Tines

1.1 Identity, Mission, and Operating Model

Tines is a workflow automation platform founded in Dublin, Ireland in 2018 by Eoin Hinchy (CEO) and Thomas Kinsella (COO and Chief Customer Officer). The company's original mission was to eliminate the repetitive, manual work that overwhelmed security operations teams — a problem both founders encountered first-hand during their tenures at Deloitte, eBay's European Security division, and DocuSign, where Hinchy served as Senior Director of Security Operations. The eBay data breach of 2014, which exposed 145 million user records, served as the direct catalyst for Hinchy's decision to build Tines: he wanted a platform that would let security engineers automate complex multi-step workflows without requiring them to write production code. The platform delivers on this promise through a visual drag-and-drop workflow builder called "stories," which allows practitioners to connect actions, conditions, and integrations into automated pipelines. Tines has grown from a security-focused tool into a broader enterprise automation platform, now serving teams across IT operations, legal, HR, and business process automation. As of 2025, the platform hosts more than 700 pre-built integrations and a library of tools, while its AI Agent capabilities, launched in mid-2025, extend the platform into autonomous decision-making and task execution. Tines characterizes its commercial model as delivering automation at enterprise scale without requiring traditional SOAR complexity or expensive professional services engagements. The company operates from dual headquarters in Dublin (European HQ) and New York (US operations), and is certified SOC 2 Type II and ISO 27001. [CO001, CO002, CO003, CO004, CO006, CO007]

1.2 Founders, Leadership, and Key-Person Dependence

Tines was co-founded by Eoin Hinchy and Thomas Kinsella, both of whom built their careers in enterprise security operations at large organizations. Before founding Tines, Hinchy served as Senior Director of Security Operations at DocuSign and prior to that held security leadership roles at eBay's European division and Deloitte. Kinsella followed a parallel path through the same organizations. This shared institutional background in high-stakes security operations gave the founders direct insight into the pain points they sought to address: alert fatigue, manual triage, and the inability to respond to threats at machine speed without heavy engineering resources. Hinchy serves as CEO and is the primary public face of the company, representing Tines in fundraising communications, press engagements, and industry events. Kinsella serves as COO and Chief Customer Officer, taking responsibility for post-sale relationships and customer expansion revenue. The dual-founder structure with clearly delineated domains reduces single-point-of-failure risk compared with single-founder companies, though Hinchy's prominence in capital markets and strategic narratives means the CEO role still represents an elevated key-person dependency. Investors including Goldman Sachs Growth Equity and Accel have backed the leadership team through multiple rounds, suggesting sustained conviction in execution quality. Formal board governance details — exact composition, independent directors, and investor seat assignments — are not yet in the public record and represent a diligence gap for investors seeking full governance visibility. [CO002, CO003, CO005, CO036, CO037]

1.3 Funding History, Valuation, and Investor Base

Tines has raised approximately $272 million in total venture financing across five distinct tranches. The company's funding history began with a seed round in 2018 and progressed through a Series A of approximately $16 million (2019-2020, led by Accel), a Series B of $55 million in 2021 (led by Addition and Felicis Ventures), a $50 million Series B extension in May 2024, and a landmark Series C of $125 million closed on February 11, 2025. The Series C was led by Goldman Sachs Growth Equity and introduced SoftBank Vision Fund 2 and Activant as new investors, while Accel, Felicis, CrowdStrike Falcon Fund, and Addition continued their participation. The Series C valued Tines at $1.125 billion post-money, making it Ireland's newest unicorn and placing it among the cohort of more than 10 European startups that achieved unicorn status in 2025. Goldman Sachs Growth Equity characterized Tines as a next-generation security automation platform in its press materials, framing the investment as consistent with its broader enterprise software thesis. The CrowdStrike Falcon Fund's continued involvement is notable from a strategic perspective: it signals alignment with a leading endpoint security vendor whose customers frequently need orchestration and automation capabilities that Tines can supply. Total funding of approximately $272 million across all rounds represents a material capital base for a company of Tines' stage, providing runway to invest in AI product capabilities, go-to-market expansion, and international hiring. [CO012, CO013, CO014, CO015, CO016, CO017]

1.4 Key Metrics, Customers, and Scale Indicators

By 2025, Tines had assembled a set of publicly disclosed metrics that indicate substantial scale for a company at its funding stage. The platform executes more than one billion automated actions per week, a figure the company uses as a headline metric to communicate real-world deployment breadth. Annual recurring revenue was estimated at approximately $85 million as of 2025 by third-party analyst databases, representing a significant acceleration from the $13.4 million ARR reported for 2024. The company serves approximately 33,000 users or organizations, with named customers including Coinbase, Intercom, Mars, HubSpot, Canva, Databricks, Reddit, GitLab, and Elastic. Headcount stood at approximately 500 to 562 employees as of 2025-2026, distributed across Dublin, New York, Boston, and remote locations. Product quality signals are strongly positive: Tines holds a G2 rating of 4.7 out of 5 from 397 user reviews and a Gartner Peer Insights rating of 4.9 out of 5 from 54 reviews. However, some reviewers on PeerSpot have noted limitations in out-of-the-box reporting and analytics depth, and a subset of G2 reviewers indicate that non-technical users face a learning curve when building complex workflows without developer support. Pricing spans a free Community edition, a Starter tier at approximately $500 per month, Business pricing on a custom basis, and Enterprise deals typically beginning at $50,000 per year. [CO009, CO010, CO011, CO021, CO022, CO024]

1.5 Milestones, Product Trajectory, and Partner Ecosystem

Tines' journey from a Dublin-based security automation startup to a billion-dollar automation platform spans eight years of product development, fundraising, and ecosystem building. The company launched its Community Edition to make the platform accessible to individual practitioners and smaller teams without enterprise procurement cycles, a move that helped drive grass-roots adoption and word-of-mouth growth within security communities. The launch of AI Agents in 2025 marked a qualitative shift in the platform's capability profile: rather than simply orchestrating pre-defined workflows, Tines Agents can reason, decide, and act autonomously within guardrails set by the practitioner. Help Net Security covered the Agents launch in June 2025, framing it as part of a broader industry transition from rule-based orchestration to AI-driven autonomous operations. The partner ecosystem has become an increasingly important part of Tines' growth strategy. The company expanded its partner program by 25 percent in 2026, adding 75 new technology partners to an existing roster that includes CrowdStrike, Elastic, AWS, 1Password, HashiCorp, and IBM. This ecosystem breadth is significant because integrations are a key competitive moat in the automation market: customers are more likely to deepen their commitment to a platform that connects seamlessly to their existing tool stack. The Agents capability combined with a widening integration library positions Tines to compete not just as a SOAR replacement but as a general enterprise automation layer. The platform's library approach, surfacing pre-built automation recipes, further lowers the barrier to adoption for new users and accelerates time-to-value for enterprise buyers. [CO023, CO027, CO028, CO033, CO035, CO040]

