BREAKING BreachRx closes oversubscribed $15M Series A led by Ballistic Ventures Former Mandiant CEO Kevin Mandia joins the board 100+ customers incl. Coinbase, American Express, Commvault 3x year-over-year ARR growth, two years running Rex Platform launches an agentic AI incident command center Motto: incidents are inevitable, chaos is not BREAKING BreachRx closes oversubscribed $15M Series A led by Ballistic Ventures Former Mandiant CEO Kevin Mandia joins the board 100+ customers incl. Coinbase, American Express, Commvault 3x year-over-year ARR growth, two years running Rex Platform launches an agentic AI incident command center Motto: incidents are inevitable, chaos is not
Company Profile Cybersecurity • SaaS • San Francisco

BreachRx

The company that looked at the panic after the security alarm goes off - the 3am scramble across legal, comms, and the board - and decided to build a product for it.

BreachRx company logo
THE MARK. A wordmark that puts the "Rx" - the prescription symbol - right in the name. The pitch is in the logo: a breach is something you treat, not something you panic about.
$15M
Series A, 2025
100+
Enterprise customers
3x
ARR growth, 2 yrs
2017
Founded, San Francisco
The Story

A breach is not an IT event. It's a business event with an IT trigger.

Every company drills for the attack. Almost none drill for the response. This is the strange, load-bearing gap that BreachRx built a company inside of. The industry has spent two decades and untold billions on detection - firewalls, endpoint agents, threat feeds, the whole apparatus of noticing that something is wrong. What it spent far less on is the far messier question of what happens in the hours and days after you notice. Who calls legal. Who drafts the regulatory disclosure. Who decides what the board is told, and when. Who writes it all down well enough that a regulator, a litigator, or an insurer can't later argue you improvised.

BreachRx's founding observation is almost boring in its obviousness, which is usually the sign of a good one: the technical fix for a breach is frequently the easy part. The hard part is coordination. A modern incident is a cross-functional crisis that yanks in security, legal, communications, compliance, and the C-suite - each with different information, different obligations, and, crucially, different tolerances for risk. Most organizations manage that crisis with the tools nearest to hand: a spreadsheet, a hastily created Slack channel, a shared doc, a lot of phone calls. Which is to say, they manage a business-ending event with the same tools they'd use to plan an offsite.

Incidents are inevitable. Chaos is not.— BreachRx's tagline, which doubles as its worldview

So the company built the thing that replaces the spreadsheet-and-Slack scramble: a secure, central workspace where every stakeholder in a breach can see what's happening, know what they own, follow a tailored playbook, and - the part regulators care about - leave a defensible audit trail. BreachRx gave the whole category a name, CIRM, for Cybersecurity Incident Response Management. Coining a category is a well-worn startup move, and it's easy to be cynical about it. But there's a real argument here: response genuinely doesn't fit neatly into detection tooling, GRC platforms, or SOAR automation. It's its own discipline, and BreachRx is betting the market will eventually agree it deserves its own budget line.

Two founders make the thesis legible. Andy Lunsford, the CEO, spent fifteen-plus years in privacy law and commercial litigation - which is to say he has watched, up close, what a badly managed disclosure does to a company. Matt Hartley, the Chief Product Officer, spent two decades in cybersecurity, including a stint as an SVP at FireEye, which is to say he has watched, up close, what the attacks themselves actually look like. Law and threat intelligence under one roof. It's an unusual pairing, and it explains why the product cares as much about the regulatory clock as it does about the incident timeline.

What You Can Do With It

The Rex Platform, and the machinery underneath it

BreachRx's core product is the Rex Platform. Around it sits a small constellation of tools - an AI engine, a regulatory scout, tabletop drills, and a mobile command channel - each aimed at a different moment in the life of an incident: before, during, and after.

Platform

Rex Platform

The central, secure workspace where security, legal, comms, and executives coordinate a live incident - assigning ownership, running playbooks, and capturing evidence as it happens.

AI

Rex AI

An agentic AI engine that assesses severity, executes playbooks, and drafts executive summaries. Its orchestration agent, Maestro, tracks progress and delegates to specialized agents.

Regulatory

Cyber RegScout

Maps a single incident to the disclosure and reporting obligations that apply across jurisdictions - so the deadline clock isn't something a lawyer has to reconstruct at 3am.

