Daylight closed a $33 million Series A in November 2025 led by Craft Ventures. The round included participation from Bain Capital Ventures and Maple VC, along with angel investors from the cybersecurity industry including executives from Wiz, Torq, Cyera, and Armis.

The company previously raised a $7 million seed round in September 2025 led by Bain Capital Ventures when it had approximately 20 employees. Daylight has raised $40 million in total funding across these two rounds.

Daylight operates as a managed detection and response service that replaces traditional security operations centers with AI-powered threat detection and human oversight. The platform connects to existing security infrastructure through API integrations rather than requiring new hardware installations.

Customers integrate Daylight with their endpoint detection tools like CrowdStrike or SentinelOne, identity providers such as Okta, cloud logging systems, and communication platforms like Slack or Microsoft Teams. The onboarding process takes less than one hour since most connections are API-based rather than requiring sensor deployments.

The core engine uses what Daylight calls agentic AI to continuously analyze security alerts, correlate data across multiple sources, and make containment decisions. The AI system maintains memory of past incidents, understands business context like employee roles and recent organizational changes, and can automatically isolate compromised systems or disable user accounts when confidence levels are high.

When the AI encounters complex scenarios or needs human judgment, alerts flow directly into the customer's existing chat channels where Daylight analysts collaborate with internal security teams in real-time. This eliminates the traditional ticket-based escalation process that creates delays in incident response.

The platform provides dashboards showing mean time to detect threats, response times, alert volumes, and the ratio of AI-only versus human-assisted investigations, giving security leaders clear metrics on operational efficiency.

Daylight operates on a subscription SaaS model, selling managed detection and response services to mid-market and enterprise customers. The company positions itself as a complete replacement for internal security operations center capabilities rather than a supplementary tool.

The go-to-market approach is B2B, targeting organizations that lack sufficient internal security expertise or want to augment existing teams with 24/7 monitoring capabilities. Pricing follows industry standards of $10 to $30 per endpoint per month, typically resulting in annual contracts between $115,000 and $130,000 for mid-market deployments.

Unlike traditional MDR providers that often hand incidents back to customers after initial triage, Daylight promises end-to-end threat resolution including both investigation and remediation. This full-service approach allows the company to capture more value per customer relationship and reduce the operational burden on client security teams.

The business model benefits from the industry-wide shortage of cybersecurity talent, as organizations increasingly prefer to outsource complex security operations rather than compete for scarce skilled professionals. Daylight's AI-first approach allows it to handle higher case volumes with fewer human analysts compared to traditional providers, potentially improving unit economics as the platform scales.

Customer expansion occurs through increased endpoint coverage as organizations grow and through upselling additional modules like the planned identity threat detection and cloud workload protection capabilities.

CrowdStrike Falcon Complete represents the strongest competitive threat with its combination of endpoint detection technology and managed services. The company processes over 9 trillion security events daily and has achieved 98% automated triage accuracy through its Charlotte AI system.

CrowdStrike's $4.66 billion ARR and 25,000+ customer base provide significant advantages in data collection for AI model training and channel partnerships. The company bundles MDR services as premium add-ons to drive adoption of its broader security platform.

SentinelOne's Vigilance Respond service approaches $1 billion ARR and emphasizes autonomous investigation capabilities with 99%+ benign alert closure rates. Microsoft Defender Experts leverages first-party telemetry from Office 365 and Azure environments, creating natural integration advantages for organizations already using Microsoft infrastructure.

Arctic Wolf has demonstrated the potential for vendor-agnostic MDR services, reaching $438 million ARR while growing 36% year-over-year. The company originally focused on small and medium businesses but has expanded upmarket to compete for enterprise contracts.

Arctic Wolf's 100% channel partner approach and white-glove service model differentiate it from more automated competitors. However, the company's growth trajectory shows the market opportunity for specialized MDR providers that can combine human expertise with advanced technology.

Red Canary, Rapid7, and other pure-play providers compete on vendor neutrality and specialized expertise, though they generally lack the AI automation capabilities that Daylight emphasizes as a core differentiator.

Vanta has expanded from compliance automation to broader cybersecurity services, reaching $220 million ARR by incorporating continuous monitoring and AI-powered compliance standards. While not directly competing in MDR, Vanta demonstrates how AI-first security companies can rapidly expand their market presence.

Newer entrants like Persana AI are building Clay-like orchestration platforms specifically for security workflows, potentially competing with Daylight's integration and automation capabilities.

Daylight plans to launch identity threat detection and response capabilities, entering a market projected to grow from $13.8 billion in 2024 to $47 billion by 2030. ITDR represents a natural extension since identity-related threats often trigger the same investigation workflows that Daylight's AI agents already handle.

Cloud workload protection offers another adjacent opportunity in a market expected to reach $13 billion by 2030. As organizations migrate applications to cloud environments, protecting containers and serverless functions requires the same continuous monitoring and rapid response capabilities that define Daylight's core offering.

The company could also license its agentic AI engine as a standalone platform for organizations that prefer to maintain internal security operations centers while automating tier-one analyst tasks. This would create a new revenue stream while potentially seeding future full-service MDR conversions.

Mid-market organizations with fewer than 2,000 employees represent a significant growth opportunity, as 78% report unfilled security positions. Daylight's automated approach reduces the expertise requirements for effective threat detection, making enterprise-grade security accessible to smaller organizations.

Regulated industries including healthcare, financial services, and insurance face increasing compliance requirements and financial penalties for security incidents. Daylight's audit-ready reporting and regulatory mapping capabilities position it to capture premium pricing in these verticals.

Critical infrastructure organizations are receiving government incentives to improve cybersecurity resilience, creating new budget availability for managed security services that can demonstrate measurable improvements in threat detection and response times.

North America currently accounts for approximately 34% of global MDR spending, while Asia-Pacific and Middle East regions show the fastest growth rates exceeding 20% annually. Establishing follow-the-sun security operations centers in Singapore or Dubai would improve service level coverage while capturing emerging market demand.

International expansion also addresses data residency requirements that prevent some organizations from using US-based security services. Local presence in key markets could unlock enterprise customers that require domestic data processing for regulatory compliance.

Competitive pressure: Large endpoint security vendors like CrowdStrike and SentinelOne have large-scale data advantages for training AI models and can bundle MDR services with existing platform sales, which could commoditize the market and pressure Daylight's pricing power as these incumbents expand managed service capabilities.

AI automation limits: While Daylight's agentic AI approach is designed to reduce false positives and response times, sophisticated attacks may still require human expertise that automated systems cannot replicate, limiting the company's ability to achieve fully autonomous security operations and increasing human analyst costs.

Market consolidation: The MDR industry is consolidating as larger cybersecurity platforms acquire specialized providers to build comprehensive security suites, which could reduce the number of potential customers willing to work with independent vendors rather than integrated platform providers.