Work Here?
Overview
Cyware provides threat intelligence and security automation tools for security teams and collaborative security communities through its Threat Intelligence Platform (TIP) and CTIX Lite. The TIP automatically gathers, enriches, and analyzes threat indicators and distributes real-time alerts, while CTIX Lite offers a lighter entry point and enterprise options add automation and fusion centers, with both integrating with existing security tools. It differentiates itself by enabling collaborative sharing with ISACs/ISAOs, offering free daily threat alerts to grow its user base, and providing strong integration and scalable enterprise solutions. Its goal is to help organizations stay ahead of cyber threats with actionable threat intelligence and automation, supported by subscriptions and technology partnerships.
About Cyware
Industries
Data & Analytics
Government & Public Sector
Enterprise Software
Cybersecurity
Company Size
201-500
Company Stage
Series C
Total Funding
$73M
Headquarters
New York City, New York
Founded
2016
Simplify's Take
What believers are saying
- Bi-directional Microsoft Sentinel integration announced March 2026 accelerates intel sharing.
- Space-ISAC cut detection time to 20-30 minutes using Cyware's fusion solutions.
- $30M Series C in June 2023 fuels Agentic AI expansion for SOC automation.
What critics are saying
- Microsoft Sentinel native STIX/TAXII erodes Cyware's sharing value in 6-12 months.
- CrowdStrike Falcon Fusion bundles SOAR and intel, diverting EDR customers immediately.
- No funding since 2023 exhausts $80.9M runway, forcing shutdown by mid-2027.
What makes Cyware unique
- Cyware powers 80% of ISACs like Health-ISAC and Space-ISAC with STIX/TAXII sharing.
- Cyber Fusion Center transforms legacy SOCs into unified threat lifecycle platforms.
- Agentic AI Fabric launched March 2026 maps threats to MITRE ATT&CK autonomously.
Help us improve and share your feedback! Did you find this helpful?
Funding
Total Funding
$73M
Below
Industry Average
Funded Over
4 Rounds
Industry standards
Benefits
Paid Vacation
Paid Holidays
401(k) Retirement Plan
Professional Development Budget
Conference Attendance Budget
Flexible Work Hours
Remote Work Options
Growth & Insights and Company News
6 month growth
↑ 0%1 year growth
↑ 0%2 year growth
↑ 0%Cyware named a winner in the 2026 Globee(R) Awards for Cybersecurity. April 3, 2026 Cyware has been recognized for the Cyware Intelligence Suite, honored for unifying and accelerating cyber threat intelligence actioning across security teams. Cyware, the leader in AI-powered threat intelligence operationalization, today announced it has been named a winner in the 2026 Globee(R) Awards for Cybersecurity. Cyware was recognized for the Cyware Intelligence Suite, the industry's unified platform for managing, enriching, and actioning cyber threat intelligence at scale. The Globee(R) Awards for Cybersecurity honor companies and solutions that demonstrate excellence in protecting organizations against evolving cyber threats. This year's program evaluated entries across innovation, impact, and the ability to address real security challenges. The Cyware Intelligence Suite brings together threat intelligence management, sharing, and response into a single platform, enabling security teams to move from fragmented data to decisive action faster. Powered by Cyware AI, the suite embeds agentic intelligence across the entire threat intelligence lifecycle, helping analysts investigate threats, prioritize risks, and coordinate response without the delays of manual workflows. This recognition follows a series of recent milestones for Cyware, including the launch of Agentic AI Fabric and recognition by Forbes as one of America's Best Startup Employers 2026. Related resources. Cyware ranked among north America's fastest-growing companies on the 2025 deloitte technology fast 500(TM) for second consecutive year. Cyware recognized for leading innovation in cyber threat intelligence operationalization. Industry Recognition Cyware earns premier 5-star rating in 2025 CRN(R) partner program guide for third year running.
