DeepTempo
Adds an intelligent prediction and detection layer to security stacks using AI-powered LogLM for threat detection.
Website: https://www.deeptempo.ai
Cover Block
PUBLIC
| Field | Value |
|---|---|
| Name | DeepTempo |
| Tagline | Adds an intelligent prediction and detection layer to security stacks using AI-powered LogLM for threat detection |
| Headquarters | Palo Alto, California |
| Founded | 2023 |
| Stage | Pre-Seed |
| Business Model | SaaS |
| Industry | Cybersecurity |
| Technology Type | AI / Machine Learning (foundation model for security logs) |
| Geography | North America |
| Growth Profile | Venture Scale |
| Founding Team | Solo Founder (Evan Powell) |
| Accelerator | BNY Ascent Program |
Links
PUBLIC
- Website: https://www.deeptempo.ai
- LinkedIn: https://www.linkedin.com/company/deeptempo
- Medium (engineering and product blog): https://medium.com/deeptempo
- PitchBook profile: https://pitchbook.com/profiles/company/753291-19
Executive Summary
PUBLIC
DeepTempo is a Palo Alto-based cybersecurity startup building what it calls a LogLM, a vertical foundation model trained on security log data, that runs natively inside Snowflake to detect attack patterns that traditional network detection and SIEM tools miss [DeepTempo website, retrieved 2025]. The company was founded in November 2023 by Evan Powell, a repeat infrastructure-software founder whose prior companies include Nexenta Systems, StackStorm (sold in 2017), and Reprise, and emerged from stealth in November 2024 with the launch of its Tempo app on the Snowflake Marketplace [Blocks and Files, Feb 2025] [Blocks and Files, Nov 2024]. The product positions itself as a detection and triage layer that maps anomalies to MITRE ATT&CK patterns, surfaces likely impacted entities, and reduces analyst load on overloaded SOC teams [The Fast Mode, retrieved 2026]. Early validation includes participation in the BNY Ascent Program in collaboration with BNY Mellon, with BNY also cited by the founder as a design partner on the LogLM itself [Fintech Futures, retrieved 2026] [LinkedIn]. No priced funding round has been disclosed publicly, which constrains visibility into runway and ownership but is consistent with the pre-seed label carried in third-party databases. In Q1 2025 the company hired Chris Bowen, formerly SVP of sales at Hammerspace, as its first VP of Sales, signaling a move from research mode toward commercial motion [Blocks and Files, Feb 2025]. Over the next 12 to 18 months, the questions worth tracking are whether DeepTempo can convert Snowflake Marketplace distribution into paying enterprise customers, whether the LogLM approach holds up against well-capitalized incumbents in cloud-native detection, and whether a priced seed round materializes to fund the sales build-out.
Data Accuracy: GREEN -- Confirmed by Blocks and Files, DeepTempo website, LinkedIn, and Fintech Futures.
Taxonomy Snapshot
| Axis | Value |
|---|---|
| Stage | Pre-Seed |
| Business Model | SaaS (Snowflake Native App) |
| Industry / Vertical | Cybersecurity, threat detection |
| Technology Type | Deep learning foundation model (LogLM) |
| Geography | North America (Palo Alto, CA) |
| Growth Profile | Venture Scale |
| Founding Team | Solo Founder, repeat operator |
Company Overview
PUBLIC
DeepTempo was set up by Evan Powell in November 2023 and operated in stealth for roughly twelve months before publicly launching its Tempo app in November 2024 [Blocks and Files, Feb 2025] [Blocks and Files, Nov 2024]. The thesis, as stated by Powell on LinkedIn, was "to fix cyber, from the foundations," with the first concrete output being a LogLM (log-data language model) developed with BNY and other unnamed design partners [LinkedIn]. The company is headquartered in Palo Alto, California, and presents itself externally through its website, a Medium publication, and a LinkedIn company page; a separate corporate legal entity is not publicly disclosed in the sources reviewed.
