false positives, and security teams are drowning. Astelia’s AI-based platform aims to automate the triage and investigation of those alerts, reducing the burden on human analysts and allowing them to focus on genuine threats. It is a proposition that resonates in a market where the global cybersecurity workforce gap stands at roughly 3.4 million unfilled positions, according to the (ISC)² Cybersecurity Workforce Study.
A Founder’s Playbook for Raising Seed Capital in a Skeptical Market
Kotagiri’s fundraising experience was anything but smooth. As he told Business Insider, the process required more than 100 investor meetings before the round came together. He described a venture capital environment that has grown considerably more cautious since the frothy days of 2021, with investors demanding clearer evidence of product-market fit, even at the seed stage. The bar has risen, he noted, and founders who walk into meetings with only a slide deck and a vision are likely to walk out empty-handed.
His advice to other first-time founders was practical and unvarnished. Kotagiri emphasized the importance of building relationships with investors well before a formal fundraise begins. He recommended that founders treat early conversations as information-gathering exercises rather than pitches, using them to refine their narrative and understand what specific investors care about. He also stressed the value of having at least a working prototype or early customer traction — something tangible that demonstrates the technology works beyond a theoretical level.
Why VCs Are Pouring Money Into AI Cybersecurity — and Why Many Will Lose
The broader market context for Astelia’s raise is significant. Venture capital investment in AI-focused cybersecurity startups has surged over the past 18 months. According to data from PitchBook, cybersecurity startups collectively raised more than $7.3 billion in venture funding in 2024, with a disproportionate share going to companies incorporating AI and machine learning into their core offerings. The appetite is driven by a convergence of factors: the escalating sophistication of cyberattacks, the persistent talent shortage in security operations centers, and the growing regulatory pressure on enterprises to demonstrate adequate cyber defenses.
But the flood of capital has also created a crowded field. Dozens of startups now claim to use AI for threat detection, incident response, or vulnerability management. Established players like CrowdStrike, Palo Alto Networks, and SentinelOne have all integrated AI capabilities into their platforms, making it harder for newcomers to differentiate. Kotagiri acknowledged this competitive pressure in his interview with Business Insider, arguing that Astelia’s advantage lies in the specificity of its approach — focusing on alert triage and investigation rather than trying to be an all-in-one security platform.
The Alert Fatigue Problem Is Real — and Getting Worse
The technical problem Astelia is targeting is well-documented. A 2024 report from Vectra AI found that 67% of security operations center (SOC) analysts said they cannot manage the volume of alerts they receive daily, and 71% expressed concern that they might miss a real attack buried in the noise. The average enterprise SOC receives thousands of alerts per day, and studies have consistently shown that the majority — often upwards of 90% — are false positives or low-priority notifications that require no action.
This alert fatigue has real consequences. When analysts are overwhelmed, response times slow, genuine threats go uninvestigated, and burnout drives experienced professionals out of the field entirely. The problem creates a vicious cycle: as staffing shortages worsen, remaining analysts face even greater workloads, which accelerates turnover. Kotagiri’s bet is that AI can break this cycle by handling the initial triage — sorting, correlating, and prioritizing alerts — so that human analysts spend their time on the incidents that actually matter.
The Technical Architecture: What Sets Astelia Apart From the Pack
While Kotagiri was careful not to reveal proprietary details about Astelia’s technology stack, he described a system built around large language models that have been fine-tuned on cybersecurity-specific data. The platform ingests alerts from a customer’s existing security tools — firewalls, endpoint detection systems, cloud security platforms — and uses AI to correlate them, assess their severity, and in many cases, automatically close alerts that meet certain criteria for being benign. For alerts that require human attention, the system provides analysts with a pre-built investigation summary, including relevant context and recommended next steps.
This approach places Astelia in a growing category of startups building what the industry has begun calling “AI SOC analysts” — virtual agents that can perform many of the routine tasks currently handled by junior security analysts. Other companies in this space include Torq, which recently raised $70 million in a Series C round for its AI-driven security automation platform, and Dropzone AI, which has attracted attention for its autonomous investigation capabilities. The competitive dynamics are intense, and the winners will likely be determined not just by the quality of their AI models but by their ability to integrate with the sprawling array of security tools that enterprises already have in place.
Enterprise Buyers Are Interested but Cautious About AI in Security
Despite the hype, enterprise adoption of AI-powered security tools remains measured. Chief information security officers (CISOs) are acutely aware of the risks involved in delegating security decisions to automated systems. A misconfigured AI model that closes a genuine threat alert as a false positive could have catastrophic consequences. As a result, most enterprises are deploying AI security tools in a “human-in-the-loop” configuration, where the AI makes recommendations but a human analyst retains final authority over critical decisions.
Kotagiri acknowledged this dynamic, telling Business Insider that Astelia’s initial go-to-market strategy is designed to build trust incrementally. The platform starts by handling low-risk alert categories autonomously, proving its accuracy over time before customers grant it authority over more sensitive alert types. This graduated approach mirrors the strategy employed by other successful AI security startups and reflects a broader industry consensus that full automation of security operations is still years away.
The Regulatory Tailwind and the Talent Crunch
Two macro forces are working in Astelia’s favor. First, regulatory requirements around cybersecurity are tightening globally. The SEC’s new rules requiring public companies to disclose material cybersecurity incidents within four business days have increased pressure on security teams to detect and assess threats faster. The EU’s NIS2 Directive, which took effect in October 2024, imposes similar obligations on a wide range of organizations operating in Europe. These regulations create a compliance-driven demand for tools that can accelerate incident detection and response.
Second, the cybersecurity talent shortage shows no signs of abating. The gap between the number of qualified security professionals and the number of open positions has widened for several consecutive years. This structural imbalance means that even well-funded enterprises cannot simply hire their way out of the alert fatigue problem. AI-powered tools that can augment existing teams — doing the work of two or three junior analysts — represent a compelling value proposition for CISOs operating under budget constraints and hiring freezes.
What Comes Next for Astelia and the AI Security Market
Kotagiri’s immediate priorities are product development and early customer acquisition. With the seed round closed, Astelia is focused on expanding its engineering team and onboarding design partners — early customers who will use the platform in production environments and provide feedback to refine the product. The company plans to pursue a Series A round within the next 12 to 18 months, and Kotagiri indicated that demonstrating measurable reductions in alert response times and false positive rates for those early customers will be the key metrics investors will scrutinize.
The broader AI cybersecurity market is entering a period of consolidation and maturation. The initial wave of enthusiasm is giving way to a more discerning phase in which investors and buyers alike are separating genuine technical innovation from marketing hype. For Astelia and its competitors, the next two years will be decisive. The startups that survive will be those that can demonstrate not just that their AI works in controlled environments, but that it delivers measurable, repeatable value in the chaotic, high-stakes reality of enterprise security operations. Kotagiri, with his decades of experience inside one of the world’s largest networking companies, appears to understand the magnitude of that challenge — and the opportunity it represents.