The startup rewriting data loss prevention - by deleting the policy and letting AI learn how your data actually moves.
For twenty years, data loss prevention has run on the same premise: write enough rules, and nothing slips out. Security teams authored thousands of policies - block this file type, flag that keyword, watch this folder - and then spent their nights tuning the ones that fired for no reason. The rulebook grew. The leaks kept happening.
ORION Security, founded in New York in 2024 by Nitay Milner and Jonathan Kreiner, takes the opposite bet. Instead of adding rules, it removes them. The company builds an AI-native DLP platform that learns how data normally moves through an organization - across SaaS apps, email, cloud storage, endpoints, and, increasingly, AI tools - and then flags the movements that do not fit the pattern.
The pitch to a CISO is almost contrarian: stop configuring, start understanding. ORION uses large language models and a set of specialized AI agents to read the context around every data movement - what the content is, who is moving it, whether their behavior looks intentional, where the data came from, and where it is going. From those signals it decides whether a given action is a normal Tuesday or an exfiltration in progress.
The company calls its detection signals "Indicators of Leakage," or IOLs - a deliberate echo of the security industry's familiar "Indicators of Compromise." The vocabulary shift is the whole strategy in miniature: ORION wants defenders to reason about intent and movement, not match strings against a list.
Investors have taken the argument seriously. In February 2026, ORION closed a $32 million Series A led by Norwest, with IBM participating alongside PICO Venture Partners, Lama Partners, and Underscore VC - bringing total funding to roughly $38 million. By then the company said it had already reached seven-figure annual recurring revenue, with customers running into the tens of thousands of employees.
"Better policies are not the solution for DLP." Nitay Milner - Co-Founder & CEO, ORION Security
One platform watches every channel data travels and decides, in real time, whether a movement is legitimate work or a leak. Three failure modes, one engine.
An employee pastes a customer list into the wrong tool or emails a spreadsheet to a personal account. ORION reads the context and catches the slip before it leaves.
Someone with legitimate access starts moving data in ways that break their own baseline. Behavioral intent, not just permissions, is what ORION scores.
An attacker inside the perimeter tries to pull data out. ORION traces the data's lineage and blocks the movement before exfiltration completes.
How sensitive is this data?
Who is moving it?
Does the behavior fit?
Where did it come from?
Is the destination legit?
Five signals, combined into a single verdict - the "Data DNA" of the organization.
Relative false-positive volume - ORION reports roughly a 96% reduction versus policy-based systems. Illustrative comparison based on the company's stated figures.
The DLP market is not empty. Cyberhaven built its name on data lineage; Nightfall focused on cloud and SaaS; Microsoft Purview covers the Microsoft 365 estate; and legacy platforms like Symantec, Forcepoint, and Digital Guardian still run in mature security shops. Analysts value the category in the billions and expect it to keep growing as AI reshapes how data leaves companies.
ORION's wager is that all of these approaches, new and old, still lean on policies as the unit of control - and that the policy itself is the problem. Rather than layering AI on top of rules to make them smarter, ORION removes the rule-writing step and replaces it with a model that learns the organization's normal behavior directly.
That framing matters most for the newest threat surface: generative AI. Data now flows into chatbots, copilots, and agents in seconds, often outside any policy anyone thought to write. ORION's tagline - "protecting humans and AI against data loss" - is a claim that it was built for exactly this moment, watching data move through AI workflows rather than around them.
Whether "policy-free" holds up under enterprise scrutiny is the open question every buyer will ask. But the early signal - Fortune 500 customers, seven-figure ARR, and an IBM check - suggests the argument is landing with the people who live inside DLP alerts.
| Round | Amount | Date | Lead / Investors |
|---|---|---|---|
| Seed | $6M | 2025 | PICO Venture Partners, FXP, Underscore VC |
| Series A | $32M | Feb 2026 | Norwest (lead), IBM, PICO Venture Partners, Lama Partners, Underscore VC |
| Total | ~$38M | - | - |
Co-Founder & CEO. Former product leader at Epsagon, the observability startup acquired by Cisco. Leads ORION's product and go-to-market from New York.
Co-Founder & CTO. Former application security leader at WalkMe. Drives ORION's AI-agent architecture and R&D out of Tel Aviv.
A roughly 51-person team that describes itself as invested and mutually supportive, operating with SOC 2 and ISO 27001 certifications.
"Growth doesn't have to come from raising money - it can come from building something people truly need." Nitay Milner - Co-Founder & CEO
Nitay Milner and Jonathan Kreiner start ORION to rethink data loss prevention from first principles.
The company raises roughly $6M and develops its context-aware, policy-free DLP platform quietly.
Norwest leads a $32M round with IBM participating; total funding reaches ~$38M and ARR hits seven figures.
ORION expands its team, publishes threat-model resources, and plans a presence at Black Hat 2026.
ORION provides an AI-native data loss prevention (DLP) platform that detects and prevents data leaks across SaaS, email, cloud, AI tools, and endpoints - without relying on manually written policies.
Instead of thousands of human-authored rules, ORION uses LLMs and AI agents to learn how data normally moves and analyze context - content sensitivity, user identity, intent, and lineage. The company reports this cuts false positives by roughly 96%.
ORION was founded in 2024 by CEO Nitay Milner (formerly of Epsagon) and CTO Jonathan Kreiner (formerly of WalkMe).
About $38M total, including a $32M Series A in February 2026 led by Norwest with participation from IBM, PICO Venture Partners, Lama Partners, and Underscore VC.
Enterprises with tens of thousands of employees across finance, healthcare, and technology - including Fortune 500 organizations - primarily via their security and data protection teams.