AngelList is the pioneering platform connecting founders, investors, and innovators in the startup ecosystem. Founded in 2010, the company has supported over 13,000 startups and more than $171 billion in assets across 25,000+ funds and syndicates.

When Alberto Martìnez joined AngelList as Head of Security, he had a clear mission: build an efficient and lean security program from the ground up.

"I wanted to challenge myself to do things differently with the opportunities that AI and technology provide today," explains Alberto.

With AngelList growing rapidly, Alberto knew he needed to find a SIEM that was able to meet the scale and challenges ahead; in particular, a security data platform that was not only cost-effective, but built in a way to best support his vision of an AI-supported and efficient security team.

Finding the right innovation partner

AngelList needed a SIEM that was both cost-efficient and forward-thinking in its integration with AI. After connecting with the RunReveal team, Alberto was impressed by their approach using Clickhouse and their efficient SIEM architecture.

RunReveal's customer-first approach to product development resulted in a great partnership: "Every time I've told the RunReveal team to build something, they were already building it or building something that I hadn't thought about. We're aligned on the vision of how detection and response should work."

The RunReveal MCP Server, a tireless security analyst

When Alberto installed RunReveal's MCP Server, the results exceeded his team's expectations. Unlike other tools he had experimented with, RunReveal's implementation worked exceptionally well right from the start.

"Just to see how Claude was able to list all the tables, figure out the schemas, and start working on investigating GuardDuty alerts, it was pretty good from the start," Alberto notes.

The MCP Server immediately helped Alberto's team understand which additional sources they needed to integrate to allow the AI to continue investigations more effectively. This ultimately created a feedback loop as they added more data sources to enhance the LLM's reasoning capabilities.

Quickly, RunReveal's MCP Server has evolved into a full-time team member for AngelList's security team.

"It became really like having some sort of level-one analyst that works tirelessly, giving you feedback and transparency into everything that it's working on," Alberto explains. "It allowed [my team] to effectively manage detection and response."

Alberto emphasizes that there's still significant strategic work behind effective detection and response: Identifying top risks, shipping the right signals, and unifying appropriate sources. However, once that strategy is in place, MCP helps execute it efficiently.

"Instead of me writing SQL queries and static signals, you can see a reasoning engine going through that, and you can provide feedback," he says.

AngelList also uses RunReveal's MCP Server to quickly understand the security landscape of his organization.

"Monday morning I can ask Claude, 'give me a digest of all the security events during the past weekend,'" Alberto explains. This allows AngelList's security team to efficiently prioritize and validate potential concerns with actual data before taking action.

The ability to quickly assess the scale and scope of potential issues allows the AngelList security team to focus their resources on what truly matters rather than chasing false positives or low-priority concerns.

AngelList's security team is also leveraging the RunReveal MCP Server to help them save time with writing and managing detections. Alberto's team is using Claude and RunReveal's MCP Server to build Sigma rules to build detections for AngelList's top security risks, saving them considerable time and manual work.

Cost-effective data management

One of the key benefits Alberto highlights is RunReveal's efficiency in handling security data.

"[RunReveal] allows me to add a large amount of security telemetry in a very cost-effective way," he says. "It takes care of parsing and organizing that data so I can easily query it through [the MCP Server]."

This significantly reduces the time spent on data ingestion and normalization, a task that consumes substantial energy and budget in many detection and response systems. For a lean team like AngelList's, this efficiency is critical to maintaining effective security coverage without expanding headcount.

AngelList's security team is also leveraging the RunReveal MCP Server to manage log costs; Alberto's team used RunReveal's MCP Server to quickly find high volume logs with marginal security value and create regex filters to add to RunReveal's built-in Pipelines, reducing log volume and saving costs.

Building a scalable future with AI at the center

Alberto envisions a future where his security team remains intentionally small, leveraging AI capabilities that will continue to improve with time.

By connecting RunReveal with other systems through MCP integrations, Alberto aims to create a centralized security intelligence hub that can reason across product security, cloud security, and threat detection simultaneously. This unified approach would allow his small team to maintain comprehensive security coverage even as AngelList continues to grow.

"We are aligned on the vision for how detection and response should work," Alberto says about RunReveal. "It gives me peace of mind and makes me confident with the idea of continuing to invest my time working with them because I know in one, two, or three years, I'll be working with the right company."