1.6 Exhibits

2.1 Market Boundary, Definition, and Adjacencies

Tines operates at the intersection of two distinct but overlapping market categories: Security Orchestration, Automation, and Response (SOAR) and no-code/low-code enterprise workflow automation. SOAR is the category in which Tines most directly competes for security budgets; it encompasses platforms that automate alert triage, incident response, threat hunting workflows, and cross-tool orchestration for security operations centers. Analyst firms including Mordor Intelligence, Market Research Future, and The Business Research Company each define the SOAR market as including software and services enabling automated coordination of security tool responses, but they vary in whether they include broader IT process automation or restrict their scope to pure security workflows. The relevant adjacent categories are significant and expand the potential addressable market considerably. IT Process Automation (ITPA), traditionally associated with ServiceNow and PagerDuty, overlaps with Tines when security teams use the platform to automate IT operational tasks such as identity provisioning, access reviews, and vulnerability management. General enterprise automation platforms — including competing no-code tools positioned outside security — are a second adjacency when Tines pursues HR, legal, or finance workflow customers. Status-quo substitutes include: custom Python/bash scripts maintained by security engineering teams; spreadsheet-and-email processes for lower-maturity SOCs; or fully manual analyst workflows for teams without automation budgets. Understanding which substitute regime a prospective customer occupies is critical to forecasting deal size and sales cycle length, because replacing a script-based approach requires only tool procurement, whereas replacing a legacy SOAR platform requires migration of existing playbooks and retraining of operations staff. [CM001, CM002, CM003, CM004, CM005, CM006]

2.2 Market Sizing — TAM, SAM, and Available Evidence

Three distinct analyst reports provide overlapping but not identical estimates of the SOAR market total addressable market. Mordor Intelligence estimates the global SOAR market at approximately $1.87 billion in 2025, growing at a compound annual rate of roughly 18 percent to exceed $4.4 billion by 2030. Market Research Future estimates a higher base value but uses a different methodology, including adjacent IT automation spending in its scope. The Business Research Company publishes a global SOAR market report covering the same period with a slightly different CAGR figure, reflecting differences in how each firm handles vendor revenue attribution across platforms that serve both security and non-security automation use cases. Deriving a Tines-specific SAM from these figures requires assumptions about: (a) the percentage of SOAR spending addressable by a no-code cloud-native platform versus legacy on-premise deployments; (b) the geographic distribution of security automation budgets, with the US and UK representing the highest per-capita concentrations of enterprise SOC spending; and (c) the share of the broader market currently served by incumbents with high switching costs. A conservative SAM estimate for Tines — restricting to cloud-native, no-code or low-code SOAR deployments at organizations with 500+ employees — might be 20–35 percent of the total SOAR TAM, or approximately $400 million to $650 million in 2025. This range is analyst-constructed from first principles rather than directly sourced from a published figure, and should be treated as an evidence-bounded estimate rather than a definitive SAM. Tines' estimated $85M ARR in 2025 implies a current SAM penetration of roughly 13 to 21 percent under this construct. [CM007, CM008, CM009, CM010, CM011, CM012]

2.3 Buyer, User, and Payer Segmentation

The primary buyer for Tines is the security operations function within mid-to-large enterprises, typically represented by a CISO or VP of Security Operations who controls a dedicated security tooling budget. The primary users are security engineers and analysts who build and maintain automation workflows — commonly called "stories" in Tines' terminology. This buyer-user distinction matters for deal economics: because Tines requires a practitioner who can configure workflows, the sales motion needs both executive sponsorship for budget approval and practitioner buy-in from the security engineering team who will own the platform. The free Community Edition is specifically designed to convert practitioner adoption (bottom-up) into enterprise deals (top-down approval), which is a standard product-led growth mechanism in the security tooling market. Secondary buyer segments that have emerged as Tines has broadened its platform include IT operations teams (often budgeted under a CIO or CTO), legal and compliance teams automating document review and audit workflows, and HR operations teams managing onboarding and access provisioning. These secondary segments represent an expansion opportunity but also a channel complexity: the security buyer persona is more familiar with SOAR concepts, while IT and business-process buyers may require more education about automation ROI and may compete for budget with incumbent RPA or iPaaS vendors. Customers such as Mars and HubSpot illustrate the cross-functional use case: their Tines deployments span security and IT functions, suggesting the platform can expand its footprint once initially deployed for security. [CM013, CM014, CM015, CM016, CM017, CM018]

2.4 Growth Drivers and Adoption Constraints

The most durable driver of SOAR and security automation adoption is the sustained increase in threat volume and alert fatigue. As enterprise security stacks grow more complex — adding endpoint detection, cloud security posture management, identity and access management, and SaaS monitoring layers — the volume of alerts requiring human triage grows faster than headcount. SOAR platforms address this imbalance by automating first-pass triage and response, reducing the number of alerts that require analyst attention. This dynamic is structural and unlikely to reverse, making it one of the most durable demand drivers in enterprise security. Regulatory drivers are emerging as a secondary catalyst. The SEC's cybersecurity disclosure rules (effective for large accelerated filers from December 2023) require public companies to report material cybersecurity incidents within four business days, creating a direct organizational need for faster incident detection and documented response processes — both of which SOAR platforms support. GDPR, HIPAA, and NIS2 create analogous requirements in European markets, which directly benefits Tines given its Irish headquarters and European customer base. Switching costs and incumbent lock-in represent the primary adoption constraint: organizations that have already deployed Palo Alto Cortex XSOAR or Splunk SOAR have existing playbooks built in proprietary scripting languages, integration configurations, and analyst muscle memory — all of which create friction when evaluating a migration to Tines. This constraint benefits incumbents in renewal cycles but may reduce win rates in competitive displacement scenarios for Tines' sales team. [CM019, CM020, CM021, CM022, CM023, CM024]

2.5 Sizing Gaps, Contradictions, and Diligence Paths

The SOAR market sizing landscape has several material inconsistencies that diligence should document rather than resolve by fiat. First, the three major analyst reports consulted use different market boundaries — Mordor Intelligence's $1.87B figure appears to restrict to security-dedicated platforms, while Market Research Future's higher estimates may include adjacent IT automation spending. Second, none of the public reports break out the no-code or cloud-native sub-segment that Tines most directly addresses, making it impossible to derive a source-backed SAM without analyst-constructed assumptions. Third, the SOAR category is itself under definitional pressure: as platforms like Tines expand beyond security into IT and business-process automation, the traditional SOAR boundary becomes less meaningful, potentially overstating TAM (by including ITPA or iPaaS spend) or understating it (by excluding enterprise automation budgets that Tines could capture). Fourth, Tines' own ARR of approximately $85M represents a significant fraction of the no-code SOAR sub-segment, suggesting the addressable SAM may be smaller than top-down estimates imply — or that Tines has captured an unusually high share of an emerging segment. Resolving this ambiguity requires obtaining analyst breakdowns of the no-code SOAR sub-market or comparable revenue data from peers such as Swimlane and Torq. Until those data points are available, any Tines market share or SAM penetration calculation should be labeled as analyst-constructed and sensitivity-tested against multiple market boundary assumptions. [CM026, CM027, CM028, CM029, CM030]

