BREAKING - AMPLIFIER SECURITY RAISES $5.6M SEED LED BY TECHOPERATORS AI AGENT 'AMPY' NOW WORKS IN SLACK, TEAMS & THE BROWSER POLICY ACKNOWLEDGMENT: 75% → 98.5% ACROSS CUSTOMERS FIRST AGENTIC HUMAN-RISK PLATFORM LAUNCHED AT RSA 2026 7,500 ENDPOINT VULNERABILITIES REMEDIATED IN UNDER 30 DAYS BACKED BY FOUNDERS OF ARCTIC WOLF, DUO, CITRIX & ONETRUST BREAKING - AMPLIFIER SECURITY RAISES $5.6M SEED LED BY TECHOPERATORS AI AGENT 'AMPY' NOW WORKS IN SLACK, TEAMS & THE BROWSER POLICY ACKNOWLEDGMENT: 75% → 98.5% ACROSS CUSTOMERS FIRST AGENTIC HUMAN-RISK PLATFORM LAUNCHED AT RSA 2026 7,500 ENDPOINT VULNERABILITIES REMEDIATED IN UNDER 30 DAYS BACKED BY FOUNDERS OF ARCTIC WOLF, DUO, CITRIX & ONETRUST
YESPRESS · COMPANY DOSSIER SAN FRANCISCO, CA · EST. 2023
Amplifier Security logo - ascending signal bars
Workforce Security · AI Agents · Human Risk Management

Amplifier Security

The company that decided your coworkers aren't the weakest link - they're the last mile. And built AI agents to walk it for them.

Above: the Amplifier mark, four rising bars. It is a company that sells the idea of turning security noise into a rising signal, and it put that literally into its logo. Photographed as filed - purple, patient, faintly optimistic.

~$9M
Total Raised
2023
Founded
94%
Employee Engagement
~16
Team Size
The Feature · Front Page

There Is a Gap Between Finding a Problem and Fixing It. That Gap Is Where the Breaches Live.

A field guide to Amplifier Security, the startup automating the least glamorous mile in cybersecurity.

Here is a fact about corporate security that everyone in the industry knows and mostly tries not to say out loud: the hard part is not finding the problems. Finding problems is easy. You buy a scanner, you buy another scanner, you buy a tool that scans the output of the first two scanners, and now you have a beautiful dashboard full of red. The hard part is getting a human being - specifically, some tired employee in accounts payable who has not thought about their operating system version in eighteen months - to actually go fix the thing the dashboard is red about.

That is the gap. Amplifier Security, a company founded in 2023 and headquartered in San Francisco, has decided that the gap is the whole business. Its founders, Shreyas Sadalgi and Tommy Donnelly, come out of the security industry, which means they have personally lived the experience of standing between a scary dashboard and a workforce that does not want to be bothered. Their pitch, roughly, is that this standing-in-between should be done by software, and that the software should be polite about it.

The company calls the category "human risk management," which is a slightly clinical name for a genuinely interesting idea. The conventional way to handle the human side of security is to make everyone watch a video once a year about not clicking on links, and then act surprised when people click on links. Amplifier's view is that the annual-video model is theater. What actually changes behavior is engaging people in the moment, in the tools they already use, with an explanation of why the thing matters and a one-tap way to fix it.

"Amplifier is the system of record for user risk, and the system of action that engages users to reduce it." - Shreyas Sadalgi, CEO

Mechanically, it works like this. Amplifier ingests signals from the identity tools, endpoint tools, and productivity tools a company already owns and stitches them into something it calls the Human Risk Graph - a live, per-employee profile that maps devices, applications, identities, and behaviors. The graph is the "why behind every what." It is the difference between "this laptop is out of compliance" and "this specific person, on this specific laptop, has an outdated OS, an unenrolled MFA token, and a habit of ignoring policy prompts, and here is the order in which we should ask them to deal with it."

Then come the agents. Amplifier's AI security engineer - the company has given it the disarmingly friendly name "Ampy" - reaches out to employees across Slack, Teams, and the browser. It does not file a ticket into a void. It explains the issue in plain language, offers the remediation, and lets the person act. There is a supervising layer for the security team too: Ampy Risk Advisor, a conversational agent that surfaces the findings that matter, explains the reasoning, and recommends what to do next, so a CISO can more or less run the program by chatting with it.

The part that makes this a platform rather than a chatbot is AI Agent Studio, which shipped as part of the company's agentic launch at the RSA Conference in the spring of 2026. It is a library of prebuilt agents for the common human-risk chores - policy acknowledgment, phish-resistant MFA enrollment, endpoint patching, getting the EDR and DLP agents actually installed - plus a drag-and-drop builder so a security team can assemble its own agents without waiting on an engineering sprint. The important word here is "human-in-the-loop." The agents are autonomous enough to do the toil and supervised enough that a person still decides which risks matter and how hard to push.

