For over twenty years, security operations teams have struggled with the widening gap between alert volumes and response capacity. With industry-wide staffing shortages of 26% to 45%, pressure remains intense. Surveys reveal that 71.6% of researchers and analysts now spend most of their time triaging alerts, filtering false positives, and documenting workflows, rather than deepening expertise or proactively hunting threats. This situation leads to frustration, burnout, and missed opportunities to strengthen organisational defences.
Legion has moved from stealth mode into the cybersecurity spotlight, securing $38 million in Seed and Series A funding led by Coatue, with Accel and Picture Capital also participating. While the current valuation remains undisclosed, co-founder and CEO Ely Abramovitch emphasises the significant opportunity ahead: “Our investors understand this isn’t just an incremental upgrade; Legion is setting out to redefine what’s possible in AI-driven security operations.”
The team’s mission is reflected in their approach to challenging the status quo: a browser-native AI Security Operations Centre (SOC) platform designed to scale and automate threat investigations. It learns directly from each organisation’s unique processes, eliminating friction caused by complicated integrations and inflexible playbooks.
As Abramovitch tells TFN: “SOC teams are burning out, and the tools designed to help them are often just adding complexity. Our mission is simple: put human talent back at the centre, and let AI do the grunt work.”
Meet the founders: Built on experience and insight
Legion’s roots trace back to the founders’ extensive backgrounds in enterprise security and advanced artificial intelligence. Ely Abramovitch (CEO) previously led product management at Microsoft Security, guiding Microsoft Sentinel to generate over $1 billion in annual recurring revenue. He was also an early team member of Indegy, which Tenable later acquired.
Michael Gladishev (VP R&D) spent more than 12 years at Microsoft, where he played a key role in developing Azure Sentinel and managing engineering teams for large-scale, cloud-native SIEM architectures. And Eyal Fisher (CTO) is an AI thought leader and entrepreneur, having co-founded a generative AI company, ART AI, and another cloud security startup, with research experience at the University of Cambridge.
Their motivation stems from extensive hands-on experience, particularly in leading and expanding global SOC operations. Abramovitch explains: “Legion was born out of firsthand experience, seeing security teams drowning in alerts, hamstrung by rigid tools, and unable to keep up as attackers started using AI themselves. We knew there had to be a better way.”
Despite being in its early growth phase, Legion’s leadership is committed to shaping the company as thoughtfully as they’ve crafted the technology. Abramovitch affirms: “We’re committed to building a company reflective of our values, exceptional talent from every background and identity.” Scaling their team, investing in engineering and go-to-market, and keeping inclusion and adaptability at the forefront are core to Legion’s next stage.
AI that learns and scales your unique workflows
Legion’s technology uniquely integrates AI directly into the tools teams use daily, a browser extension driven by proprietary vision models that monitor, learn from, and log analysts’ actions. Whether performing simple triage or tackling complex investigations, Legion observes and automates the most critical processes.
Unlike many platforms that rely on cumbersome, API-heavy integrations or force organisations into rigid playbooks, Legion’s setup takes just minutes and works effortlessly with any browser-accessible system: SIEMs, threat intelligence platforms, email tools, and even custom internal systems. This “see, learn, automate” approach enhances team expertise with AI support, rather than requiring teams to adapt to new technology.
When authorised, Legion can transition from observation to active intervention, investigating threats and executing responses at any scale, with or without analysts involved, without increasing staff.
As Abramovitch highlights: “We’re not here to replace analysts; we’re giving them superpowers. Legion scales your team’s unique instincts across the entire organisation, without forcing you to re-architect your stack.” According to early adopters, Legion can cut investigation and response times by up to 90%, delivering results equivalent to adding nine new analysts, without a single extra hire.
While some organisations segment the market into AI Assistants for SIEM (“copilots”), API-driven SOAR automation systems with playbooks, or agents for alert triaging, Legion fundamentally reimagines the entire approach. As a browser-native system that learns through direct observation within an organisation’s environment, Legion avoids rigid integrations, instead offering smooth, custom automation tailored to each team’s actual workflows rather than fixed processes.
What’s next for Legion?
Legion, already supporting SOCs in Fortune 500 companies across finance, healthcare, and energy sectors, demonstrates how combining human insight with flexible AI automation can create a significant impact. The recent funding will accelerate AI development, expand international presence, and further the goal of prioritising people over technology in security operations.
As Abramovitch looks to the future, his conviction is clear: “We’re here to transform how security work gets done. AI should amplify your best people, not replace them. That’s what Legion stands for.”