2.6 Exhibits

3.1 Competitive Landscape Overview

Tines operates in the Security Orchestration, Automation, and Response (SOAR) market and the broader no-code enterprise workflow automation space. Its direct peers include legacy SOAR platforms (Palo Alto Cortex XSOAR, Splunk SOAR), cloud-native upstarts (Torq, Swimlane), and IT-service-management incumbents expanding into security operations (ServiceNow SecOps). Adjacent substitutes include hyperautomation platforms (UiPath, Microsoft Power Automate), internal engineering build, and point-solution integration tools (Tines' primary status-quo displacement target). The competitive terrain divides into three strategic clusters: (1) mature, bundled SOAR suites sold as part of larger XDR or SIEM platforms; (2) standalone no-code SOAR platforms targeting security practitioners directly; and (3) general-purpose automation vendors that have added security playbook templates. Tines sits squarely in the second cluster, with its no-code, practitioner-led go-to-market and community library differentiating it from legacy suites. The 2025 Series C at a $1.125B valuation provides Tines with meaningful capital advantage over unfinanced or Series A-stage competitors but places it in direct competition with well-resourced Palo Alto and Splunk parent companies. Forrester analysts characterized the round as validation of the security automation thesis while noting intensifying competitive pressure from both legacy and hyperautomation vendors.[CP001, CP010, CP011, CP012, CP013, CP014]

3.2 Key Competitor Profiles

Palo Alto Networks Cortex XSOAR is the dominant SOAR incumbent, combining Demisto's original SOAR capability with Palo Alto's broader XDR and threat intelligence platform. It targets enterprise SOC teams already invested in Palo Alto's ecosystem and commands premium pricing. Its strength is ecosystem lock-in and native integration with Cortex XDR and Prisma; its weakness is scripting-heavy playbooks that require trained engineers, creating a skills bottleneck that Tines' no-code builder eliminates. Splunk SOAR, formerly Phantom, is the second major legacy SOAR vendor, now bundled within Splunk's SIEM offering and folded into Cisco's portfolio after the 2024 acquisition. It benefits from deep Splunk SIEM integration but faces the same engineering-centric usability critique as XSOAR and introduces customer uncertainty from the Cisco integration. ServiceNow Security Operations extends ServiceNow's ITSM workflows into security incident management, offering a credible substitute for organizations already running ServiceNow at scale, particularly in IT risk and GRC-adjacent workflows. Swimlane is a pure-play SOAR vendor with a low-code approach, Series C-stage funded, competing most directly with Tines on practitioner ease of use. Torq is a no-code security hyperautomation competitor that emphasizes IT and security convergence, with a similar community-led go-to-market strategy. CrowdStrike offers native workflow automation within its Falcon platform, posing a bundle-displacement risk to standalone SOAR for existing Falcon customers. Tines' Anthropic partnership and AI agent builder signal a differentiated AI-native product direction that pure-play RPA and legacy SOAR vendors cannot easily replicate in the near term.[CP002, CP010, CP011, CP012, CP020, CP024]

3.3 Feature and Capability Comparison

Tines' most cited differentiation is its genuinely no-code architecture: security practitioners without engineering backgrounds can build, deploy, and maintain automations without writing Python or YAML playbooks. Palo Alto XSOAR and Splunk SOAR both require Python proficiency for non-trivial playbooks, creating a skills bottleneck that Tines' natural-language builder eliminates. In integrations breadth, Tines claims 700+ native integrations versus Swimlane's reported 200+ and Torq's 500+, suggesting an advantage in coverage for large enterprises running diverse security toolstacks. Tines' community library of thousands of pre-built workflow templates is a meaningful adoption lever with no direct equivalent in the legacy suites, and creates a compounding network effect as each new template adds value for all existing and prospective users at no incremental cost. On AI capabilities, all major vendors announced AI-assisted playbook generation in 2025; Tines' AI agent builder and Anthropic partnership suggest a credible co-pilot feature, though the differentiation window from AI feature parity is narrowing. Case management depth is an acknowledged gap for Tines relative to XSOAR and ServiceNow; enterprises requiring native ticketing workflows often need an additional ITSM integration. Third-party review data identifies volume-based pricing unpredictability as a top concern for enterprise buyers, creating renewal friction that incumbent per-seat pricing models do not. Tines' multi-team deployment across security, IT, finance, and compliance distinguishes it from the SOC-centric positioning of most legacy SOAR alternatives.[CP002, CP003, CP015, CP020, CP022, CP024]

3.4 Pricing and Packaging Analysis

Tines offers a community free tier, a starter tier, and team or enterprise tiers. Pricing is based on workflow execution volume (story runs) rather than per-seat, which aligns cost with value delivery but creates unpredictable billing for high-volume security operations centers. Enterprise contracts are estimated at $50,000 to $200,000 per year based on third-party review signals and community discussion, though list pricing is not publicly disclosed. Palo Alto Cortex XSOAR pricing is opaque but typically runs six figures annually for enterprise deployments, bundled with XSIAM or XSOAR licenses. Splunk SOAR is priced as an add-on to Splunk platform licensing, making standalone comparison difficult, and Cisco integration creates additional pricing uncertainty for existing customers. Swimlane publishes per-seat or workflow tier pricing with similar enterprise opacity. ServiceNow Security Operations is an add-on module to ServiceNow ITSM licensing, typically representing a substantial upsell that already-committed ServiceNow customers may absorb, but that creates a high barrier for new entrants. The community and starter tier strategy that Tines employs is a structural advantage for top-of-funnel practitioner acquisition. However, the volume-based pricing model creates a risk of budget shock as automation usage scales, which buyer reviews and renewal analysis suggest is a real friction point driving competitor evaluation at renewal.[CP015, CP026, CP038]

3.5 Moat Assessment and Competitive Risks

Tines' competitive moat rests on five interlocking factors: first, practitioner community and workflow library creating high switching costs as customers accumulate institutional playbooks; second, no-code accessibility that structurally differentiates from engineer-centric legacy suites; third, a growing partner ecosystem of 700+ integrations that would need to be rebuilt on any alternative platform; fourth, reputational trust established through 500+ enterprise customers and high-profile security logos including GitHub, Coinbase, and Elastic; and fifth, capital position after the $125M Series C which funds both product investment and distribution scale. The primary risks to moat durability are: commoditization of AI-assisted workflow generation, which could reduce the no-code advantage if AI agents generate playbooks without a visual builder; platform-native automation bundles from CrowdStrike, Palo Alto, and Microsoft adding SOAR capability to existing security platforms; and the hyperautomation mega-vendors expanding downmarket into security. Tines' partnership depth with CrowdStrike, HashiCorp, 1Password, and Elastic is both a moat reinforcement and a dependency. The CrowdStrike marketplace listing exposes Tines to CrowdStrike's 24,000+ enterprise customers through a preferred distribution channel. FedRAMP authorization status remains unconfirmed in public sources, representing a potential barrier to government market access that competitors with cleared offerings could exploit.[CP008, CP017, CP018, CP021, CP025, CP028]

