Why We Backed Sevii and the Case for Autonomous Cyber Remediation

‍

‍

‍

TLDR; 

• Cyber defense is losing the speed race. As AI accelerates the volume and sophistication of attacks, human-led SOCs cannot respond fast enough, increasing risk the longer adversaries remain in an environment.
• Sevii’s Autonomous Defender & Remediation (ADR) platform closes this gap by operating as the execution layer of the SOC, autonomously hunting and remediating incidents in minutes versus days.
• Sevii delivers true end-to-end autonomous remediation, going beyond detection, automation, and AI copilots to execute response where legacy SIEM and SOAR tools stop.
• Sevii is led by an exceptional team with decades of cybersecurity experience, led by CEO Curt Aubley, whose background includes serving as CTO for cybersecurity at Lockheed Martin, CTO of Intel’s Data Center Group, and senior executive roles at CrowdStrike and Deloitte.
• We invested because autonomous remediation is becoming the only scalable model for security operations, and Sevii uniquely combines machine-speed execution, enterprise governance, and proven leadership to define this next era.

‍

Speed matters in cyber defense. The longer an adversary remains in an environment, the greater the risk and the heavier the burden on security teams to remove them. As AI accelerates both the sophistication and sheer volume of attacks, Security Operations Center teams are increasingly under pressure. Alert volumes are rising, attack surfaces are expanding, and expectations around response speed and accuracy continue to grow. The result is a persistent disadvantage for defenders, who are always starting behind the attacker.

Sevii’s Autonomous Defender & Remediation (ADR) Agentic AI Platform is built to close this gap directly. It provides governed, autonomous remediation that serves as the execution layer of the Security Operations Center (SOC). Instead of surfacing alerts for analysts to triage, Sevii ingests detections from existing tools, conducts escalated and retrospective hunts, and isolates and remediates incidents end-to-end in minutes rather than hours or days. The result is immediate and practical. Security teams spend less time chasing alerts and remediation, and more time on high-judgment work, while response becomes faster, more consistent, and easier to govern.

We at BMW i Ventures are excited to announce our investment in Sevii, joining existing investors Overline, TenVC, and Tandem Launch. As we spent time with the team and dug into the product, it became clear that Sevii is tackling a broader shift in how security operations need to function as environments scale and threats accelerate.

‍

‍

Sevii as the Execution Layer for the Modern SOC

Sevii delivers governed autonomous remediation at machine speed. In traditional SOCs, detection can take hours and remediation days, with teams overwhelmed by alert backlogs and staffing shortages. The industry has leaned on outsourcing models like MSSPs and MDRs, but these remain constrained by human capacity, while adversaries increasingly operate with autonomous, AI-driven attacks at scale.

By contrast, Sevii hunts incidents, determines impact, and executes remediation autonomously within minutes. Customers have seen up to 60 percent improvements across key metrics, including detection, hunting, isolation, remediation, isolation release, and reporting. The result is collapsed dwell time, fewer operational bottlenecks, and significantly less manual work. End customer impact is now measured in minutes vs hours or days. These kinds of metrics are revolutionary for the cyber industry and change how security operates.

‍

A First Mover in Autonomous Remediation for Cyber Threats

We see Sevii as a first mover in truly governed autonomous cyber remediation. Today, Sevii competes with three entrenched alternatives that define how security teams attempt to scale:

First: culture and adoption inertia.
Security has historically been slow to adopt architectural shifts, as teams prioritized tight control over infrastructure and data. Cloud security followed this path, with early resistance giving way once SaaS tools proved they could match or outperform on-prem solutions. We believe a similar transition is underway. Level-4 agentic and now Level-5 autonomous security platforms like Sevii are emerging, but adoption will depend on trust, explainability, and strong AI governance. As teams measure Cyber AI ROI and total cost of ownership, the value of governed autonomy will become increasingly clear.

Second: legacy SIEM and SOAR platforms with “AI add-ons.”
Many incumbent vendors have bolted generative AI copilots onto centralized SIEM/SOC architectures. While these tools may improve reporting or summarization, they remain constrained by architectures that introduce latency and add operational complexity. Helping analysts write reports faster does not meaningfully improve detection or stop adversaries iat machine speed.

Third: large security platforms with partial AI integration.
Leading security platforms have introduced AI-driven detection within their own ecosystems creating new silos of data. In closed, single-vendor environments, this can improve signal quality. However, these systems largely stop at detection. They do not autonomously validate alerts, reverse-engineer attacks, or execute remediation—especially across heterogeneous environments where most enterprises actually operate.

What differentiates Sevii is its measurable impact on security operations. Customers see clear cyber ROI through reduced risk and detection and remediation times compressed from hours or days to machine speed, while total cost of ownership declines through reduced SOC workload and less reliance on legacy SIEM and SOAR licenses. Sevii is built to do the work of the SOC by executing remediation autonomously, safely, and with strong governance, placing it in a category of its own as security operations move to machine-speed execution.

‍

A Team Built by Industry Insiders, Not Tourists

Cybersecurity is an industry where trust drives adoption. CISOs want to work with teams who understand how security operations function under real-world constraints, not just in theory.

Sevii is led by a founding team with deep experience across enterprise and government security environments. The company is led by Curt Aubley, co-founder and CEO, alongside Stephen Collins, co-founder and CTO, Caleb Cross, co-founder and CDO, and Arnie Shimo, co-founder and CSO. Together, the team brings a mix of operational leadership, security architecture, product thinking, and firsthand experience running and supporting SOCs at scale.

CEO Curt Aubley brings decades of cybersecurity leadership across both the private and public sectors, including senior roles leading U.S. cyber detection and response at Deloitte, global technology alliances and solution architecture at CrowdStrike, and platform leadership as vice president and CTO for Intel’s Data Center Group. Earlier in his career, he spent nearly twelve years at Lockheed Martin, serving as vice president and CTO for cybersecurity and next-generation solutions. This experience complements a broader founding team that has built, deployed, and operated security systems in complex, real-world environments.

This team understands how security decisions are made, how trust is earned, and how to deploy new capabilities inside risk-sensitive enterprises. That combination of judgment, credibility, and operating experience is rare, and it materially strengthens Sevii’s ability to build, sell, and scale in a market where team confidence often determines adoption.

‍

Why We Invested

We believe autonomous remediation is not a feature. It is the next operating model for security operations.

AI-driven threats are accelerating. The cybersecurity talent gap is structural, not cyclical. Regulatory expectations around response speed, evidence, and accountability continue to rise. Together, these forces are pushing SOCs toward a model where systems must be able to execute, not just observe.

Sevii is built for this shift. Its approach to governed autonomous remediation, its execution-layer architecture, and the experience of the team behind it align with where enterprise security is headed, not where it has been.

For these reasons, we were excited to invest in Sevii and to partner with them as they help define how modern security operations scale in an AI-driven world. Sevii is not just automating security workflows, but redefining what it means for a SOC to operate at scale.

‍