How Space-ISAC is building collective defense for the global space sector with Cyware. April 2, 2026 The space industry faces a convergence of cyber and physical risks with the potential to take down missions and compromise national security. Space-ISAC recognized this reality and turned to Cyware to build something the sector had never had before: a truly connected, intelligence-driven defense community. A threat landscape unlike any other. The global space sector operates across three distinct and deeply interdependent domains. There is traditional IT security, covering SIEMs, EDR/NDR tools, and identity management. Beneath it sits ground and OT infrastructure: mission-critical systems like Telemetry, Tracking, and Command (TT&C) and mission control. And then there is the domain unique to space itself: in-orbit telemetry, RF interference signals, and Space Situational Awareness (SSA) data. For most organizations operating in this sector, these three layers exist in isolation. Analysts and mission operators work in parallel, each with their own data streams and their own tools, with no shared view of what the other is seeing. The result is a threat landscape full of blind spots, and adversaries who know exactly how to exploit them. Space-ISAC was built to address exactly this problem. Grounded in the SPARTA framework, a structured approach to space cyber threat modeling and assessment, its mission is to protect the global space ecosystem through trusted, timely cyber threat sharing and coordinated response. The challenge was doing it at the speed and scale the sector actually demands. When manual processes cannot keep up. Before implementing a unified platform, Space-ISAC and its members faced what many ISACs face: a collaboration model that was decentralized, manual, and far too slow for the threat environment they were operating in. When a Watch Center alert came in, the process of normalizing it, enriching it with context, and getting it into the hands of members could take anywhere from four to eight hours. By that point, the window for effective response had often already closed. Inside member organizations, the situation was similarly difficult. Without a way to correlate cyber indicators of compromise with operational anomalies, analysts were left connecting dots by hand. An unusual uplink attempt and an identity management alert might both be present in the data, but no system was drawing the line between them. Alert volumes were high, deduplication was inconsistent, and analyst fatigue was a genuine operational risk. The sector needed a fundamentally different operating model. Building the intelligence-sharing hub. Space-ISAC chose to operationalize its mission with Cyware's Intel Exchange, Orchestrate, and Collaborate solutions, deploying them across two complementary pillars. The first was a collective defense hub for the ISAC itself. This became the secure, role-based foundation through which Space-ISAC ingests and disseminates indicators, TTPs, advisories, and STIX/TAXII collections across its membership. A dedicated Watch Center normalizes, scores, and tags incoming intelligence with context that matters in the space sector: mission type, asset, supplier, and geography. Members subscribe to relevant feeds that flow directly into their existing security tools, with no manual handoffs and no bottlenecks. The second pillar was an automated SecOps model designed for member organizations to adopt internally. The platform ingests data across IT, OT, and mission telemetry into a unified view, then uses a correlation engine to fuse cyber IoCs with operational anomalies. When a suspicious uplink attempt pairs with an identity anomaly, the platform triggers SOAR playbooks that can block or quarantine threats, revoke credentials, restrict uplink ACLs, open incident response tickets, and notify both mission operators and the ISAC channel simultaneously. Underpinning both pillars is a cross-ecosystem collaboration layer that enables secure, inter-member workflows for joint investigations and "flight-control style" incident coordination. Insights and responses flow in both directions, in near real-time, fostering a more connected and responsive community than the sector had previously been able to achieve. This extends beyond Space-ISAC's own membership through Cyware's exclusive ISAC sharing network, the industry's only automated ISAC-to-ISAC operational collaboration platform. With over 85% of global ISACs and ISAOs running on Cyware, Space-ISAC can share and receive malware advisories, vulnerability alerts, IoCs, and threat mitigation strategies with peer communities across sectors, including healthcare, energy, maritime, and aviation, in real-time and under full TLP 2.0 controls. When a threat crosses sector boundaries, Space-ISAC is already connected to the communities that need to know. The numbers that tell the story. The results since implementation have been significant and measurable. Time-to-share indicators dropped from four to eight hours down to just five to thirty minutes. Mean Time to Detect fell from sixty to ninety minutes to twenty to thirty minutes, made possible by correlating signals across IT, OT, and mission telemetry that had previously lived in separate silos. Mean Time to Respond followed a similar trajectory, shrinking from four to eight hours