3.6 Exhibits

4.1 Revenue Model and Streams

Tines operates a cloud-native SaaS business with a usage-based pricing model anchored on workflow story execution volume rather than per-seat licensing. This model delivers three structural advantages: it aligns Tines' revenue directly with customer value realization (more automations run equals more revenue), it enables a community free tier that drives top-of-funnel practitioner adoption without requiring sales involvement, and it captures expansion revenue organically as customers automate more workflows over time. Revenue streams include: (1) subscription contracts on team and enterprise tiers priced by story run volume; (2) professional services and onboarding for large enterprise deployments requiring custom workflow migration or integration build-out; and (3) partner and marketplace ecosystem arrangements, including co-sell agreements with CrowdStrike, Elastic, and HashiCorp that create referral and distribution revenue. The community free tier and starter tier are loss-leader acquisition vehicles, not meaningful revenue contributors in their own right. Enterprise and team tier contracts are estimated at $50,000 to $200,000 per year based on third-party review signals, though Tines does not publish list pricing. Revenue recognition follows standard SaaS ratable recognition across contract terms, with no identified multi-year backlog or deferred revenue disclosed in public sources.[CI001, CI002, CI003, CI004, CI005]

4.2 GTM Motion and Sales Efficiency

Tines' go-to-market motion is built on a bottom-up community flywheel. Security practitioners discover Tines through the free community edition, build initial automations, generate internal advocacy, and create an inbound pull toward CISO-level budget approval. This reduces traditional outbound CAC relative to top-down enterprise SaaS peers but requires time investment to convert community champions to enterprise contracts. The company operates a direct enterprise sales team supplemented by a growing channel partner network including the CrowdStrike Falcon marketplace (access to ~24,000 enterprise customers), Elastic, HashiCorp, and 1Password. Direct enterprise contracts drive the majority of ARR. Sales cycle length for enterprise deals is not disclosed but is estimated at 60 to 120 days given the practitioner-champion model where initial evaluation is completed by security engineers before procurement involvement. Customer acquisition cost is not publicly disclosed; proxy signals suggest efficient CAC given the inbound-led model, though absolute CAC-to-LTV ratios remain unknown without access to internal cohort data. With 500+ enterprise customers and ~$85M ARR, implied average ARR per enterprise customer is approximately $170,000, suggesting healthy contract values for a no-code tool at this scale.[CI006, CI007, CI008, CI009, CI010, CI011]

4.3 Cost Structure and Gross Margin

Tines' cost structure is typical of a cloud-native SaaS company at Series C scale. The dominant cost categories are cloud infrastructure (compute and storage for workflow execution), employee compensation across engineering, product, sales, and customer success, and go-to-market spend including partner co-sell investments. Gross margin is not publicly disclosed. Software-first SaaS businesses with relatively limited professional services revenue typically achieve 70-80% gross margins at Tines' scale; however, Tines' usage-based model introduces a variable infrastructure cost component that correlates with story execution volume, potentially compressing margins in high-utilization enterprise accounts. If professional services revenue represents more than 15-20% of total ARR, gross margin could be closer to 60-70%. Capital expenditure requirements are minimal (cloud-native infrastructure eliminates physical capex), and working capital requirements are standard for a subscription SaaS business. The company has approximately 562 employees as of 2026, with total compensation cost estimated at $80-100M annually based on industry benchmarks for a Dublin-plus-New York dual-headquartered engineering and sales organization at this scale. This implies a negative operating cash flow position until ARR materially exceeds total cash operating costs, which is typical and expected at the current growth stage.[CI012, CI013, CI014, CI015, CI016]

4.4 Traction and Public Financial Metrics

The most reliable public financial signal for Tines is the Series C press release from February 2025, which confirmed a $1.125B post-money valuation and $125M raise. Third-party databases including GetLatka and Tracxn estimate ARR at approximately $85M as of 2025, consistent with the valuation implying a revenue multiple of approximately 13x. This multiple is at the upper end of the enterprise security software peer group but is supported by documented double-digit revenue growth, strong net revenue retention signals, and a tier-1 investor syndicate. Operational metrics disclosed include more than one billion workflow actions per week as of 2025 and more than 33,000 registered users, though these are engagement metrics rather than financial KPIs. The company has not disclosed ARR growth rate; a 40-50% YoY growth rate would be consistent with peer multiples and a base case for the $1.125B valuation. Named customer logos including GitHub, Canva, Coinbase, Databricks, Elastic, Intercom, and Hulu represent material social proof that de-risks the revenue quality narrative, though revenue concentration risk cannot be assessed without knowing the percentage of ARR from the top 10 customers.[CI017, CI018, CI019, CI020, CI021, CI022]

4.5 Capital Adequacy and Financial Verdict

Tines raised $125M in its February 2025 Series C, bringing cumulative disclosed funding to approximately $272M. At an estimated monthly burn rate of $8-12M (derived from headcount cost estimates and typical SaaS operating cost profiles), the $125M raise provides 10-15 months of incremental runway beyond existing cash reserves. With prior rounds providing working capital through Series B and the $50M Series B extension in May 2024, Tines likely entered 2025 with meaningful cash runway before the Series C closing. Post-round, the company should have 24-36 months of operational runway, sufficient to reach the next funding milestone or approach cash-flow break-even if ARR continues growing at 40-50% YoY. Use of funds from the Series C is directed toward international expansion (Europe and Asia-Pacific GTM buildout), AI product investment (the AI agent builder launched mid-2025), and partner ecosystem program funding. The financial underwriting verdict is: Tines has strong revenue quality signals (multi-year contract structures implied by enterprise tier, land-and-expand model, high-profile logos), a capital position adequate for the next 24-36 months, but critical financial inputs including gross margin, burn rate, NRR, and CAC are unavailable for independent verification. Any investment decision must treat these as material data-room diligence requirements before underwriting the financial model with confidence.[CI024, CI025, CI026, CI027, CI028, CI029]

4.6 Exhibits

5.1 Platform Architecture and Core Mechanics

Tines is built around a central abstraction called a "story" — a visual workflow that chains together individual actions (HTTP requests, transformations, lookups, send-email, etc.) via a drag-and-drop canvas. Each story has one or more triggers (webhook, schedule, manual) that initiate execution, and the workflow engine evaluates conditional logic, loops, and Liquid-template-based transformations as the story runs. The platform is entirely cloud-native, deployed as a multi-tenant SaaS hosted on AWS infrastructure, with optional data-residency configurations for regulated enterprise customers who require their data to remain in a specific geographic region. The workflow engine separates the user-facing story builder (React-based web UI) from the execution runtime, allowing horizontal scaling of workflow processing independent of the authoring layer. Actions are the atomic unit of composition: out-of-the-box action types include HTTP request, send-to-story, delay, trigger-story, event transform, date filter, and group actions. The HTTP request action is the primary extensibility mechanism, enabling connection to any REST API endpoint in the market without requiring Tines to publish a first-party integration. This architectural choice reduces Tines' dependency on its own integration roadmap and allows customers to connect internal tools and bespoke services immediately. Performance metrics indicate substantial scale: the platform executes more than one billion automated actions per week as of 2025, a company-disclosed figure that serves as an indirect proxy for aggregate customer deployment breadth. Stories can be exported from the Tines Library — a curated collection of pre-built automation recipes — and imported into any tenant, enabling rapid time-to-value for common security and IT use cases. The library model also creates network effects: as more customers contribute templates, the library grows in value for new adopters. [CE001, CE002, CE003, CE004, CE005, CE006]