Preparedness

IR Exercises

Tabletop drills that rehearse cross-functional coordination before a real event, on the theory that practiced teams panic less.

Mobile

Mobile Command

Runs out-of-band, so responders can coordinate from anywhere - and the tool managing the breach isn't sitting on the systems that got breached.

Your incident tooling should not be part of what got breached.— The out-of-band design principle behind Mobile Command
The Founders

A lawyer and a threat-intel veteran

CEO & Co-Founder

Andy Lunsford

Fifteen-plus years in privacy law and commercial litigation before founding BreachRx. He has seen what a mishandled disclosure costs - which is, in a sense, the entire premise of the product.

Chief Product Officer & Co-Founder

Matt Hartley

Two decades in cybersecurity, including SVP at FireEye, and a CISSP holder. He brings the threat-intelligence view - what attacks actually look like when the alarm sounds.

The Money

Over $23M raised, and a board that turns heads

The 2025 Series A was oversubscribed and led by Ballistic Ventures, with SYN Ventures, Overline, and Silver Buckshot Ventures joining. The signal wasn't only the dollars: former Mandiant CEO Kevin Mandia took a board seat, and former New York Times cybersecurity reporter Nicole Perlroth joined as board observer. When the person who ran Mandiant bets on your response layer, the market notices.

2020
Seed • SYN Ventures, Overline
2025
Series A • $15M • Ballistic Ventures (lead)
Total raised: over $23M. Bar lengths are illustrative, not to scale.
On The Record

What people say about it

"BreachRx is the first incident response platform built for the messy, high-stakes reality of cyber incidents today."

Nicole Perlroth • Board Observer

"The most forward-thinking CISOs understand that cyberattacks and breaches are events that companies must manage with effective command and control."

Kevin Mandia • Board Member, former Mandiant CEO

"Companies plan for one major incident at a time. That assumption is already broken."

Phil Venables • Ballistic Ventures
The Timeline

From an obvious observation to a category

2017

BreachRx is founded

Andy Lunsford and Matt Hartley start the company on a simple premise: a breach is an enterprise-wide crisis, not just an IT problem.

2020

Early funding

Seed capital, with SYN Ventures and Overline, funds the build-out of the platform.

2024

Rapid growth

3x year-over-year ARR growth as CIRM starts landing with enterprise buyers.

2025

$15M Series A

An oversubscribed round led by Ballistic Ventures pushes total funding past $23M; Kevin Mandia joins the board, Nicole Perlroth as observer.

2026

Rex Platform & Rex AI

An agentic AI incident command center, led by the Maestro orchestration agent, launches for a world of multiple simultaneous breaches.

The Next Bet

When the AI agent is the one that caused the breach

In June 2026 BreachRx shipped the Rex Platform as an agentic AI incident command center - built, pointedly, for incidents no one has a playbook for yet. Over-permissioned agents. Manipulated models. Multiple breaches unfolding at once, which is a scenario most incident plans quietly assume away. The orchestration agent, Maestro, tracks progress and delegates to specialized agents for severity, playbooks, regulatory jurisdiction, and reporting. It's early, and the AI-causes-the-breach future is still more thesis than epidemic. But the framing is the interesting part: BreachRx keeps aiming at the moment after the alarm, and the alarms are only going to get stranger.

Questions

The basics, answered

What does BreachRx do?

It makes SaaS that helps enterprises coordinate cybersecurity incident response across security, legal, communications, and executive teams - automating playbooks, tracking regulatory reporting obligations, and preserving a defensible audit trail.

What is CIRM?

Cybersecurity Incident Response Management is the category BreachRx coined. It treats a breach as an enterprise-wide business crisis requiring cross-functional coordination, rather than a purely technical incident.

Who founded BreachRx and when?

It was founded in 2017 by Andy Lunsford (CEO, a former privacy lawyer) and Matt Hartley (Chief Product Officer, a former SVP at FireEye).

How much funding has it raised?

Over $23 million total, including an oversubscribed $15M Series A in May 2025 led by Ballistic Ventures.

Who uses BreachRx?

More than 100 enterprise customers across financial services, technology, healthcare, and critical infrastructure - including Coinbase, American Express, and Commvault.