to thirty to sixty minutes through automated SOAR playbooks. Between sixty and eighty percent of critical alerts are now automatically disseminated to subscribed members in near real-time. The platform has also reclaimed an estimated eighty to one hundred analyst hours per month, time previously consumed by duplicate alerts, manual enrichment, and fragmented workflows. "With Cyware, we've moved from siloed data to fused intelligence. Our members can now anticipate and neutralize threats before they impact missions. It's a paradigm shift from reactive defense to proactive mission assurance." - Space-ISAC A repeatable blueprint for the sector. The 90-day rollout plan that guided Space-ISAC's implementation offers a clear path for any organization in the sector looking to adopt a similar model. The first two weeks focus on discovery: inventorying feeds across all domains and identifying the highest-value use cases for correlation. Weeks three through six cover connection and normalization, standing up the platform, connecting to data sources, and normalizing everything to standards like STIX 2.x. The following month shifts to correlation and automation, authoring cross-domain rules and implementing SOAR playbooks. The final stretch is about going live, measuring outcomes, and socializing those wins to sustain leadership buy-in. Several lessons stand out from Space-ISAC's experience. Starting with a manageable number of high-value use cases, rather than attempting to solve everything at once, makes early wins achievable. Treating deduplication and scoring as primary objectives reduces alert fatigue and has a measurable impact on analyst performance. Establishing redaction rules and sharing protocols before an incident happens ensures that real-time sharing is possible when it matters most. Regularly measuring and communicating improvements in MTTD, MTTR, and analyst efficiency is what keeps both leadership and the broader community engaged over the long term. From reactive to proactive. The space sector has long understood the complexity of its threat landscape. What Space-ISAC has demonstrated is that a defense posture built around collective intelligence and automation can match that complexity. By replacing fragmented, manual collaboration with a unified platform, Space-ISAC has given its members the ability to act on intelligence together, before missions are impacted. The Cyware-powered model, aligned to the SPARTA framework, now serves as a blueprint that other space organizations can follow to advance their own collective defense posture. For organizations across the global space community ready to make the same shift, Cyware is ready to help. Book a demo today to see how Cyware can power collective defense for your sector. Table of contents.
The intelligence your SIEM is sitting on - See what Cyware and Microsoft are doing about it at RSAC 2026. March 24, 2026 Sachin Jade Chief Product Officer, Cyware Tl;dr. Most SIEMs absorb threat intelligence but never give it back. The result is a one-way system where hard-won detections stay siloed, invisible to every other defender facing the same threat. Cyware and Microsoft Sentinel have changed that with a native bi-directional integration that puts shared intelligence to work across the ecosystem. Key highlights: * Threat intelligence now flows both into and out of Microsoft Sentinel via STIX/TAXII, the same open protocol used for ingestion * IOCs and sightings detected in Sentinel are automatically shared into Cyware Intel Exchange for enrichment and redistribution * Any STIX-compatible tool in the ecosystem can participate framing an open standard * See it live at RSAC 2026, Booth #3329 Introduction. One of the primary problems facing defenders today is asymmetrical threat intelligence: data goes into the SIEM, but it doesn't come back out. That means no bi-directional threat intelligence sharing, no cross-border collaboration, and no collective defense. Cyware and Microsoft Sentinel teamed up to break this one-way intelligence barrier. The result is true bi-directional threat intelligence sharing between the two top-tier entities, which you can see in real-time at RSA. Detection without distribution is an incomplete defense. Threat intelligence for one is often threat intelligence for all. When analysts gain insight by identifying a novel threat in their SIEM, that information could inform other attacks within the vertical, potentially occurring at the exact same time. Historically, this information has often been closely guarded, but the time for infighting is over. As CISA states, "When an organization identifies threat activity and keeps it to itself, our adversaries win." However, in most environments, that hard-won threat intel goes nowhere but the platform that produced it. After investing so much in detections, defenders would do better to invest more in what happens to those detections after they occur: they should be leveraged for all they're worth. That's why the gap isn't about detection; it's about distribution. The asymmetry that defenders have quietly accepted. This asymmetrical standard has evolved in the industry over the years. Cyware Labs, Inc. take it for granted that the investigations, context, insight, and tribal knowledge of its teams will be used for its benefit and its benefit only. But despite