Investment in open source AIOps platform Keep

Open source continues to penetrate new markets, and advanced startup founders leverage it not only as a strong developer-focused GTM strategy. They actually build products in areas where open source enables unique competitive advantages, which are unavailable to closed-source incumbents.

Such startups seem highly promising to us as VC investors, and one of my preferred early-stage investment profiles can be reduced to this:

  • $10B+ B2B software market with large closed-source legacy players, but without established open-source champions (yet)
  • Strong enterprise demand for OSS-related features: highly diverse extensibility, customisability, hybrid cloud, data proximity, privacy, etc.
  • Outstanding high-pace team with a bold vision, capable of building a valuable tech company around its OSS core

Today I'm thrilled to announce our latest investment fitting this profile — we led the pre-seed round of open source AIOps platform Keep (Techcrunch story). Let me elaborate why.

Observability, alerts, incidents and… pain

Imagine a typical large enterprise with a tech stack accumulated over years: legacy IT, ad hoc custom solutions, inflexible enterprise suites, fancy developer tools, open source, etc. This company spends $500K+ per year and uses 5+ tools (like Datadog, Elastic, or Grafana) to just monitor this interconnected tech jungle.

Such observability suites and more specialized services (e.g., Sentry or Rollbar) generate alerts helping to efficiently detect issues, analyze and rapidly resolve incidents with the help of tools like PagerDuty… Or not?

Well, while it works well in theory or in a stable well-tuned environment, the reality of alert management at large enterprises can be way more painful. The growth of its stack fragmentation and the increase in usage tend to lead to:

  • More noise and alert fatigue. For instance, 59% of security teams received 500+ alerts per day. The problem becomes more complicated by the fact that many of them are false positives — e.g., SOC teams spend 32% of their time on "incidents" that are false threats.

  • Slower incident responses. A localized issue could affect many systems, monitored by separate tools, producing thousands of duplicated and ungrouped alerts to be handled by separate teams… Such inefficiency causes expensive delays, as the average cost of downtime for enterprises is $1M+ per hour (excluding fines and penalties).

  • Higher maintenance costs. To cope with overwhelming alert inflows, many enterprises have to regularly invest in manual labeling, new alert rules, and hire more expensive specialists (SREs, DevOps, SOC). And after talks with ~20 enterprises, it became clear to us that most of them have developed quite company-specific approaches to the issue: custom policies, alert data formats, business processes, etc.

It's not hard to imagine some ideal solution here: it easily integrates with the whole enterprise stack, consumes alerts from 100% of its systems, uses modern AI to process them, and smartly automates connected workflows.

Legacy closed-source players seem to be far from this for now — not only in terms of AI but also in their ability to adapt for a dynamic fragmented tech stack. Unlike them, open source can be better adapted and integrated with a specific enterprise environment: systems, workflows, etc.

But who could build such a next-gen open source solution?

Meet Keep and its team

Unit 8200 veterans, Tal and Shakhar, experienced alert-related challenges multiple times in their work at cybersecurity companies (TrapX, Cyberbit, CyberArk) and a startup Anecdotes. So in 2023, they launched an open-source company Keep, addressing this massive and painful problem.

Its OSS product enables a unified layer on top of observability tools, which correlates alerts from all connected systems, reduces noise and alert fatigue, and automates further actions thanks to its workflow engine. This project was well-received by developers and has grown to 75+ integrations, 50+ active (LTM) and 75+ total GitHub contributors:

The only relatively flat range indicates the fundraising period :)

One of its early fans was Matvey Kukuy, Director of Engineering at Grafana, who also had worked at Cisco and co-founded an incident management startup turned into Grafana OnCall (acquired in 2021). It was such a good match that he left the job and joined Keep as a full-time co-founder in 2024.

Together, this efficient 3-person team has built a fast-growing product that:

  • Targets the "AI for IT operations" (a.k.a. AIOps) market that has an estimated $32B size by 2028 and is dominated by large non-OSS players.

  • Provides its users not only with a useful free OSS core but also an AI-based enterprise version, well-fitting diverse tech stacks. Its first client signed a $500K+ contract recently, and many more enterprises are at the POC stage.

  • Attracted world-class experts, who co-founded relevant companies and invested together with us in this round: Shay Banon (Elastic), Andrew Miklas (PagerDuty), David Cramer (Sentry), Maxim Konovalov (NGINX), Nitzan Shapira (Epsagon), Jan Oberhauser (N8N), etc.

It's just the beginning, and I am looking forward to seeing what great things these founders can achieve — now with seed funding, first employees and the support of newly joined investors :-)