5.2 AI and Intelligent Automation Features

Tines launched AI Agents in June 2025, representing its most significant product evolution since the platform's founding. Unlike traditional SOAR playbooks that execute deterministic, pre-defined sequences, Tines Agents can reason over input data, select among available actions, and execute multi-step tasks autonomously within guardrails set by the practitioner. Agents are built using the same story canvas but incorporate large-language-model reasoning steps that determine which path to take based on unstructured or semi-structured inputs such as alert text, ticket contents, or email bodies. The AI Copilot feature, embedded in the story builder, allows users to describe automation requirements in natural language and receive a generated story skeleton, reducing the time to build first workflows from hours to minutes for users unfamiliar with the platform. Tines also added Model Context Protocol (MCP) integration, enabling Agents to invoke tools across external AI systems — expanding the surface area of autonomous decision-making beyond Tines' own action library. Anthropic uses Tines for AI security automation workflows, validating the platform's suitability for AI-native organizations building their own AI products. The AI features launch positions Tines to address not just the historical SOAR market but the broader enterprise AI automation space, where organizations seek to deploy LLM reasoning on top of their existing toolchains without building custom infrastructure. Help Net Security framed the Agents launch as a transition from rule-based orchestration to autonomous AI operations, consistent with the broader enterprise automation market shift captured in Gartner's 2025 technology trend analysis. [CE007, CE008, CE019, CE020, CE021, CE022]

5.3 Integration Ecosystem and Developer Experience

Tines ships with more than 700 pre-built integrations organized by security, IT, productivity, collaboration, cloud, and data categories. Strategic integrations with CrowdStrike Falcon, Elastic, IBM QRadar, AWS, 1Password, and HashiCorp give Tines strong presence in the security operations stack where customers typically run five to fifteen tools simultaneously. The integration library functions as both a commercial moat (customers already invested in integrated tools face switching costs) and an adoption accelerator (pre-built actions reduce configuration effort for common vendors). Developer experience is a deliberate product priority. The quickstart documentation walks a new user from account creation to a running first story within minutes, using example HTTP actions against publicly accessible APIs. The Tines GitHub organization hosts open-source examples, community contributions, and automation blueprints that security engineers can fork and adapt. This developer- oriented publishing strategy has built a practitioner community that amplifies Tines' reach through peer recommendations in security forums and conference presentations. Swimlane's publicly published SOAR comparison acknowledges that no-code platforms like Tines reduce automation configuration time compared to script-heavy alternatives, though Swimlane argues its low-code approach retains power-user extensibility. The Fivetran case study quantifies the value proposition: Fivetran scaled automation 3x across GTM and finance workflows using Tines, demonstrating that the platform's applicability now extends beyond security operations into general enterprise automation. The partner ecosystem grew by 25 percent in 2026, adding 75 new technology partners, indicating continued investment in the integration moat. [CE004, CE005, CE016, CE017, CE018, CE019]

5.4 Trust, Security, and Compliance

Tines holds SOC 2 Type II certification and ISO 27001 certification, the two most commonly required security compliance standards for enterprise SaaS buyers in North America and Europe respectively. The security page discloses encryption at rest and in transit, role-based access control (RBAC), audit logs, SSO/SAML support, and data residency configuration options. These controls satisfy the baseline requirements of most enterprise security procurement checklists without requiring customers to engage professional services for compliance validation. The platform's cloud-native, AWS-hosted architecture means Tines inherits AWS's underlying infrastructure certifications, including ISO 27001, SOC 1/2/3, PCI DSS, and FedRAMP equivalents, providing a layered compliance posture. From a data-handling perspective, Tines processes customer workflow payloads transiently during story execution; secrets are vaulted separately and injected at runtime rather than stored in plaintext in story definitions. This architecture reduces the blast radius of a credential exposure incident. Third-party reviewers on PeerSpot and G2 flag areas for improvement: some enterprise customers note that audit log granularity and out-of-box reporting depth lag behind more mature SIEM-adjacent platforms. Gartner Peer Insights reviewers (4.9/5) and G2 users (4.7/5) nonetheless rate the overall trust and reliability of the platform highly. The Community edition introduces an additional security surface: free community accounts share the same infrastructure, so Tines must carefully segment community-tier data from enterprise tenants in its multi-tenant architecture. This community-to-enterprise boundary represents a diligence item for security-sensitive enterprise buyers. [CE010, CE011, CE012, CE013, CE025, CE026]

5.5 Differentiation, Maturity Assessment, and Diligence Gaps

Tines' primary technical differentiators are: (1) the no-code story paradigm that reduces automation time-to-value; (2) the AI Agents capability that extends the platform into autonomous execution; (3) the 700-plus integration library with strong security-stack coverage; and (4) the Community edition that drives grassroots adoption and feeds an enterprise pipeline. These differentiators are mutually reinforcing: the community creates template contributors, the template library lowers enterprise barriers, and the enterprise contracts fund AI and integration R&D. Against competitors, Tines occupies a distinct position: it is less code-intensive than Splunk SOAR and Palo Alto Cortex XSOAR, more enterprise-grade than script-assembled automation, and increasingly capable of autonomous AI reasoning compared to pure orchestration tools. Swimlane's Turbine platform and Torq represent the closest architectural competitors in the no-code/low-code space; both have smaller integration libraries and less established enterprise proof points. Key diligence gaps include: the platform's SLA uptime history and documented incident rates are not publicly disclosed; code-level details of the multi-tenant isolation architecture are proprietary; and the AI Agents feature, while launched in June 2025, has limited independent validation of autonomous decision accuracy in production security environments. The 1-billion-actions-per-week metric is company-disclosed and carries no independent audit. Prospective investors should request SOC 2 Type II audit reports, uptime SLA documentation, and AI Agents production case studies with measurable outcomes. [CE001, CE004, CE007, CE029, CE030, CE036]

5.6 Exhibits

6.1 Customer Base Overview and Segment Distribution

Tines serves approximately 33,000 users or organizations as of 2025, a figure disclosed in Series C press materials. The customer base spans enterprise, mid-market, and individual practitioner segments, with the Community Edition providing a free entry point that seeds enterprise pipeline. Named enterprise accounts include Coinbase, Mars, Intercom, Canva, GitLab, Elastic, Databricks, Reddit, HubSpot, and Hulu — a cross-industry portfolio that illustrates Tines' successful expansion beyond its security-operations origins into broader enterprise automation. Geographically, Tines counts customers in North America, Europe (particularly the UK and Ireland), and APAC, with European presence benefiting from the Dublin headquarters and the company's participation in the Irish tech ecosystem. The customer mix skews toward technology companies and digital-native enterprises, consistent with the platform's security operations heritage and its integration with cloud-native toolstacks. Segment distribution data — specifically, the breakdown by ARR band, industry vertical, geographic region, or company size — is not publicly disclosed. This is a meaningful diligence gap: customer concentration risk and churn profile are materially affected by whether Tines derives its revenue from a broad base of mid-market logos or a concentrated set of large enterprise deals. The absence of NPS, gross retention, and net revenue retention (NRR) data in the public domain further limits the ability to assess customer health without direct diligence access. [CU001, CU002, CU003, CU004, CU005, CU006]

