About

Defense is creative work.
It deserves better tools.

We started Triago because the gap between alerts generated and alerts investigated had become indefensible — and because foundation models finally crossed the line from "demo" to "depend on."

Mission

A world where no alert is ignored.

Seventy percent of alerts in modern SOCs are never investigated. That isn't a tooling problem. It's a cognitive labor problem. Triago replaces the cognitive labor — and gives that capacity back to the humans who can use it.

Thesis

Vertical agents beat horizontal copilots.

Generic copilots will keep getting smarter. They won't out-execute a focused team on a specific workflow. We bet on depth: domain-tuned models, deep integrations, eval-driven engineering, and a verifier loop that earns trust.

Principles

How we work.

Evidence over opinion

Every verdict is backed by tool calls, queries, and artifacts. If we can't show our work, we don't ship.

Reliability is a feature

We publish accuracy weekly. We catch regressions in CI before customers see them.

Calm at scale

Our product runs in the middle of the night. It should not sound like an emergency.

Defense is creative

Analysts are not ticket-clickers. They are pattern-finders. We free that capacity.

No FUD

Marketing built on fear ages into noise. We market with numbers.

Show your work

Internal docs, eval results, post-incident notes — written so a future teammate can audit them.

Team

Operators and researchers.

Triago is built by a small team in San Francisco and Berlin. Prior lives at Palo Alto Networks, CrowdStrike, Anthropic, Datadog, and three security startups (one acquisition, two flameouts — both instructive).

CEO · Co-founder

A. Nakamura

Former staff PM, CrowdStrike Charlotte. Built threat-hunting copilots at scale.

CTO · Co-founder

L. Petrović

Ex-Anthropic applied research. Author of three agent-reliability papers.

Head of Security

D. Owusu

Ran the SOC at a Fortune 50 bank. Insists on real-world evals.

Design

M. Lindqvist

Previously lead designer at Linear. Believes calm is a moat.

Backed by

Patient capital, defensive minds.

GPU-native infrastructure

We own the stack, not just the agent loop.

Most AI security tools call a third-party API and call it done. We don't. Triago runs self-hosted models customized via NVIDIA NeMo, served via TensorRT and Triton, and packaged via NIM for VPC and air-gapped deployments. That's what gives us 70-80% gross margins and investigation latency no API-dependent competitor can touch.

NVIDIA Morpheus

GPU-accelerated streaming detection layer. Scores millions of network, auth, and log events per second before any agent token is spent.

NeMo + TensorRT

Self-hosted, security-tuned reasoning models. Continuous DPO/RLHF on the proprietary attack-trace corpus. Served at sub-2-second p99.

NVFlare federated training

Customers contribute model gradients, not raw data. The shared security foundation model improves with every installation across the network.

NVIDIA NIM

The full model fleet packages as NIM microservices. FedRAMP and defense customers run Triago in their own environment, completely air-gapped.

RAPIDS cuGraph

TB-scale GPU ETL and causal graph inference. Powers threat-hunting analytics across historical telemetry at a speed CPU-based tools cannot approach.

Jetson Orin + Omniverse

Edge inference for OT/ICS environments via Jetson. Digital-twin cyber-range for safe autonomous response validation via Omniverse.

Build the SOC of 2030 with us.

We're hiring engineers, researchers, designers, and forward-deployed ops.

Open roles