Back
March 23, 2026

Why we invested in Above Security

By Phil Venables, Partner, Ballistic Ventures

At Ballistic, we spend our time looking for enduring problems in cybersecurity. The ones that haven’t been solved despite years of tooling, budget, and attention. Insider risk is one of those problems.

That’s why we’re proud to announce we’ve led the Series A investment in Above Security, bringing their total raised to $50 million. We believe insider threat risk management is at an inflection point, and Above represents a fundamentally new approach.

Historically, “insider threat” conjured a specific image: a trusted employee who suddenly turns malicious. While that still happens, today’s reality is far broader:

  • Infiltrators posing as legitimate hires
  • Employees coerced by external actors
  • Data misuse driven by pressure, confusion, or negligence
  • Nation-state influence and economic coercion
  • Shadow AI and inappropriate access
  • False accusations that must be investigated and refuted quickly
  • Agentic AI acting on behalf of the employee

This isn’t just about catching “bad insiders.” It’s about understanding human and human-derived agentic behavior in context and responding with precision. 

That’s where the traditional approaches have failed.

For years, companies have relied on DLP, UEBA, and various rule-based systems to detect insider activity. These tools generate signals, or what we often call breadcrumbs. But breadcrumbs are not narratives. Alerts are not investigations. Anomalies are not intent.

CISOs repeatedly tell me the same story: when HR or Legal walks into the room and asks, “What happened?” they’re forced to assemble half-baked timelines from disparate tools that were never designed to reason about behavior.

Insider risk is not a logging problem. It’s not a rules engine problem. It’s an investigation problem. And investigations require reasoning.

Enter: Above Security.

What we loved about Above Security is that they didn’t try to improve the old model. They replaced it. Above has built a fleet of AI investigative agents, which are their always-on, continuously reasoning systems that analyze behavior across identity, applications, data movement, and workflow context.

There are no static rules to tune. No thresholds to endlessly configure. No “alert storms” to triage. Instead, Above’s system continuously asks questions in real time:

  • Is this behavior consistent with this user’s historical patterns?
  • Is this a meaningful shift, or a harmless variation?
  • Does this resemble negligence, malice, coercion, or workload change?
  • Does it matter?

That last question is critical. An anomaly says, “This is different.” Above’s agents say, “This is different and here is why it matters.” The result is something we rarely see in insider risk: high-fidelity narratives with near-zero false positives. That enables reliable risk ranking and lets teams respond to the right events in the right way.

One of the most compelling aspects of Above’s approach is that it’s proactive.

Most insider programs focus on reconstructing events after damage has occurred. Above intervenes earlier, when risky behavior is forming. Their agents provide real-time, contextual coaching. Not heavy-handed enforcement. Not blunt blocking. But intelligent guidance in the moment: “Are you sure you want to do this? Here’s why this may violate policy. Here’s a safer path.” 

This shifts insider risk from reactive forensics to proactive behavioral guidance, which is a key differentiator for Above.

Equally important, organizations can quickly deny false claims. A huge but often overlooked use case is being able to affirmatively prove that something did not happen.

Above is democratizing insider risk management.

Historically, only highly regulated banks or intelligence-grade organizations could afford world-class insider risk programs. It required investigators, analysts, and deep operational expertise. Above changes that equation. 

Most Above customers are operational in minutes to hours, not months. Many find latent issues immediately. Ongoing tuning requires almost no effort. This is the power of agentic AI applied correctly: every organization can now have the effect of a highly trained insider risk investigation team, continuously learning, adapting, and evolving.

We invest in companies that redefine categories, not incrementally improve them. Above Security is doing exactly that, and we’re tremendously excited to partner with CEO Aviv Nahum, CPTO Amir Boldo and the Above team as they build the next generation of insider risk management.

Watch the Interview

Above Security Co-founder & CEO Aviv Nahum sat down with Ballistic’s Phil Venables to talk about the company and what’s ahead. Watch now!