The public milestone sequence is short but coherent. Founding in late 2023 was followed by a stealth-period buildout of the LogLM and the Snowflake Native App. The November 2024 launch on the Snowflake Marketplace was paired with a Snowflake Startup Spotlight write-up that introduced Tempo to Snowflake's customer base [Snowflake]. In February 2025 the company hired its first VP of Sales, Chris Bowen, previously SVP of sales at Hammerspace, an explicit signal that the company was moving from a founder-led design-partner phase into a repeatable commercial motion [Blocks and Files, Feb 2025]. Participation in the BNY Ascent Program, a fintech-aligned accelerator run in collaboration with BNY Mellon, is the only named program affiliation surfaced in the public record [Fintech Futures, retrieved 2026].
What is not yet on the public record is equally relevant: no priced funding round, named lead investor, customer count, or revenue figure has been disclosed. PitchBook lists a profile but the underlying valuation and cap-table fields are not visible without a subscription [PitchBook]. For an investor view, the company should be treated as an early pre-seed with credible founder pedigree and at least one institutional design partner, rather than as a funded entity with confirmed traction.
Data Accuracy: GREEN -- Confirmed by Blocks and Files, Snowflake, LinkedIn, and Fintech Futures.
Product and Technology
MIXED
Tempo, the company's flagship product, is delivered as a Snowflake Native App that ingests security log data already resident in a customer's Snowflake account and applies deep learning to flag likely security incidents [Blocks and Files, Nov 2024] [PUBLIC]. The pitch is explicitly additive rather than replacement: DeepTempo positions LogLM as "an intelligent prediction and detection layer" on top of existing NDR (network detection and response) and SIEM (security information and event management) stacks, claiming to surface modern attack patterns that those tools miss [DeepTempo website, retrieved 2025] [PUBLIC].
The technical center of gravity is the LogLM itself, described by the company as a vertical foundation model purpose-built for security logs rather than a general-purpose LLM repurposed for the security use case [DeepTempo website, retrieved 2025] [PUBLIC]. According to coverage of the launch, Tempo enriches anomalies with context including similar attack patterns drawn from the MITRE ATT&CK matrix, lists of potentially impacted entities, and triage-ready metadata intended to reduce the cognitive load on SOC analysts [The Fast Mode, retrieved 2026] [PUBLIC]. The Snowflake-native architecture means data does not have to be exfiltrated to a vendor cloud, which is a meaningful selling point for regulated buyers concerned about data residency and egress costs (inferred from architecture choice) [MIXED].
No public roadmap, model card, benchmark result, or third-party evaluation has been published in the sources reviewed, and the company has not disclosed which log sources, cloud providers, or detection categories the model has been trained or tuned against. The strongest external validation point on the technology side is BNY Mellon's role as a named design partner on the LogLM, as referenced by the founder [LinkedIn] [PUBLIC]. For a foundation-model claim in a regulated buyer market, the absence of published benchmarks is a gap that diligent buyers and investors will probe directly.
Data Accuracy: YELLOW -- Product claims confirmed by company website, Blocks and Files, and Snowflake; technical depth and benchmarks not independently verified.
Market Research and Opportunity
PUBLIC
Security operations is one of the few enterprise software categories where buyer pain has visibly outpaced incumbent tooling, which is why a wave of AI-native detection startups has formed around the SIEM and XDR stack since 2023. DeepTempo is targeting the detection-and-response layer of the security operations center, a category historically dominated by SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel), newer cloud-native SIEMs (Panther, Hydrolix-backed entrants), and the broader cloud security posture and detection segment where Wiz has become the reference name [Blocks and Files, Nov 2024].
No third-party TAM figure for the LogLM-on-Snowflake sub-segment has been surfaced in the cited research, so any sizing here would be an extrapolation rather than a reported fact. What is observable is the demand-side context: enterprises are consolidating logs into cloud data warehouses (Snowflake, Databricks, BigQuery) for cost and analytics reasons, which creates a structural opening for detection products that run where the data already lives rather than requiring a separate ingestion pipeline. Tempo's distribution choice (Snowflake Native App, listed on Snowflake Marketplace) is directly aligned with that shift [Snowflake] [Blocks and Files, Nov 2024].
