About KTLYST Labs

We're building the nervous system for enterprise security. Every organization learns from incidents, intel, and investigations. Almost none institutionalize that learning. We fix that.

Last updated:

What We Do

Every enterprise has 60+ security tools, but no system connecting what each team learns. Threat intel, SOC, IR, red team, and GRC operate in silos. Lessons die in tickets, wikis, and tribal knowledge. When people leave, the learning leaves with them.

KTLYST is the Security Learning Control Plane (SLCP). It captures learning from incidents, intel, and investigations. It normalizes messy findings into structured, governed artifacts with full provenance. It enforces those artifacts back into existing tools (Splunk, Snowflake, Elastic, ServiceNow) as production changes.

Every learning event compounds, making the next response faster and the organization harder to breach again.

51K+ Lines of production code
27+ Validation gates
4 Output platforms
<5 min Per item translation

The Founding Story

KTLYST was born from a pattern both founders watched repeat across multiple organizations over a combined 30+ years in security.

"At Google, I watched four teams fight the same scam operation without knowing it. At Meta, I saw lessons from one incident die before reaching the next team. At every organization, the same pattern: respond, document, forget, get breached again."

- Assaf Kipnis, Founder & CEO

The Pattern Emerges

Across LinkedIn, Google, Meta, and ElevenLabs, Assaf saw the same failure: security teams learn hard lessons, document them somewhere, and lose them to silos, turnover, and tool fragmentation. The learning always dies.

The Missing Layer

Every enterprise has muscles (SIEMs, EDRs, firewalls, IAM). What none of them have is a nervous system connecting what each muscle learns. The problem isn't detection. It's that organizations respond to incidents but never institutionalize the lesson.

KTLYST Labs Founded

Assaf and Stephan joined forces to build the Security Learning Control Plane. A domain expert who crossed the technical boundary, building 51K+ lines of production code using AI as his primary development tool.

Today

Working with design partners in regulated industries to deploy the first governed translation workflows. Detection rules are the first proof point. The goal is prevention engineering.

Team

Combined 30+ years in security detection and threat intelligence. We've built these systems at scale and seen firsthand how intelligence dies between teams.

Assaf Kipnis

Founder & CEO

12 years in threat intelligence across LinkedIn, Google Trust & Safety, Meta (under the CISO), and ElevenLabs (Head of Threat Intelligence & Investigations). Designed the architectural patterns that allow security knowledge to compound instead of reset.

Google Meta LinkedIn ElevenLabs
LinkedIn Profile →

Stephan Kaufmann

Co-Founder & COO

20+ years in security operations leadership at HP, McAfee, and Meta. Built large-scale threat intelligence and detection systems. Spent 8-10 hours a week manually translating intel into defenses - the exact workflow KTLYST automates.

Meta McAfee HP
LinkedIn Profile →

Technology

KTLYST is a purpose-built system, not a wrapper around an LLM. The architecture is designed for deterministic, auditable, governed security knowledge management.

Zero-Inference Extraction

No hallucinated indicators. Every extracted behavior and indicator traces back to source text at the character level. Deterministic, not probabilistic.

Character-Level Provenance

Every output clause is linked to the exact source text that produced it. Engineers see exactly which part of the input triggered which output.

Append-Only Audit Trail

Every decision, approval, and modification is recorded immutably. Full governance chain from input through to deployed artifact.

Schema-Aware Compilation

Multi-tenant RLS isolation. Output compilation is aware of target platform schemas (Splunk SPL, Snowflake SQL, Elastic KQL, Sift).

Values

AI-First

We build with AI as our primary tool, not an afterthought. Our codebase is a testament to what domain experts can build when AI removes the implementation barrier.

Experts First

Security decisions should be made by security professionals. KTLYST amplifies human judgment, never replaces it. Nothing ships without explicit human approval.

Being Wrong Is a Virtue

We value honest assessment over confident claims. If something isn't validated, we say so. If we're wrong, we correct and learn. That's the whole thesis.

Always Learning

The system improves with every input. So does the company. We seek feedback, iterate fast, and treat every conversation as training data for better decisions.

Speak the Educated Truth

No buzzwords, no hype, no overclaiming. We describe exactly what exists, what's planned, and where the gaps are. Trust is built on precision.

Company

Structure

Delaware C-Corporation, incorporated January 2026. 10M authorized shares.

Stage

Pre-seed. Raising $2.5M to deploy with 3-5 design partners in regulated industries.

Thesis Endorsers

Two CISOs, the CTO of the FBI, and Meta's threat intelligence leadership have endorsed the thesis.

Contact

crew@ktlystlabs.com
Schedule a conversation →