6.2 Named Customer Case Studies

Tines publishes detailed case studies for a select set of enterprise customers that collectively demonstrate the platform's applicability across security, IT, business operations, and finance. Mars, the global consumer goods company, uses Tines to automate security incident workflows that previously required manual analyst effort — illustrating the platform's fit for large, complex enterprise environments with diverse toolstacks. Intercom, the customer messaging platform, deployed Tines to accelerate phishing triage and email security automation, enabling their security team to process alerts at higher throughput without proportional headcount growth. Canva, the design platform, uses Tines to automate access management and identity provisioning workflows, representing use-case expansion beyond core security incident response into IT operations. GitLab uses Tines for security operations automation, with the case study demonstrating the platform's compatibility with DevSecOps workflows in an all-remote, cloud-native engineering culture. Elastic, a strategic integration partner, deployed Tines alongside its own observability stack to automate security and IT operations at scale, serving as both a customer reference and a go-to-market amplifier. Reddit's deployment spans multiple automation use cases across security and IT operations. Hulu uses Tines for media and entertainment vertical automation workflows, expanding the addressable customer base into new verticals. Databricks and HubSpot similarly represent expansion into data engineering and marketing technology buyer segments, demonstrating that Tines' platform is not niche-constrained to security operations and can serve diverse enterprise buyers across workflows. [CU007, CU008, CU009, CU010, CU011, CU012]

6.3 Customer Satisfaction, Reviews, and Sentiment Analysis

Tines holds exceptional third-party review scores: 4.7 out of 5 on G2 from 397 user reviews, and 4.9 out of 5 on Gartner Peer Insights from 54 verified enterprise reviews. Both ratings place Tines in the top tier of the SOAR and workflow automation categories. On Gartner, reviewers specifically praise the platform's ease of use, onboarding speed, and the quality of customer support, factors that are particularly meaningful for enterprise buyers evaluating deployment risk. On G2, positive sentiment clusters around the no-code paradigm, the breadth of the integration library, and the responsiveness of the Tines support team. Critical feedback on G2 and PeerSpot focuses on three recurring themes: (1) limited out-of-the-box analytics and reporting compared to mature SIEM-adjacent platforms; (2) a learning curve for non-technical users attempting to build complex branching workflows without developer support; and (3) the platform's pricing model, which some reviewers describe as becoming expensive at scale as automation volume increases. Capterra reviews (archived, 2026) similarly reflect a positive overall rating but echo the analytics depth concern. The Gartner Peer Insights alternative listing for Tines suggests that buyers actively compare Tines to Splunk SOAR, Palo Alto Cortex XSOAR, and Swimlane, indicating Tines is firmly in the competitive consideration set for SOAR replacements. Producthunt sentiment, while less rigorous, shows positive community reception for the platform's ease of automation and developer friendliness. [CU016, CU017, CU018, CU019, CU020, CU021]

6.4 Customer Acquisition, Retention, and Expansion Signals

Tines' go-to-market model combines a Community Edition-led product-led growth motion with a direct enterprise sales force targeting security operations and IT teams. The Community Edition provides a free, friction-reduced entry point that converts into enterprise deals as practitioners champion the platform internally. This bottom-up adoption pattern is consistent with patterns seen in developer- tool and security-tool companies where practitioner advocacy precedes procurement. Public NRR (net revenue retention) and gross retention data are not disclosed. As a proxy, the ARR trajectory from $13.4M (2024) to approximately $85M (2025) implies that either a high volume of new logo acquisition or strong land-and-expand dynamics drove roughly 6x growth — or a combination of both. At this growth rate, Tines likely benefits from meaningful expansion revenue as customers automate additional workflows beyond the initial deployment use case. Named customers such as Fivetran (which expanded from security into GTM and finance automation) and Canva (which expanded from incident response into identity management) suggest that Tines captures expansion revenue by penetrating multiple departments within enterprise accounts after an initial security-led entry. The Irish Tech News covered Tines' unicorn achievement as validation of its enterprise commercial traction, while TechEU similarly noted the Series C financing as reflecting strong investor conviction in the customer growth trajectory. [CU024, CU025, CU026, CU027, CU028, CU029]

6.5 Customer Risk Profile and Diligence Gaps

From a customer risk perspective, the primary concerns are: (1) customer concentration — if a small number of enterprise accounts generate a disproportionate share of ARR, the loss of a single customer could have material revenue impact; (2) NRR and churn — without disclosed retention rates, it is impossible to verify whether Tines' ARR growth is driven by net-new acquisition or expansion in existing accounts, a distinction that materially affects growth quality; and (3) the learning-curve risk for non-technical users, which could create implementation failures in complex environments and drive churn among smaller accounts with limited dedicated automation engineers. The Gartner alternative view and PeerSpot critical reviews provide adversarial signal that Tines does not win every evaluation: some customers choose Splunk SOAR or Cortex XSOAR when deeper SIEM integration or complex branching logic is required. The Gartner alternatives page for Tines confirms that buyers compare Tines against multiple SOAR platforms before committing. This competitive churn risk is manageable but real, particularly as Splunk and Palo Alto continue investing in platform integration and enterprise sales support. The absence of a published SLA and the limited public audit-log depth flagged by enterprise reviewers suggest that some buyers may require additional negotiated protections before signing Enterprise contracts. Investors should request customer churn rates, NRR, account concentration data (top 10 customers as a percent of ARR), and pilot-to-close conversion rates in diligence. [CU030, CU031, CU032, CU033, CU034, CU035]

7.1 Competitive and Market Risk

Tines competes in the SOAR and enterprise automation platform market against Splunk SOAR, Palo Alto Cortex XSOAR, Swimlane, and general-purpose low-code platforms including Microsoft Power Automate, Workato, and Zapier. The primary competitive displacement risk arises from two directions: platform consolidation by large security vendors bundling SOAR capabilities into suite products sold at negative margin to win broader platform deals, and commoditization of workflow automation as hyperscalers (AWS, Microsoft, Google) invest in native orchestration tooling. Splunk's acquisition by Cisco in 2024 for approximately $28B positions the combined Cisco-Splunk entity as a formidable SOAR incumbent with deep enterprise relationships, significant field sales capacity, and native SIEM-SOAR integration that Tines currently must bridge via HTTP connectors. Palo Alto Networks' Cortex XSOAR benefits from similar platform bundling dynamics, sold alongside Prisma and Cortex XDR with deal economics that allow XSOAR to be discounted significantly in platform deals. Tines' no-code differentiation and product quality — reflected in 4.7/5 G2 ratings — provide partial insulation but do not eliminate the risk that large enterprise buyers choose incumbent platforms to reduce vendor count. The risk of Microsoft Power Automate displacing Tines in non-security-centric automation use cases is material at mid-market accounts where Microsoft 365 licensing includes workflow automation capabilities. Tines' security-operations specialization and connector quality provide differentiation in security buyer segments, but as Tines expands into IT, finance, and GTM automation (as named customer case studies show), the competitive exposure to Power Automate and Workato increases. Swimlane's new Turbine platform is positioned explicitly as a security-native alternative to Tines. [CR001, CR002, CR003, CR004, CR005, CR006]