competitive differences, Cyware Labs, Inc. is all fighting common cybercriminal adversaries, and what hurts one could hurt all. The danger of being an isolationist is that your organization falls prey to a breach that could have been prevented through participation in the threat intelligence sharing system. The technical disparity that creates this paradigm is that threat intelligence flows into SIEMs, improving detection, but no intelligence flows back out. This creates a wasted signal: a phishing campaign detected by one analyst in one company could have been avoided by others across the board. The root cause is structural: Threat Intelligence platforms aggregate intelligence from commercial feeds, open-source repositories, and sharing communities, then push it into SIEM platforms like Sentinel via STIX-formatted objects over TAXII. But until recently, no equivalent channel existed going the other direction. The insights SIEM generates correlating telemetry, identifying anomalies, producing environment-specific IOCs, had no standardized, automated path back out to the broader ecosystem. What couldn't be exported programmatically got shared manually, if at all. This paradigm needs to shift, and so do technical capabilities. When teams have the tools and ability to get that information back out of the SIEM and into the community, that shared threat intelligence has the power to protect hundreds of others within the same sector and strengthen the web of collective defense. What changes when intelligence flows in both directions. The Cyware and Microsoft Sentinel integration turns a unified threat intelligence management platform into a vehicle for threat intelligence sharing and collaboration. And it changes one thing: it establishes a standardized, automated path for threat intel to flow back out of internal tools and into the broader defender ecosystem - where it can do the most good. The mechanism is based on STIX/TAXII protocols - the same one used to push intelligence into SIEMS in the first place - and formatted for fast, secure, and automated machine-to-machine communication. This takes place via the Cyware Intel Exchange solution. This is how it works: * Bi-directional exchange via STIX/TAXII: Microsoft Sentinel now has a native capability to export threat intelligence to a TAXII-based destination, establishing architectural symmetry with how intelligence flows in. IOCs and sightings generated in Sentinel are automatically shared into Cyware Intel Exchange, creating a circular intelligence workflow rather than a one-way feed. * Automatic ingestion from Sentinel into Cyware Intel Exchange: Intelligence generated in Sentinel flows directly into Cyware Intel Exchange, where it can be enriched, validated, and redistributed, reducing time-to-action from hours to minutes. * Defender feed ingestion and enrichment: The integration also pulls in Microsoft Defender Threat Intelligence (MDTI) feeds, which are ingested into Cyware Intel Exchange, automatically enriched, and used to accelerate threat triage. Without this mechanism in place, threat intelligence could be shared manually back out to the community via ISACs/ISAOs, threat advisories, and feeds. But what once took hours or days is now reduced to a process of minutes, with no human intervention needed to shepherd it along. Attackers move fast. When analysts have access to shared real-world threat data just as fast, defenders stand a chance. Standards matter more than integrations. A key benefit is that the Cyware/Microsoft Sentinel integration is built on open standards. It isn't a proprietary connector that creates yet another new dependency. Instead, any tool compatible with STIX can participate and experience the same collaborative benefits. Any intelligence created in Microsoft Sentinel flows into a shared ecosystem, not a private pipeline between two vendors. It is the foundation of open standards that turn point-to-point integrations into community watering holes that benefit sectors, verticals, and industries, instead of creating new siloes. See it live at RSAC - A working demo. If your team is struggling with an asymmetrical threat intelligence model, book your live demo - not presentation - to see true bi-directional intelligence sharing in real-time via Cyware's integration with Microsoft Sentinel in Cyware Intel Exchange. Cyware Labs, Inc.'ll see you at Booth #3329, Moscone Center. Sachin Jade Chief Product Officer, Cyware. Table of contents.
Cyware, a cybersecurity platform provider, has unveiled its Agentic AI Fabric, introducing goal-driven AI agents designed to assist security teams with investigation, detection engineering and response activities. The announcement builds on the company's AI Fabric foundation launched in November 2025. The Agentic Fabric features an Analyst Agent Hub and an agent catalogue including specialised tools such as the Attack Flow Agent, which maps adversary activity to the MITRE ATT&CK Framework, and the Detection Engineering Agent, which generates threat detection logic and writes YARA/Sigma code. The system enables AI agents to function as collaborative digital teammates, executing multi-step cybersecurity tasks at scale. Cyware positions the technology as a response to adversaries increasingly weaponising AI to accelerate attacks, allowing defenders to operate at machine speed.
