When DeepTempo emerged from stealth in November 2024, it did so in an unusual venue for a security startup: the Snowflake Marketplace. The Palo Alto company's product, Tempo, runs as a Snowflake Native App and uses deep learning against log data to flag potential cyberattacks [Blocks and Files, Nov 2024]. The pitch to a security operations lead is direct. The logs are already in Snowflake. The detection should run there too, next to the data, instead of getting shipped to yet another console.
That is the wedge. DeepTempo sells what it calls LogLM, described on its site as a vertical foundation model purpose-built for security logs, designed to catch modern attacks that network detection and response (NDR) and security information and event management (SIEM) tools miss [DeepTempo website, retrieved 2025]. Tempo, the application layer on top, surfaces context for each anomaly: similar attack patterns from the MITRE ATT&CK matrix, potentially impacted entities, and triage information aimed at security operations teams [The Fast Mode, retrieved 2026]. The buyer, in other words, is a SOC manager or a head of detection engineering at a company that has already standardized on Snowflake as its security data lake. That is a specific, and growing, ICP.
The bet
The strategic logic here is worth taking seriously. Security data volumes have outrun the economics of traditional SIEMs, which is why a generation of customers has moved log retention into Snowflake, Databricks, or comparable warehouses. What those customers still need is detection logic that runs natively against that data. DeepTempo is betting that a foundation model trained specifically on log telemetry will produce better signal than the rules and statistical baselining that most SIEMs ship with, and that selling it through the Snowflake Marketplace shortens procurement from a multi-quarter security RFP into something closer to a marketplace transaction against an existing Snowflake commit.
If that motion works, it is a meaningful change in how detection software gets bought. The buyer does not need to stand up new infrastructure, route data to a vendor, or sign a separate data processing agreement. The renewal motion, in theory, ties to Snowflake consumption rather than per-seat or per-GB SIEM pricing. Whether enterprise security buyers actually treat marketplace apps as a procurement shortcut at six- and seven-figure ACVs is still an open question across the category, not just for DeepTempo.
Why it could be big
The tailwinds are real. Snowflake has been actively cultivating a security data cloud narrative, and Native Apps are central to how the company wants third-party software distributed. DeepTempo also completed the BNY Ascent Program, a cohort run in collaboration with BNY Mellon focused on AI-driven cybersecurity [Fintech Futures, retrieved 2026]. For a pre-seed company, getting design-partner exposure to a tier-one financial institution is the kind of validation that matters more than a logo slide. Powell himself has confirmed BNY's role as a design partner in building the first LogLM [LinkedIn].
The upside case, if execution holds, is that DeepTempo becomes the default detection layer for the cohort of enterprises that have committed to Snowflake as their security data platform. That is a smaller universe than the entire SIEM market, but it is a fast-growing slice with above-average willingness to pay for software that respects the architecture they already chose.
The team
Founder Evan Powell is a repeat enterprise infrastructure operator. He was the founding CEO of StackStorm, an event-driven automation company acquired in 2017 [DeepTempo blog, Jun 2025], and previously served as CEO of Nexenta Systems, a software-defined storage company that raised $24M in 2013 [TechCrunch, Feb 2013]. He has also been involved with Cloudbyte, Reprise, and OpenEBS in founding or executive roles [Bloomberg Markets, retrieved 2026][Forbes Technology Council, retrieved 2026]. His public LinkedIn references five exits [LinkedIn]. In February 2025, DeepTempo hired Chris Bowen, previously at Hammerspace, as its first VP of Sales [Blocks and Files, Feb 2025], a signal that the company is moving from design-partner mode toward a repeatable sales motion.
| Milestone | Date | Source |
|---|---|---|
| Company founded | 2023 | Structured facts |
| Emerged from stealth, Tempo on Snowflake Marketplace | Nov 2024 | Blocks and Files |
| First VP of Sales hired (Chris Bowen) | Feb 2025 | Blocks and Files |
| BNY Ascent Program completed | retrieved 2026 | Fintech Futures |
The honest counterfactual
The most credible bear case is competitive density. The realistic competitive set for DeepTempo is not just Wiz, which is listed as a competitor but plays primarily in cloud security posture management rather than log-based detection. The harder comparison is with detection-focused vendors building on the same warehouse-native thesis: Panther, Hunters, Anvilogic, and the in-house detection engineering teams at large enterprises that increasingly write their own SQL and Python against Snowflake. Several of those competitors are further along on revenue and headcount. The bull answer is that DeepTempo's wedge is not the warehouse-native architecture itself, which is now table stakes, but the LogLM model layer and the claim that a purpose-built foundation model produces detections that rules-based competitors structurally cannot [DeepTempo website, retrieved 2025]. If that claim survives contact with paying customers, the model becomes the moat. If it does not, DeepTempo is competing on distribution and price against better-funded peers.
What to watch
The next twelve months should answer three questions. First, does a priced seed round materialize, and which security-specialist investors lead it? For a pre-seed company with a named design partner in BNY and a marketplace listing already live, a seed should be the natural next step. Second, does Tempo convert any of its design-partner relationships into disclosed paying customers with named ACVs? Third, does Bowen's sales hire produce a repeatable motion through the Snowflake Marketplace, or does DeepTempo end up running a traditional enterprise security sale in parallel? The marketplace thesis only pays off if the procurement cycle actually compresses.
ICP, plainly stated: a security operations team at a mid-market or enterprise company that has already committed to Snowflake as its security data lake, has a detection engineering function, and is looking for model-driven signal on top of log data they already pay to retain. If that describes your shop, DeepTempo is worth a marketplace trial. If you are still running a traditional SIEM on-prem, the architectural fit is not there yet, and the conversation is premature.
Pipe Haddad, Startuply