7.2 Regulatory, Legal, and Compliance Risk

Tines operates under multiple data privacy and security compliance frameworks. The company holds SOC 2 Type II and ISO 27001 certifications, which are necessary prerequisites for enterprise procurement in regulated industries. GDPR compliance is critical given Tines' Dublin headquarters and European customer base; as a data processor for enterprise automation workflows, Tines must maintain appropriate data processing agreements (DPAs) and implement technical controls that meet GDPR Article 28 requirements. Tines' security compliance posture — SOC 2 Type II and ISO 27001 — is disclosed on the Tines security page, providing verifiable evidence that the company has invested in baseline enterprise compliance infrastructure. However, the scope and limitations of the SOC 2 audit (which systems are in scope, any exceptions noted) are not publicly disclosed, representing a diligence gap. No material litigation, regulatory enforcement actions, patent disputes, or data breach disclosures were identified in public sources as of May 2026. Tines' pricing and packaging terms, including subscription licensing and data residency options, are disclosed in the Tines help center, providing legal review of baseline contract terms. Tines' platform processes enterprise security data including potentially sensitive incident artifacts, credentials references, and API tokens; the regulatory risk of a data breach involving customer automation workflows would be material. From a licensing and IP perspective, Tines does not appear to hold a proprietary patent portfolio or face disclosed IP disputes. The company is incorporated in Ireland, which may carry advantages for EU data residency requirements but also subjects it to Irish regulatory oversight under GDPR as both a data controller and processor. [CR008, CR009, CR010, CR011, CR012, CR013]

7.3 Operational and Technical Risk

Tines' operational risk profile is anchored by three primary exposures: (1) cloud infrastructure dependency on AWS, which concentrates operational resilience risk in a single hyperscaler's uptime and service availability; (2) the risk of security incidents or data breaches given that the platform processes enterprise security workflow data including sensitive automation artifacts; and (3) the execution risk of scaling the engineering and go-to-market organization at the pace required to sustain the ARR growth trajectory. No public outage incidents, CVEs, or significant security incidents involving Tines were identified in public sources. Tines' SOC 2 Type II certification provides evidence of security control testing, and the company maintains a published security page with compliance disclosures. However, the absence of a published SLA, uptime history, or incident postmortem index is a meaningful operational diligence gap for enterprise buyers and investors assessing operational resilience. Product complexity risk is evidenced by G2 and PeerSpot reviewers citing a learning curve for non-technical users building complex branching workflows. This complexity risk translates into implementation risk for customers without dedicated automation engineers, which could drive churn in smaller accounts. Analytics depth gaps flagged by enterprise reviewers represent a product risk that could enable competitive displacement if not addressed in the roadmap. Tines' Dublin headquarters concentrates engineering leadership and institutional knowledge in a single geographic location. Rapid headcount scaling required to support Series C-funded growth introduces execution risk, particularly in recruiting security automation engineers and senior enterprise sales talent in competitive Dublin and US markets. [CR016, CR017, CR018, CR019, CR020, CR021]

7.4 Partner, Dependency, and Key-Person Risk

Tines' partner ecosystem is a source of both go-to-market leverage and concentration risk. The company's strategic integrations with CrowdStrike, Pagerduty, Splunk, and Elastic create channel dependency: if any major partner deepens native automation capabilities within their own platforms, Tines could face reduced referral flow and competitive displacement from within the ecosystem. CrowdStrike's Technology Alliance Partner listing includes Tines, creating bidirectional dependency — CrowdStrike is both a channel partner and a potential platform competitor as it expands its own automation and orchestration capabilities within the Falcon platform. PagerDuty's operations automation platform and Tines' incident automation use cases overlap significantly; PagerDuty's acquisition of Runbook Automation in recent years has increased platform competition in the incident automation adjacency. Splunk's acquisition by Cisco adds further complexity: Tines integrates with Splunk but also competes with Splunk SOAR, creating a dual relationship that carries revenue dependency risk if Splunk deprecates the Tines integration or preferentially routes customers to SOAR. Key-person risk is elevated at Tines due to the concentration of product vision, technical architecture, and customer relationships in a small founding team. Eoin Hinchy (CEO) and Thomas Kinsella (COO) are the public faces of the company and are cited repeatedly in press coverage as the drivers of product strategy. The departure of either co-founder would likely impact customer confidence and investor sentiment, particularly at the current growth stage. [CR023, CR024, CR025, CR026, CR027, CR028]

7.5 Financial and Model Risk, Mitigations, and Kill Criteria

Tines' financial risk profile reflects the execution challenges of a high-growth SaaS company that raised $125M at a $1.125B valuation with an ARR base estimated at approximately $85M. The implied ARR multiple of approximately 13x (at mid-point estimates) is serviceable for a company growing at 6x ARR, but leaves limited downside cushion if growth decelerates. Burn rate and runway are not disclosed; with $155M raised in total financing and no disclosed profitability, burn is assumed to be material. Working capital risk is limited for a subscription SaaS business model — Tines' cash is primarily consumed by headcount (engineering, sales, customer success) rather than capital equipment or inventory. However, the Series C was raised in early 2025; at a moderate burn rate of $3-5M per month, the company has 2.5-4 years of runway, which should be sufficient to reach a subsequent financing event or profitability if ARR growth continues. Palo Alto Networks' pricing data for Cortex XSOAR confirms that SOAR pricing models are complex and deployment-dependent. Tines' volume-based pricing model could create margin compression risk as enterprise customers negotiate larger-volume discounts at contract renewal. The risk of enterprise-level price competition from incumbents discounting SOAR as part of platform deals is real and could compress Tines' effective ASP over time. Thesis-break triggers that would materially impair the investment case include: ARR growth below 50% YoY; NRR below 110%; a major platform partner (CrowdStrike, Splunk) deprecating the Tines integration; a material data breach or regulatory enforcement action; or co-founder departure. [CR031, CR032, CR033, CR034, CR035, CR036]

8.1 Investment Thesis and Anti-Thesis

The Tines investment thesis rests on five pillars: (1) a large and growing total addressable market — the global SOAR market is estimated at $6.9B growing at 13.4% CAGR, with security orchestration expanding into broader enterprise automation; (2) best-in-class product differentiation — 4.7/5 on G2 from 397 reviews and 4.9/5 on Gartner from 54 enterprise reviewers, reflecting genuine product quality in a market with several entrenched but lower-satisfaction incumbents; (3) exceptional ARR velocity — from $13.4M in 2024 to approximately $85M in 2025, implying 6x growth in a single year that exceeds normal high-growth SaaS benchmarks; (4) enterprise proof — 10+ named enterprise customers including Coinbase, Canva, GitLab, and Fivetran with documented production deployments; and (5) a defensible competitive position built around a no-code paradigm that lowers adoption barriers and drives practitioner-led bottom-up growth that reduces sales cycle length. The anti-thesis centers on four concerns: (1) competitive displacement risk from Cisco-Splunk and Palo Alto Networks, which can bundle SOAR at discounted rates in enterprise platform deals; (2) the 13x ARR multiple at Series C entry — while reasonable for a high-growth company, this leaves limited downside cushion if growth decelerates; (3) undisclosed NRR and retention metrics, which mean the quality of ARR growth cannot be verified — if growth is primarily new logo acquisition with weak retention, the multiple is unsupportable; and (4) customer concentration and analytics depth gaps that could drive enterprise churn in accounts requiring deeper reporting and fewer vendors. The primary diligence unlock that would move this from Cautious Buy to Conviction Buy is confirmed NRR above 110% and verifiable customer concentration data showing no account represents more than 10% of ARR. Below 110% NRR, the thesis weakens materially. [CV001, CV002, CV003, CV004, CV005, CV006]

