Scanner is a security data platform that enables organizations to detect threats and investigate security incidents by indexing log data directly in Amazon S3, where it already resides. Rather than requiring data to be moved or ingested into a separate system, Scanner operates on data in-place, allowing continuous threat detections to run on the full data stream and enabling searches across years of historical logs in seconds. The platform is positioned as an alternative to traditional SIEMs and data lakes, addressing common pain points such as high costs forcing data reduction, operational complexity, vendor lock-in, slow queries, and the absence of real-time detection capabilities. Scanner provides an API-first architecture, making all queries and datasets available programmatically to support integrations, automation, and custom workflows within existing security stacks. Scanner includes native support for the Model Context Protocol (MCP), providing AI agents with structured access to security data through a standardized interface. This enables AI-driven investigation workflows that would otherwise be cost-prohibitive or too slow in traditional SIEM environments. Supported data sources include AWS CloudTrail, Azure, Google Cloud, Okta, GitHub, Tines, and PagerDuty, among others. The platform is SOC 2 Type II certified and GDPR compliant, with data residency options available. Customer data remains within the customer's own cloud environment, with no vendor lock-in. Scanner has raised a Series A round led by Sequoia Capital. Customers include companies such as Ramp, BeyondTrust, Postman, and Benchling.