Alert management for developers and ops teams may seem like a solved problem. Notifying an on-call engineer isn’t exactly difficult anymore, after all. But the real question has become when to alert the right person and how to help them when a service goes down, for example. Many are turning to AI to solve some of those issues, including Keep.
The company offers an open source version that uses a rule-based system, but what’s more interesting is its paid enterprise offering, which also uses AI models to reduce notification fatigue by deduplicating and correlating alerts.
The Y Combinator-backed company, which announced a $ 2.5 million pre-seed round today, leverages AI to help ops teams manage and prioritize their alerts. The service aggregates data from a variety of monitoring tools, prioritizes and manages alerts, and then helps those teams diagnose the issue that led it to wake up the on-call engineer in the first place.
“We saw that observability platforms became more or less a commodity. They unified features. They gave great access to metrics, logs, etc.,” Keep co-founder Matvey Kukuy told me. “So you can access this data, but it’s really hard to interpret it — and especially interpret during hard times when something is happening. When you manage a large enterprise infrastructure, where something is always happening, you’re likely dealing with 1,000s of events.”
Keep was originally co-founded by CEO Tal Borenstein and CTO Tal Glazner. The two first met 13 years ago in the Israeli Defense Force’s Unit 8200 and stayed in touch ever since. In the years since, Borenstein has worked at the cybersecurity skills platform Cyberbit and compliance service Anecdotes, while Glazner worked at Cyberark before reuniting with his co-founder at Anecdotes. Earlier this year, they brought on Kukuy as their third co-founder. Before joining Keep, Kukuy was the CEO of Amixr, a startup that was building a product to compete with PagerDuty and which was later acquired by Grafana Labs.
At its core, Keep is an integration service that pulls in data from a wide variety of infrastructure services and observability tools and then uses all of this data to enrich the individual alerts with more context. In the open source version, this is mostly done by using Keep’s workflow tooling to create triggers and their corresponding actions.
The company uses its AI platform on top of this open source tooling to monetize its service. Keep’s AI models provide support for things like noise reduction, event correlation, and automated root cause analysis, for example. Like most other open source startups, Keep reserves some features like expanded data retention, single sign-on support, and private deployments for its paying enterprise customers.
“We found this works surprisingly well because when enterprises try us, it’s very easy for [an engineer] to start with the open source and to deploy Keep — even on a laptop with the Docker compose or Kubernetes — and just see what Keep gives them out of the box and to see the value of it in two hours. We find that these folks become our champions in the organization,” Kukuy explained.
As for the competitive environment, Keep CEO Borenstein believes there is currently an opportunity window for startups in this space that will remain open for another year or two. He acknowledges that there are some “big, non-modern companies” working in this field, but in his view the incumbent observability tools most see alerting as a feature inside their platform. And the AIOps startups that launched earlier are now “locked into their old propositions.”
“The current AIOps market has a lot of potential but has been narrowed down technically to alerts due to early entrants that didn’t perform well product-wise and corrupted it,” Borenstein said. “We believe the AIOps market has a lot of potential, and a new category is incoming based on intelligence layered on top of the observability stack.”
The company’s pre-seed round was led by Runa Capital, with participation from a number of undisclosed angels who previously built tech companies in adjacent areas.