We started Triago because the gap between alerts generated and alerts investigated had become indefensible — and because foundation models finally crossed the line from "demo" to "depend on."
Seventy percent of alerts in modern SOCs are never investigated. That isn't a tooling problem. It's a cognitive labor problem. Triago replaces the cognitive labor — and gives that capacity back to the humans who can use it.
Generic copilots will keep getting smarter. They won't out-execute a focused team on a specific workflow. We bet on depth: domain-tuned models, deep integrations, eval-driven engineering, and a verifier loop that earns trust.
Every verdict is backed by tool calls, queries, and artifacts. If we can't show our work, we don't ship.
We publish accuracy weekly. We catch regressions in CI before customers see them.
Our product runs in the middle of the night. It should not sound like an emergency.
Analysts are not ticket-clickers. They are pattern-finders. We free that capacity.
Marketing built on fear ages into noise. We market with numbers.
Internal docs, eval results, post-incident notes — written so a future teammate can audit them.
Triago is built by a small team in San Francisco and Berlin. Prior lives at Palo Alto Networks, CrowdStrike, Anthropic, Datadog, and three security startups (one acquisition, two flameouts — both instructive).
CEO · Co-founder
Former staff PM, CrowdStrike Charlotte. Built threat-hunting copilots at scale.
CTO · Co-founder
Ex-Anthropic applied research. Author of three agent-reliability papers.
Head of Security
Ran the SOC at a Fortune 50 bank. Insists on real-world evals.
Design
Previously lead designer at Linear. Believes calm is a moat.
We're hiring engineers, researchers, designers, and forward-deployed ops.