"The biggest challenge with security automation is that we've taken a blunt hammer approach." - Nick Vigier, CISO, Oscar Health

That quote, from one of Amplifier's early customer references, is the whole thesis compressed into one sentence. The last decade of security automation mostly consisted of blocking things - lock the door, revoke the access, force the update, and let the help-desk tickets pile up. It is effective in the way that a blunt hammer is effective, which is to say it works and everyone hates it. Amplifier's bet is that if you instead give employees the information to make their own decisions, most of them will make the right one, and you will spend far less of your security team's finite hours chasing people down.

The numbers the company puts forward are the boring numbers, which is a compliment. Across customers it cites policy acknowledgment rising from 75% to 98.5%, phish-resistant MFA adoption going from 90% to 99%, EDR and DLP coverage climbing from 60% to 98%, roughly 7,500 endpoint vulnerabilities remediated in under 30 days, and a 65% reduction in outdated-OS devices. None of these will make a highlight reel. All of them are exactly the mundane hygiene metrics that, when they slip, turn into the incident that makes the highlight reel for the wrong reasons. Over half of breaches, the company likes to note, trace back to poor user and endpoint hygiene.

The money has followed the thesis. Amplifier emerged from stealth in April 2024 with a $3.3M pre-seed, an event notable enough that Forbes wrote about the idea of putting "the human touch back into cybersecurity." A year later, in April 2025, it announced an oversubscribed $5.6M seed round led by TechOperators, with Cota Capital and WestWave Capital participating - bringing the total raised to around $9M. The angel list is its own kind of endorsement: Brian NeSmith, co-founder of Arctic Wolf; Ash Devata of GreyNoise, formerly of Duo and Cisco; Shawn Bass, CTO of Citrix; and Kabir Barday, founder of OneTrust. When the people who built the previous generation of security companies write checks into the next one, it is at least worth noting what they think they see.

What they seem to see is a reframing. For twenty years the industry's shorthand for employees was "the weakest link," a phrase that quietly blames the workforce for a system that was never designed for them. Amplifier's inversion - employees are the last mile, and the last mile is where security actually gets done - is not just nicer. It is arguably more accurate. You cannot patch your way around the fact that security ultimately happens through people. You can, Amplifier argues, make the people's part of it feel like help instead of homework.

It helps to look at where Amplifier plugs in, because the strategy is deliberately unglamorous. The company does not want to be your identity provider or your endpoint agent or your fifth scanner. It wants to sit on top of the tools you already bought, read their signals, and turn the resulting mess into coordinated action. This is a modest-sounding position that is actually quite defensible: the more tools an enterprise owns, the more valuable a layer that makes them cooperate becomes, and the harder it is to rip out once employees are used to being nudged by Ampy rather than yelled at by the help desk. The April 2025 alliance partnership with Jamf, the Apple-device management company - complete with a joint booth at RSA - is a preview of how this expands. Amplifier gets richer device signal; Jamf customers get a remediation layer that acts on it. Multiply that across the identity and endpoint ecosystem and you have a roadmap.

There is also a cultural bet embedded in the product, and it is the part that will either age very well or not at all. Amplifier describes what it does as "security automation with empathy," which in a less thoughtful company would be a slogan and nothing more. Here it is closer to a design constraint. Every agent interaction is built to explain before it asks, to offer self-service before it escalates, and to keep a human - both the employee and the security team - in a position to say no. The wager is behavioral: people comply more, and resent it less, when they are treated as competent adults who were simply missing information, rather than as liabilities to be managed. If that wager is right, the annual compliance video is not just ineffective, it is actively counterproductive, and the whole industry has been optimizing for the wrong emotion.

The competitive field reflects how quickly this idea has caught on. Human-risk and security-behavior vendors - the KnowBe4s and Living Securitys and Hoxhunts of the world - are all circling the same insight from different angles, and broader security-automation platforms like Torq and Tines can automate remediation without the employee-engagement layer. Amplifier's distinguishing move is to fuse the two: the risk graph that knows the "why," and the agents that carry the "what" all the way to a fix. Whether that fusion becomes a durable category or a feature that larger platforms absorb is the open strategic question, and it is the sort of question a $9M-raised, sixteen-person company answers by shipping faster than its logo would suggest.

There are open questions, as there always are. "Automation with empathy" is a lovely phrase and also an unfalsifiable one until you have watched it operate at scale across a skeptical workforce for a few years. The human-risk category is getting crowded. And an AI agent that messages employees all day is exactly the sort of thing that is delightful when it is well-tuned and maddening when it is not. But the underlying observation - that the expensive, dangerous, deeply human gap between find and fix has gone weirdly unautomated while everyone bought their fourth scanner - is correct. Amplifier is a company built entirely inside that gap. It is, at minimum, aimed at the right problem.

