Edward Wu

A SOC manager named Michael sat across from Edward Wu, watched a parade of slick deep-learning alerts light up the screen, and said the quiet part out loud: "Surfacing an alert doesn't change the game. You need to help me understand them."

That sentence landed harder than any sales objection. Wu was at ExtraHop Networks at the time, deep into eight years of building behavioral attack detection from scratch. He had spent his career making alarms smarter. Michael was telling him the alarms were never the problem. The problem was that nobody had time to chase them down. A fifteen-minute investigation demo confirmed it: alert generation had been automated to death, while the investigation behind each alert was still a human typing queries at 2 a.m.

The number that stuck with him was brutal in its simplicity. Most security operations centers investigate fewer than 10% of the alerts they receive. The other 90% pile up, unexamined, because there is no army of analysts large enough to read them. Attackers, Wu likes to point out, only have to win once. Defenders have to be right "1 million out of 1 million times." It is the most lopsided math in technology, and he decided to attack it.

In 2023 he left ExtraHop and founded Dropzone AI, headquartered in downtown Seattle on Cherry Street. The pitch is unusually concrete for an AI company. Instead of one more dashboard that produces alerts, Dropzone builds autonomous agents that do the thing humans hate: the patient, methodical investigation of every single alert, around the clock, mimicking how an expert tier-1 analyst actually reasons. Pull the logs. Correlate the context. Decide if it matters. Write the report. Do it again, a million times, without getting tired or bored.

Why the timing finally worked

Wu had seen automation promised before. Traditional SOAR playbooks were rigid - they broke the moment a security tool changed its output or an alert didn't fit the script. What changed was the arrival of large language models that could read messy, fragmented security telemetry and reason about it the way a person would. That capability is what made Dropzone possible, and Wu moved fast to build on it. The company describes its product as the world's first autonomous AI SOC analyst.

The market noticed. Dropzone launched with a $3.5 million seed round led by Decibel Partners and joined by Pioneer Square Ventures. By July 2025 it had closed a $37 million Series B led by Theory Ventures, with Madrona, Decibel, Pioneer Square Labs and the intelligence-community-backed IQT all writing checks. Total funding climbed to around $57 million. Customers like UiPath, Zapier and Pipe signed on, and the roster passed 100 enterprises. The company closed 2025 with 11x ARR growth and a spot on the Fortune Cyber 60.

Wu frames the shift in generational terms. "We're driving a generational shift in cybersecurity," he said when the Series B closed, "from manpower-bound, alert-chasing SOC teams to SOC teams backed by an army of autonomous AI agents that get to focus on what truly matters." The funding, he added with characteristic economy, "fortifies our market lead."

The engineer underneath the CEO

Before he was pitching venture firms, Wu was a researcher who liked taking software apart. He worked on automated binary analysis and software defenses at UC Berkeley and at the University of Washington in Seattle, developing new techniques in program analysis. He enrolled in a computer science Ph.D. at UW - and then walked away from it to join ExtraHop, trading a dissertation for the chance to ship detection that real defenders would use.

At ExtraHop he rose to Senior Principal Scientist and led the development of the company's AI/ML detection capabilities, spearheading its transition from network performance monitoring to network detection and response. That eight-year run gave him something most AI founders lack: deep, hands-on credibility in the exact problem he is now trying to automate. He holds more than 30 patents in machine learning and cybersecurity and contributes to the MITRE ATT&CK framework, the industry's shared map of how attackers actually operate.

It is a tidy arc. He started fascinated by networks as a source of security data, spent a decade learning to read the signals attackers leave behind, and concluded that the bottleneck was never seeing the threat - it was having enough trained minds to investigate it. So he set out to manufacture those minds. His stated aspiration is plain: let any security team operate and defend as if it had an unlimited number of expert analysts on staff, and level a playing field that has always tilted toward the attacker.

That is the wager. Whether the SOC of the future runs on people or on agents is still an open argument across the industry. Edward Wu has already placed his bet, raised $57 million on it, and put it on the front line of more than a hundred companies.