Furl Raises $10M to Bridge Cybersecurity's 'Execution Gap' with Agentic AI

LOS ANGELES, CA – January 21, 2026 – Security remediation startup Furl announced today it has closed a $10 million Seed funding round to tackle one of cybersecurity's most persistent and costly challenges: the gap between discovering vulnerabilities and actually fixing them. The round was led by Ten Eleven Ventures, a leading cybersecurity-focused investment firm, with significant participation from Rapid7 CEO Corey Thomas and the Open Opportunity Fund.

Founded by industry veterans from prominent security firms Rapid7, Automox, and Censys, Furl is pioneering the use of agentic AI to move beyond the endless cycle of alerts and dashboards. Instead of just telling teams what is broken, the company's platform is designed to autonomously perform the hands-on work of remediation, turning security findings into verified fixes and addressing the operational paralysis that plagues many enterprises.

The Vulnerability Backlog Crisis

For years, the cybersecurity industry has poured billions into tools that excel at detection and prioritization. Scanners can identify thousands of vulnerabilities, misconfigurations, and instances of policy drift across an enterprise network. Yet, this firehose of information has created a new crisis: the vulnerability backlog. Security and IT teams are often overwhelmed, leading to a state of “alert fatigue” where the sheer volume of problems outpaces any human capacity to solve them.

Independent research validates the severity of this “execution gap.” A Cyentia report commissioned by Cisco found that, on average, organizations are only able to fix one out of every ten vulnerabilities they identify. This leaves a vast attack surface exposed. Further data from Edgescan reveals that large enterprises leave over 45% of discovered vulnerabilities unpatched after a full year, with a significant portion of those being of high or critical severity. This chasm between detection and resolution is where attackers thrive, with studies showing that nearly 60% of security breaches can be traced back to an unpatched vulnerability.

The problem is not merely a lack of effort but a breakdown in process. Remediation is often a slow, manual, and fragmented workflow that requires complex handoffs between Security teams, who find the problems, and IT operations teams, who are tasked with fixing them. This friction, combined with resource constraints and the difficulty of applying patches without disrupting business-critical systems, causes dangerous delays. As the National Institute of Standards and Technology (NIST) itself struggles with a growing backlog of reported vulnerabilities, it's clear that the current human-centric model is unsustainable.

Beyond Alerts: The Rise of Agentic AI

Furl aims to break this cycle by applying agentic AI directly to the point of execution. Unlike traditional automation, which often follows rigid, pre-defined playbooks, Furl’s platform is designed to act as an autonomous agent. It ingests findings from an organization’s existing security stack—including tools from Rapid7, Tenable, Qualys, and SentinelOne—and then independently investigates the real-world context on affected endpoints and servers. Armed with this understanding, it can autonomously execute the necessary remediation steps and validate that the fix was successful.

“Cybersecurity has become very good at telling teams what’s wrong, but fixing those problems is still painfully manual,” said Derek Abdine, CEO and Co-Founder of Furl, in the company's announcement. “Having built inside vulnerability management and endpoint tooling, we saw how remediation breaks down in practice. Furl applies agentic AI where it actually matters — executing fixes safely, with context — so teams can reduce risk instead of just reporting on it.”

This approach fundamentally changes the security paradigm. Instead of generating another ticket for an overburdened IT team or adding to a sprawling dashboard, Furl's system performs the necessary software updates, configuration changes, or policy corrections. This frees human experts to focus on more strategic security initiatives rather than the repetitive and time-consuming tasks of patching and fixing.

Investor Confidence and Market Validation

The $10 million investment signals strong confidence from those with deep knowledge of the cybersecurity landscape. Ten Eleven Ventures, the lead investor, specializes exclusively in security and has a track record of backing transformative companies. Their investment underscores a belief that autonomous remediation is a critical and underserved market.

“IT security teams don’t need more alerts — they need a way to act on the ones they already have,” stated Mark Hatfield, Co-Founder and General Partner at Ten Eleven Ventures. “Furl is tackling the hardest and most neglected part of the security lifecycle: execution. The team’s background and approach give them a credible path to solving a problem the industry has struggled with for years.”

Perhaps the most telling endorsement comes from the personal participation of Corey Thomas, the CEO of vulnerability management leader Rapid7. His investment serves as a powerful validation from within the very industry Furl seeks to augment. It suggests a recognition that even the most advanced detection platforms require a new class of tools to ensure their findings translate into meaningful risk reduction. This, combined with the founding team's pedigree from automation-focused Automox and attack surface management firm Censys, provides Furl with unique credibility and insight into the entire vulnerability lifecycle, from discovery to resolution.

The Path to Autonomous Remediation

Furl plans to use the new capital to accelerate product development, expand its coverage across more operating systems, and enhance its AI's ability to handle more complex, multi-step remediation scenarios. The company is currently working with early adopters to refine its platform in large-scale enterprise environments, focusing on demonstrating a measurable reduction in both time-to-fix and the overall operational burden.

However, the path to widespread adoption of autonomous remediation is not without its challenges. The primary hurdle is the “AI Trust Paradox,” where security professionals are hesitant to grant an AI the autonomy to make changes to critical production systems for fear of unintended consequences. Building this trust will be paramount to Furl’s success.

Furl's strategy appears to address this head-on by emphasizing its ability to apply fixes “safely, with context” and with “built-in validation.” This suggests a system designed with guardrails and transparency, allowing teams to supervise and approve actions before gradually moving toward full autonomy. By proving its reliability and safety, Furl could overcome this inertia and establish a new standard for how organizations manage and eliminate digital risk, finally closing the gap between knowing and doing.