The relevant tailwinds the cited research surfaces are three. First, the Snowflake Native App framework itself, which gives early-stage vendors a credible enterprise distribution channel without a traditional field-sales build [Snowflake]. Second, regulated-industry interest in keeping security telemetry inside the customer's own cloud account for data-residency reasons, which the Snowflake-native architecture naturally serves (inferred from architecture). Third, the willingness of a Tier-1 financial institution (BNY Mellon) to act as a design partner and accelerator host for an early-stage AI security vendor, which is itself a signal about buyer-side appetite for AI-native detection [Fintech Futures, retrieved 2026] [LinkedIn].
Adjacent and substitute markets to monitor include managed detection and response (MDR) services, which compete for the same SOC budget; cloud detection and response (CDR) tools from incumbents like Wiz and CrowdStrike; and in-warehouse security analytics offerings that Snowflake itself or Databricks could choose to build natively. The macro and regulatory backdrop (SEC cyber-disclosure rules in force since late 2023, EU NIS2, sustained ransomware activity) continues to push detection budgets up, but it also raises the bar on explainability and auditability for any model-driven detection claim.
| Market signal | Detail | Source |
|---|---|---|
| Distribution channel | Snowflake Marketplace listing as Native App | [Snowflake] [Blocks and Files, Nov 2024] |
| Named design partner | BNY Mellon (also accelerator host) | [LinkedIn] [Fintech Futures, retrieved 2026] |
| Reference competitor cited | Wiz (cloud security) | structured facts |
Analyst takeaway: the market signals that are confirmable today are channel and design-partner signals rather than sizing signals. That is appropriate for a pre-seed company, but it means the investment case rests on conviction about the LogLM thesis and the Snowflake-native distribution wedge rather than on a defensible TAM number.
Data Accuracy: YELLOW -- Channel and partner signals confirmed by Snowflake, Blocks and Files, Fintech Futures, and LinkedIn; no third-party TAM cited.
Competitive Landscape
MIXED
DeepTempo sits inside one of the most heavily contested categories in enterprise software, and its differentiation rests on a specific architectural bet (foundation model trained on logs, deployed inside the customer's Snowflake account) rather than on a new product category.
| Company | Positioning | Stage / Funding | Notable Differentiator | Source |
|---|---|---|---|---|
| DeepTempo | LogLM-based detection layer running as a Snowflake Native App | Pre-seed, no priced round disclosed | Vertical foundation model on security logs, in-warehouse deployment | [DeepTempo website, retrieved 2025] [Blocks and Files, Nov 2024] |
| Wiz | Cloud security platform (CNAPP) with detection capabilities | Late-stage, well-capitalized public-market-adjacent | Breadth of cloud posture, vulnerability and detection coverage; large enterprise install base | structured facts |
The segment-by-segment map is roughly as follows. Incumbent SIEM vendors (Splunk, now Cisco; Microsoft Sentinel; IBM QRadar) own the buying center for log-based detection but are widely viewed as expensive at scale and slow on AI-native detection. Cloud-native detection challengers (Wiz, CrowdStrike, SentinelOne) have strong distribution and growing detection breadth, and increasingly host their own data lakes. Adjacent substitutes include in-warehouse analytics offerings that Snowflake or Databricks customers can build themselves, and a small but growing set of AI-native detection startups using LLMs to triage alerts. DeepTempo is most directly comparable to that last group, but with the architectural twist that its model runs inside Snowflake rather than inside a vendor SaaS.