Cyware introduces Agentic AI Fabric to enable threat intelligence-driven workflows across the security ecosystem. New Analyst Agent Hub and agent catalog introduce a collaborative Agentic workforce to help security teams investigate threats, generate detections and coordinate response NEW YORK-(BUSINESS WIRE)-Cyware, the leader in AI-powered threat intelligence operationalization, secure threat sharing and collaboration, and Agentic AI based security orchestration and automation, today announced its AI strategy centered on Agentic Fabric. Building on the AI Fabric foundation introduced in November 2025, Agentic Fabric introduces agent-driven workflows designed to assist security teams across investigation, detection engineering and response activities. "Cyware is aggressively advancing threat-centric Agentic AI for cyber defense to meet pent-up customer and industry demand," said Sachin Jade, Chief Product Officer at Cyware. Share As cyber threats evolve and adversaries begin weaponizing AI to accelerate attacks, the Cyware AI Agentic Fabric empowers defenders with a native Analyst function powered by goal-driven AI agents capable of reasoning, planning, and executing multi-step cybersecurity tasks. These agents operate as collaborative digital teammates, orchestrating complex threat intelligence analysis and defensive actions at machine scale. "Cyware is aggressively advancing threat-centric Agentic AI for cyber defense to meet pent-up customer and industry demand," said Sachin Jade, Chief Product Officer at Cyware. "Agentic Fabric introduces an ecosystem of specialized agents that work alongside analysts, applying threat intelligence and correlated data and executing objectives across the entire security lifecycle. This approach empowers defenders to innovate at the pace of the adversaries they face." Key Capabilities of Cyware's Agentic Fabric: * Analyst Agent Hub: Available within the platform or via browser extension, this central hub allows analysts to coordinate and drive selected agents across various workstreams. * Agent Catalogue: A growing catalog of agents integrated across the Cyware product suite expand and accelerate threat intel and SOC Analyst use cases, including the following sampling of agents: * Attack Flow Agent: Reconstructs adversary activity timelines and maps activity to the MITRE ATT&CK Framework. * Contextual Intelligence Agent: Summarizes threat intelligence, converting raw data into plain language. * SOC Analysis Agent: Supports investigation and triage, helping analysts understand the context behind alerts and why activity may represent a threat. * Detection Engineering Agent: Assists analysts in generating AI-powered Threat Detection Logic (TDL), writing YARA/Sigma code instantly. * Enhanced Customer Response: Allows Cyware to create and deploy custom agents at high velocity to meet specific enterprise-grade use case requests. This release expands upon the specialized agents introduced in late 2025, such as the Playbook Builder Agent and Custom Code Generator Agent, weaving them into a cohesive, autonomous layer that elevates human capabilities. By combining collective intelligence with agentic automation, Cyware continues to define the future of AI-driven cyber defense. About Cyware Cyware is leading the industry in Agentic AI-powered operationalized threat Intelligence and collective defense, helping security teams transform threat intelligence from fragmented data points to actionable, real-time decisions. We unify threat intelligence management, intel sharing and collaboration, as well as hyper-orchestration and automation - eliminating silos and enabling organizations to outmaneuver adversaries faster and more effectively. From enterprises to government agencies and ISACs, Cyware empowers defenders to turn intelligence into action. More News From Cyware NEW YORK-( BUSINESS WIRE )-Cyware, the leader in AI-powered threat intelligence management, secure threat sharing and collaboration, as well as hyper-orchestration and security automation, today announced the launch of a new Cyware Quarterback AI solution delivering an AI Fabric to uniquely address security use cases. Cyware Quarterback AI was initially launched as a Co-pilot chat assistant in March 2024. Since that first release the AI market has evolved significantly and Cyware's AI strategy... NEW YORK-( BUSINESS WIRE )-Cyware, a leader in AI-powered threat intelligence management, automation, and security orchestration, today announced a strategic partnership with Microsoft built on deep product integrations to help global enterprises and public sector organizations operationalize threat intelligence with greater speed, ease and confidence. The partnership delivers a uniquely integrated threat intelligence workflow across Cyware and Microsoft Sentinel, giving customers a faster path... NEW YORK-( BUSINESS WIRE )-Cyware, a leader in AI-powered threat intelligence management, secure threat sharing and collaboration, hyper-orchestration and response, today announced it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of software development companies and security services partners that have integrated their solutions with Microsoft Security technology to better defend our mutual customers against a world of increasing cyber threats. Cywa... Cyware. Release Versions
There are no jobs for Cyware right now.
Find jobs on Simplify and start your career today
About Cyware
Industries
Data & Analytics
Government & Public Sector
Enterprise Software
Cybersecurity
Company Size
201-500
Company Stage
Series C
Total Funding
$73M
Headquarters
New York City, New York
Founded
2016
There are no jobs for Cyware right now.
Find jobs on Simplify and start your career today