AI Security Startup Xbow Hits $1 Billion Valuation After $120M Funding Round

AI Security Startup Xbow Valued at More Than $1 Billion

Xbow, a startup that builds AI software to probe applications for security vulnerabilities, has raised a new round of funding that values it at more than $1 billion, a sign of investor enthusiasm for using artificial intelligence in cybersecurity. DFJ Growth and Northzone led the $120 million financing deal in Xbow, the company said Wednesday. Other participants included Alkeon Capital and Sofina, as well as previous backers Sequoia Capital, Altimeter Capital and NFDG. Founded in 2024, Xbow is part of a crop of startups promising to use advances in AI to combat malicious actors, including those who may seize on artificial intelligence to automate their own attacks. Earlier this month, OpenAI agreed to buy Promptfoo, a company that enables large businesses to find and fix security issues in AI models. OpenAI and Anthropic PBC have also unveiled AI agents meant to help security teams spot and patch vulnerabilities in large databases. Xbow uses human hackers to train AI models that automate the function of so-called penetration testers and red teams, which try to find weak points in a company's systems before they're exploited. The startup focuses on probing for flaws in applications, a need that's growing as more developers rely on AI coding tools to streamline the process of writing software. Oege de Moor, chief executive officer of Xbow and former head of GitHub's pioneering Copilot code-generation product, said apps built largely with AI typically "output insecure coding patterns." The reason, he said, is "they've been trained on publicly available source code, and unfortunately, a lot of publicly available source code was not well secured." De Moor expects AI models "will get better and better at avoiding insecure coding patterns," but that it will remain a challenge to root out security flaws stemming from AI failing to understand business logic, or when data can or should be shared. Xbow, he said, can find such flaws. The startup employs roughly 150 people and expects to have several hundred on staff by the end of the year. Xbow has signed up more than 100 customers, including Moderna Inc. and Samsung Electronics Co., and is seeing strong demand in South Korea where businesses face threats from nation-state groups, de Moor said. While AI tools can help companies protect themselves, hackers are also using the technology to scale the volume and severity of attacks. "The world at large has not yet fully realized what is coming," de Moor said. "There will be swarms of malicious attacks. We better get ready for that."

Automated vulnerability detection startup Xbow nabs $120M - SiliconANGLE

Xbow USA Inc., a startup that helps enterprises find cybersecurity issues in their software, has closed a $120 million funding round at a valuation exceeding $1 billion. The company disclosed today that DFJ Growth and Northzone were the lead investors. The Series C raise follows a $75 million round that closed last June. One of the ways companies find vulnerabilities in their infrastructure is by carrying out penetration tests. Those are evaluations in which administrators carry out simulated cyberattacks against an application. A penetration test can uncover exploits that are difficult to spot using other methods, but such assessments are expensive and often take weeks. Seattle-based Xbow provides a platform that carries out penetration tests automatically using AI agents. According to the company, its software can reduce the duration of cybersecurity evaluations to a few hours or days. An application has numerous edge cases, user interaction scenarios that it is highly unlikely to encounter but could potentially pose a cybersecurity risk. In a manual penetration test, administrators often can't cover every single edge case because of time constraints. Xbow says that its platform's speed enables it to analyze such risks in a more comprehensive manner. After the software finds potential vulnerabilities, it checks whether they can be exploited. That approach enables Xbow to filter false positives without a realistic chance of leading to a breach. The company says that its AI agents can develop highly elaborate, multi-step exploit chains. During one penetration test, Xbow's platform carried out a simulated cyberattack that comprised 48 different exploits. It used a specially-crafted image file to simulate a so-called server-side request forgery attack. That's a type of breach in which hackers compromise an application and use it to steal data from another system to which it's connected. In another test, Xbow successfully decrypted a cookie protected with the industry-standard AES-128 encryption technology. It did so by sending a series of requests to a server that possessed the decryption key. The requests returned error messages that Xbow's AI agents analyzed to infer the contents of the cookie. The company says that its platform completed the task in 17.5 minutes. Users can customize how Xbow carries out penetration tests by providing it with instructions. For example, a software-as-a-service startup could ask the platform to only a test newly released feature. Engineers can optionally provide Xbow with the source code of an application to give it a more complete view of potential vulnerabilities. The company offers its platform in 3 editions. The Plus and Premium versions enable customers to scan a single application for a one-time fee. Xbow Enterprise, the company's third offering, can continuously scan an organization's workloads for vulnerabilities. An application programming interface enables engineers to stream the results of penetration tests to their other cybersecurity tools. Xbow will use its newly raised funding to grow its presence in international markets and the enterprise. The company also plans to invest in feature development.