Where DeepTempo has a defensible edge today: the Snowflake Native App distribution model is genuinely differentiated, because it lowers the data-movement and procurement friction that slows down most security software sales, and it puts the product in front of every Snowflake security buyer through a single channel [Snowflake]. The founder's prior infrastructure-software exits (Nexenta, StackStorm, Reprise) and the BNY design-partner relationship together give the company more credibility than a typical pre-seed [TechCrunch, Feb 2013] [DeepTempo blog, Jun 2025] [LinkedIn]. That edge is perishable: nothing prevents a better-capitalized competitor from publishing a Snowflake Native App of its own, and Snowflake itself could choose to build first-party security analytics.
Where the company is most exposed: Wiz and the larger cloud-security incumbents have direct relationships with the CISO buying center and the budget gravity that comes with multi-product platforms; DeepTempo will have to displace or sit alongside those budgets. The renewal motion at enterprise ACV is unproven, the sales team is one VP-level hire deep [Blocks and Files, Feb 2025], and the public record does not yet show a published model benchmark that a security architect could use to justify procurement.
A plausible 18-month scenario: winner if DeepTempo can convert two or three named Fortune 500 Snowflake customers into paying logos and publish a credible detection benchmark before a larger vendor ships a competing native app. Loser if Snowflake itself or one of the established CDR vendors ships an in-warehouse detection feature with comparable language-model pitch and bundles it into an existing contract.
Data Accuracy: YELLOW -- Subject and Wiz positioning confirmed by structured facts and cited sources; broader competitor positioning is analyst synthesis.
Opportunity
PUBLIC
If DeepTempo's LogLM thesis holds, the upside is to become the default AI detection layer for any enterprise that already runs security telemetry through a cloud data warehouse, a buyer cohort that is growing every quarter.
The headline opportunity. The most ambitious credible outcome for DeepTempo is to become the embedded detection model for warehouse-resident security data, in roughly the way that specialized vector and search engines became embedded inside data platforms over the last cycle. The cited evidence that makes this reachable rather than aspirational: Tempo is already shipping as a Snowflake Native App with Snowflake's own promotional support [Snowflake], a Tier-1 financial institution acted as a design partner on the underlying model [LinkedIn], and the founder has previously taken open-source infrastructure projects (StackStorm, OpenEBS) into commercial outcomes [DeepTempo blog, Jun 2025] [Kubernetes Podcast, retrieved 2026]. None of that guarantees the headline outcome, but it does mean the path is concrete rather than hand-waved.
Growth scenarios.
| Scenario | What happens | Catalyst | Why it's plausible |
|---|---|---|---|
| Snowflake-channel land-and-expand | Tempo becomes a top-installed security app on the Snowflake Marketplace and converts free trials into paid seats across Snowflake's enterprise base | Snowflake co-marketing plus a published detection benchmark | Snowflake has already featured the company in a Startup Spotlight [Snowflake] |
| Financial-services beachhead | DeepTempo wins two to three named bank logos on the back of the BNY relationship and uses that to define a regulated-industry reference architecture | Public case study from BNY Mellon or a peer institution | BNY is cited as both design partner and accelerator host [LinkedIn] [Fintech Futures, retrieved 2026] |
| Multi-warehouse expansion | The LogLM is ported to Databricks and BigQuery, broadening the addressable base beyond Snowflake-only accounts | A second native-app listing (Databricks Marketplace) | Architecture is data-warehouse adjacent rather than Snowflake-locked (inferred from product description) |
What compounding looks like. The flywheel, if it turns, is a data flywheel rather than a network-effect flywheel. Each additional design-partner deployment generates more labeled attack and benign-log examples that improve the LogLM, which raises detection quality, which makes the next enterprise sale easier and the next renewal stickier. There is early evidence the flywheel has started: BNY Mellon's design-partner role on the original LogLM is the first turn of that wheel [LinkedIn]. The distribution flywheel is separate and channel-driven: every new Snowflake Marketplace install is a low-friction trial that the founder-and-VP-of-sales pairing can convert without traditional outbound.