8.2 Financing Context, Valuation, and Entry Discipline

Tines' latest disclosed financing is its February 2025 Series C of $125M at a $1.125B valuation, led by DTCP with participation from Accel, Index Ventures, and Bain Capital. Goldman Sachs Asset Management participated, providing institutional quality validation. The deal was confirmed via PR Newswire press release and multiple independent media sources, making it one of the better-evidenced private company valuation marks in this analysis. At approximately $85M ARR and a $1.125B valuation, the implied ARR multiple at Series C entry is approximately 13.2x. Comparable SaaS companies at similar growth profiles — ServiceNow at scale, Automation Anywhere, UiPath — traded at 10–20x ARR when growing above 50% YoY. Tines' 13x multiple is within the reasonable range for a company growing at 6x ARR YoY but is at the lower end of premium multiples, reflecting the private market's appropriate discount to public comparables. Dark Reading's coverage of the Series C confirms the Goldman Sachs and Softbank-adjacent investor participation, lending further credibility to the valuation mark. Tracxn's company profile provides additional ARR and growth metrics consistent with $85M ARR and the $1.125B valuation. State of the Stack newsletter analysis provided a deep-dive assessment of the Series C mechanics, noting that the valuation reflects conviction in the no-code automation market despite the competitive environment. Preference overhang is assumed to be standard for Series C: $155M total raised implies cumulative liquidation preference potentially in the $155–230M range (1–1.5x non-participating preferred), which at a $1.125B enterprise value leaves meaningful common equity value but requires modeling in Series D or exit scenarios. [CV009, CV010, CV011, CV012, CV013, CV014]

8.3 Bull / Base / Bear Scenarios and Valuation Range

The bull case assumes Tines maintains 60%+ ARR growth through 2027, reaching approximately $340M ARR by 2027 end, with NRR confirmed above 120% and no major customer concentration or competitive loss. At a 12x ARR exit multiple (reasonable for a company growing 60%+ with high NRR in a 2028 IPO or M&A process), the bull case enterprise value reaches $4.1B, implying a 3.6x return on the Series C investment over three years. This requires successful Series D financing and sustained competitive differentiation against Cisco-Splunk bundling. The base case assumes 50% ARR growth through 2027, reaching approximately $280M ARR, with NRR in the 110–120% range. At a 9x ARR exit multiple (reflecting slight multiple compression from peak private market valuations), the base case enterprise value is approximately $2.5B, implying a 2.2x return. This case requires no major partner defection and continued market share capture in the security automation segment. The bear case assumes growth deceleration to 35% ARR YoY — triggered by Cisco-Splunk platform bundling pressure and NRR below 110% — bringing 2027 ARR to approximately $200M. At a 5x ARR multiple reflecting multiple compression for a decelerating growth company, the bear case enterprise value is $1.0B, below the current $1.125B valuation mark. This represents a down-round scenario or flat exit at best, implying a 0.9x return (loss of capital at entry price). Mordor Intelligence estimates the SOAR market at $6.9B growing at 13.4% CAGR through 2029; even in the bear case, Tines would represent less than 3% market share in 2027, suggesting the total addressable market is not the binding constraint — execution and competitive dynamics are. [CV017, CV018, CV019, CV020, CV021, CV022]

8.4 Comparable Valuation Analysis

Tines' Series C multiple of approximately 13x ARR is benchmarked against a set of comparable security automation and workflow automation companies at similar growth stages. UiPath, the RPA pioneer, listed at approximately 30x ARR in its 2021 IPO and subsequently traded down to 5–8x ARR as growth decelerated — illustrating the downside risk of multiple compression. Automation Anywhere raised at approximately $6.8B valuation on estimated $250M ARR in 2023, implying approximately 27x ARR — a premium reflecting its larger scale. Workato, a horizontal workflow automation platform comparable to Tines, raised at $7.7B valuation on approximately $100M ARR in 2022, implying 77x ARR at peak private market valuations — an extreme premium since compressed. XSOAR/Palo Alto Networks does not provide a standalone valuation mark; Palo Alto trades at approximately 12–14x revenue across its Cortex platform. ServiceNow, the most mature workflow automation incumbent, trades at approximately 13–15x NTM revenue — suggesting Tines' entry multiple is consistent with mature enterprise automation benchmarks, though Tines carries more risk given its earlier stage. Market Research Future estimates the broader workflow automation market at approximately $26B, growing at 23.9% CAGR through 2030, suggesting Tines' SOAR specialization is a defensible niche within a larger secular automation wave. The IBM Think security automation coverage confirms that large enterprises are actively investing in orchestration, benefiting the overall category. [CV025, CV026, CV027, CV028, CV029, CV030]

8.5 Exit Readiness, Diligence Asks, and Thesis-Break Triggers

Tines' path to exit most plausibly runs through one of three channels: (1) an IPO in 2027–2028 if ARR reaches $250–350M and public market SaaS multiples recover; (2) a strategic acquisition by a large security or cloud platform (Microsoft, CrowdStrike, Cisco/Splunk, Palo Alto Networks) seeking workflow automation capabilities; or (3) a secondary sale or Series D at a higher valuation if ARR growth sustains above 50% YoY. The acquisition scenario is strategically plausible but carries antitrust risk given the existing Cisco-Splunk SOAR combination and Palo Alto's Cortex XSOAR. ProductHunt community sentiment and DarkReading Series C coverage both confirm broad market awareness of Tines as a viable enterprise security automation brand — a prerequisite for IPO exit readiness. Irish Examiner coverage confirms Tines' significance as an Irish technology company, providing local market context for Dublin-based employee retention and talent acquisition relevant to scaling execution. Final diligence asks that would significantly increase conviction: (1) audited or reviewed financial statements for 2024 and 2025, including NRR, gross retention, and revenue by cohort; (2) top-10 customer ARR concentration expressed as a percentage; (3) win/loss analysis against Splunk SOAR and Cortex XSOAR; (4) headcount, attrition, and open role data; (5) SOC 2 audit report with scope and exceptions; (6) Series C preference terms including liquidation waterfall; and (7) a product roadmap with investment allocation between security depth, analytics improvement, and AI Agent expansion. Thesis-break triggers: ARR growth below 50% YoY; NRR below 110%; departure of either co-founder; Cisco-Splunk announcing free bundling of SOAR in platform deals; or a material data breach. [CV033, CV034, CV035, CV036, CV037, CV038]