- London-based Infrawatch has raised $3 million in a pre-seed round co-led by Outward VC and Triple Point Ventures
- Founded by Lloyd Davies, a 26-year-old former threat intelligence researcher at CrowdStrike and PwC, the company processes tens of billions of events daily
- The funding will support team growth, accelerate platform development ahead of a general launch in 2026, and enable early enterprise deployments in the US
Lloyd Davies started working in security research when he was 12. By the time he was 26, after working with PwC’s security intelligence team and CrowdStrike’s nation-state threat unit, he saw a common problem: security and fraud teams relied on multiple separate intelligence feeds that were not updated in real time and did not provide a single view of attacker infrastructure.
To tackle this issue, he started Infrawatch in 2025.
The startup just raised $3 million in pre-seed funding, co-led by Outward VC and Triple Point Ventures, with backing from Portfolio Ventures and fintech and cybersecurity angel investors.
The London startup processes tens of billions of events each day, classifying internet infrastructure such as IP addresses, domains, proxies, VPNs, and command-and-control servers connected to cyberattacks, fraud, phishing, and online abuse.
Current tools only address parts of cyberattacks. Platforms like Recorded Future and GreyNoise provide information on known malicious activity, but these are limited solutions. DNS intelligence, IP reputation, VPN detection, and phishing monitoring are typically handled separately, resulting in a fragmented approach.
Infrawatch’s platform offers a unified intelligence layer to replace separate solutions. Its engine combines several data-collection methods, including passive DNS, active scanning, honeypot networks, and proprietary infrastructure, all of which support one another.
According to Davies, the platform can replace six different tools. It has more than 1,000 detection rules, and security teams can set up custom detections to track threats that matter to them.
The five-person team has experience at companies such as CrowdStrike, Recorded Future, Intel 471, IBM, and the Dutch government, and is spread across several countries. Davies admits the team is mostly male, which is common in the industry.
“The cyber industry does need more diversity — it’s a problem that needs solving. Having different backgrounds, different experiences, and different cultures really does contribute to building a better product,” he says to Tech Funding News. Infrawatch has started diversity hiring plans as the company grows.
“Lloyd and his team bring the rare combination of technical excellence, operational grit and domain obsession that this challenge demands, and we are excited to support them as they build a category-defining company,” adds Andi Kazeroonian, principal at Outward VC.
The funding will help Infrawatch grow its team, expand its data infrastructure, and enter the US market, where security and intelligence teams have already shown strong interest. The US launch is planned for late 2026 or 2027.
Davies says that changes in the threat landscape are making Infrawatch more important. “We’re already seeing much more traffic related to AI agents acting on behalf of users. A year ago, I would never have said that. We would be defending from actual people, but a lot of traffic we tag and classify now is from agents or related to AI.”
He also expects greater challenges in internet infrastructure, where state censorship leads to increased use of alternative routing and VPNs.