The size of the win. No public valuation comparable for an AI-native log detection vendor has been surfaced in the cited research, so any number here is a scenario rather than a forecast. A useful directional reference point is the broader cloud-security category, where Wiz has become a multi-billion-dollar private company on the back of cloud-native distribution and a clear product wedge (named in structured facts as the reference competitor). A pre-seed company is many milestones away from that comparison, but the relevant point is that the category supports outcomes of that magnitude when distribution and product wedge align (scenario, not a forecast). The realistic near-term win for DeepTempo investors is more modest: a priced seed round at a step-up from current implied valuation, anchored by Snowflake Marketplace traction and one or two named enterprise references.
Data Accuracy: YELLOW -- Scenario inputs (Snowflake distribution, BNY relationship, founder track record) confirmed by Snowflake, LinkedIn, Fintech Futures, and DeepTempo blog; valuation comparisons are scenario analysis.
Sources
PUBLIC
[Snowflake] Snowflake Startup Spotlight: DeepTempo | https://www.snowflake.com/en/blog/startup-spotlight-deeptempo-cybersecurity-ai/
[DeepTempo website, retrieved 2025] DeepTempo, Close the Detection Gap | https://www.deeptempo.ai
[LinkedIn] DeepTempo company page | https://www.linkedin.com/company/deeptempo
[LinkedIn] Evan Powell, Many time founder and 5 exits | https://www.linkedin.com/in/epowell/
[Blocks and Files, Feb 2025] DeepTempo hires first sales VP to pitch AI log security | https://blocksandfiles.com/2025/02/18/deeptempo-hires-hammerspace-sales-boss-to-sell-its-ai-driven-snowflake-security-sw/
[Blocks and Files, Nov 2024] DeepTempo unveils AI-powered app for detecting security incidents | https://blocksandfiles.com/2024/11/12/deeptempo-security-log-data/
[PitchBook] DeepTempo 2026 Company Profile | https://pitchbook.com/profiles/company/753291-19
[Medium] DeepTempo publication | https://medium.com/deeptempo
[TechCrunch, Feb 2013] Data Storage Software Company Nexenta Systems Raises $24M | https://techcrunch.com/2013/02/27/data-storage-software-company-nexenta-systems-raises-24m/
[Bloomberg Markets] Evan Powell, Cloudbyte Inc, Profile and Biography | https://www.bloomberg.com/profile/person/21520018
[Bloomberg Markets] Evan Powell, Reprise Inc, Profile and Biography | https://www.bloomberg.com/profile/person/25083177
[Forbes Technology Council] Evan Powell, Co-Founder, Reprise | https://councils.forbes.com/profile/Evan-Powell-Co-Founder-Reprise/1974c2b9-01d8-4d03-8544-c9ca3394d051
[Forbes] Evan Powell, Forbes Technology Council profile | https://www.forbes.com/councils/forbestechcouncil/people/evanpowell/
[Forbes, Feb 2012] Nexenta Aims At EMC's Heart | https://www.forbes.com/sites/petercohan/2012/02/16/nexenta-aims-at-emcs-heart/
[Forbes, Jan 2024] Three Enterprise Tech Presales Trends To Navigate For 2024 | https://www.forbes.com/councils/forbestechcouncil/2024/01/30/three-enterprise-tech-presales-trends-to-navigate-for-2024/
[Fintech Futures, retrieved 2026] BNY Ascent Program coverage referencing DeepTempo participation | https://www.fintechfutures.com
[The Fast Mode, retrieved 2026] DeepTempo Tempo app coverage | https://www.thefastmode.com
[DeepTempo blog, Jun 2025] Founder reflections including StackStorm history | https://medium.com/deeptempo
[Kubernetes Podcast, retrieved 2026] Episode featuring Evan Powell on OpenEBS and cloud-native storage | https://kubernetespodcast.com
Articles about DeepTempo
- DeepTempo Wants Snowflake to Be the Place Security Teams Catch the Attack SIEM Missed — Evan Powell's pre-seed bet: a vertical foundation model for log data, sold as a Native App inside the warehouse customers already run.