Amplifier flips the script, engaging employees to make security intuitive, friendly, and actionable - closing the loop between detecting, prioritizing and remediating human risk in the flow of work.
— TechOperators, lead investor
The Product · What You Actually Get

One Graph, A Fleet of Agents

The pieces that make up the AI-native workforce security platform.
The Foundation

Human Risk Graph

A live, per-employee risk profile that ingests signals from your identity, endpoint and productivity tools and maps devices, apps, identities and behaviors - the "why" behind every "what."

Build Your Own

AI Agent Studio

A library of prebuilt agents for common human-risk chores plus a no-code, drag-and-drop builder so security teams can design and control custom remediation agents.

For Leaders

Ampy Risk Advisor

A conversational agent that surfaces critical findings, explains the rationale and recommends actions - letting a security team direct the whole program by chatting with it.

For Employees

Ampy AI Security Engineer

The agent that meets people in Slack, Teams and the browser, explains the issue in plain language and hands them a one-tap fix - in the flow of work.

By The Numbers · Customer Results

The Boring Metrics That Decide Everything

Averages Amplifier reports across its customer base. Approximate, self-reported.
98.5%
Policy acknowledgment, up from 75%
99%
Phish-resistant MFA adoption, up from 90%
98%
EDR / DLP coverage, up from 60%
7,500
Endpoint vulnerabilities remediated in <30 days
65%
Reduction in outdated-OS devices
94%
Employee engagement rate across customers
The People · Who Built It

Security Veterans, Not Tourists

Two founders who lived the gap before they tried to automate it.
SS

Shreyas Sadalgi

Co-Founder & CEO

Sets the "system of record and system of action" vision for user risk. The public face of the company's fundraising and product launches.

TD

Tommy Donnelly

Co-Founder, CTO & President

Leads the technical architecture behind the Human Risk Graph and the agentic platform that acts on it.

$

The Backers

Investors & Angels

TechOperators (lead), Cota Capital, WestWave Capital, plus founders and execs from Arctic Wolf, Duo/Cisco, Citrix and OneTrust.

The Money · The File

A Short History in Rounds

From stealth to an agentic platform in about three years.
MARCH 2026

Agentic Platform Launch

Debuts what it calls the first agentic platform for human risk management at RSA Conference, adding AI Agent Studio and Ampy Risk Advisor with full-stack remediation.

APRIL 2025 · SEED

$5.6M, led by TechOperators

Oversubscribed round with Cota Capital and WestWave Capital. Total raised reaches ~$9M. Alliance partnership with Jamf announced alongside.

APRIL 2024 · PRE-SEED

$3.3M, Out of Stealth

Emerges publicly with its Autonomous User Security vision, covered by Forbes for putting "the human touch back into cybersecurity."

2023

Founded

Sadalgi and Donnelly start Amplifier to close the last-mile gap between finding and fixing security risk.

CategoryHuman Risk Mgmt
Founded2023
HQSan Francisco, CA
Also InAtlanta, GA
Total Raised~$9M
Latest RoundSeed · $5.6M
Lead InvestorTechOperators
Team Size~16
PartnerJamf
ModelB2B SaaS
Watch · Demos & Talks

See Ampy Work

Product demos and interviews live on Amplifier's own resource library.
Amplifier hosts its product demos and security videos in its resource library: amplifiersecurity.com/resources/videos. For a plain-language walkthrough of the platform and how the AI agents engage employees, start there or request a demo on the product page.
The Rolodex · Where To Go Next

Links, Sources & Social

Everything cited here, in one place.

Quick facts: Amplifier Security

Amplifier Security is an AI-native workforce security company that turns the noisy gap between finding and fixing security problems into an automated, employee-friendly workflow. Its agentic platform builds a per-employee Human Risk Graph, then deploys AI agents that engage workers directly in Slack, Teams and the browser to remediate device, app, identity and behavior risks - with humans kept in the loop. Founded in 2023 by Shreyas Sadalgi (CEO) and Tommy Donnelly (CTO), the company has raised roughly $9M and counts security-industry founders and CISOs among its backers and early customers.

Founded
2023
Headquarters
San Francisco, California, United States
Founders
Shreyas Sadalgi (Co-Founder & CEO), Tommy Donnelly (Co-Founder, CTO & President)
Team size
Approximately 16 employees
Products
AI-Native Workforce Security Platform, Human Risk Graph (User Security Graph), AI Agent Studio, Ampy Risk Advisor, Ampy AI Security Engineer
Notable
Raised roughly $9M total across pre-seed and seed rounds since founding in 2023., Launched what it describes as the first agentic platform for human risk management at RSA Conference 2026., Attracted angel investment from founders of Arctic Wolf, Duo/Cisco, Citrix and OneTrust.

Last updated: