Cogent Security raises $42 million as AI agents tackle vulnerability remediation bottleneck

Exclusive: Bain and Greylock bet $42 million that AI agents can finally fix cybersecurity's messiest bottleneck | Fortune

For Bain partner and former Symantec CEO Enrique Salem who led the round, this is the culmination of a several-year courtship of founder and CEO Vineet Edupuganti. "We've known him from pre‑founding the company," Salem told Fortune. "This wasn't necessarily his first starting idea, but they've proven an ability to deliver against what we're working on." The problem is familiar -- and stubborn. In 2025, more than 48,000 new common vulnerabilities and exposures in software were reported, a 162% jump from five years prior, even as attackers increasingly use AI to probe fresh bugs within minutes of disclosure. "There are more vulnerabilities than you'll ever be able to remediate or imagine," Salem says. "The Holy Grail is, how do you figure out what to remediate because you'll never remediate everything." Greylock partner Saam Motamedi, who led Cogent's $11 million seed, says the company has since built "one of the strongest AI teams in cybersecurity." Both Edupuganti and fellow co-founder Geng Sng came from Abnormal Security, where Edupuganti led product strategy and Sng built the ML fraud detection system that protects half the Fortune 500. Cogent's third co-founder, Thanos Baskous led infrastructure at Coinbase, where he was in charge of large-scale vulnerability remediation. The current Cogent team also includes hires from Google's Gemini/DeepMind, Tesla, and Stripe, and already runs its platform in production "across large Fortune 500 enterprise environments." That traction, Motamedi argues, is "incredibly rare" for a company at this stage. Cogent doesn't replace existing security tools -- it sits on top of them. It connects to the scanners companies already use, to internal asset lists like those in ServiceNow, and to data from cloud and endpoint security tools."We aggregate insights from all those signals, make sense of it, determine what to do, and then push action through the hands and the feet," Edupuganti told Fortune, referring to integrations with ticketing and patching systems. Finding these vulnerabilities isn't the hard part, according to Edupuganti. Instead the issue lies in assigning ownership of solutions. Security teams, Edupuganti adds, are "drowning in coordination work -- chasing down system owners, writing tickets, proving fixes happened. We built AI agents that handle that work end‑to‑end, so security teams can finally keep pace with attackers." Cogent says its customers are fixing their most serious security problems much faster -- reducing the time those high‑risk bugs stay active by about 97% on average. Many start cautiously, letting Cogent automate investigation, prioritization, and routing while humans retain the final remediation step: "Given all the context of my environment, tell me exactly who needs to do what by when, and let that person go do the work," Edupuganti says. Over time, some customers grant full autonomy in safer development environments, gradually expanding "slices of autonomy." Motamedi argues Cogent isn't just slapping generic AI on security problems. Instead, it has built specialized AI that deeply understands one specific job -- sorting through and acting on software vulnerabilities.. Security teams arrive each day to "thousands or millions of vulnerabilities" and a queue of tickets requiring judgment and execution, he says. Cogent ingests sensor data, builds a prioritized view based on business context, then uses models from Anthropic and OpenAI to help write the code that actually remediates issues. That promise comes with a hard constraint: no black boxes. Cogent says it's designed for big, regulated companies that need tight controls. In practice, that means every AI action can be tracked and replayed, and it only runs within clear, customizable approval rules set by the customers. "You have to really make it clear for every decision that an agent is making, why is it making that decision, what's the impact," Edupuganti says, adding that the product surfaces explanations and confidence levels so customers can "inspect it and then choose when they want to make the full plunge" into autonomy. Motamedi describes the design target as a spectrum: in best‑case scenarios, Cogent "completely obviates the need for the human" on a specific vulnerability; in others, it makes a vulnerability engineer "10 times as productive" by pre‑triaging and doing the heavy lifting so they only handle the last 10 percent. Cogent's timing is keyed to moments like Log4j -- a massive security flaw discovered in late 2021 in a very common piece of software used all over the internet -- which Edupuganti calls a "watershed" that exposed how hard it was for enterprises even to locate their exposure, let alone fix it. "Most instances of Log4j are not remediated," he says. "The biggest challenge that people have is they just don't know where the thing was and who should fix it," a gap he expects to widen as zero‑days (when hackers release malware to exploit software vulnerabilities before a software developer has patched a flaw) increase. Since launching in July 2025, Cogent says it is already working with dozens of Fortune 1000 and Global 2000 enterprise customers, with a 10x increase targeted this year. With the new capital, the company plans to expand beyond vulnerability management to other security operations and IT automation workloads, while quadrupling its go‑to‑market team to push deeper into the enterprise. For Salem, who estimates he sees 400-500 AI‑security decks a year, Cogent stood out because Edupuganti led with the problem, not the model. "What Vineet did is he said, let me explain the problem. What am I solving? And why does it matter?" he says. If the bet pays off, Salem already has his dream headline: "Software is now secure."

Cogent Security raises $42M to scale AI agents for enterprise vulnerability remediation - SiliconANGLE

Cogent Security raises $42M to scale AI agents for enterprise vulnerability remediation Agentic artificial intelligence for vulnerability management startup Cogent Security Inc. revealed today that it had raised $42 million in new funding to accelerate product development, expand enterprise deployments and continue building governed AI agent systems for vulnerability remediation at scale. Founded in 2025, Cogent develops autonomous AI agents that are designed to address the operational gap between vulnerability discovery and remediation in enterprise environments. The AI agents operate across security and engineering systems to automate post-detection workflows while maintaining governance controls and auditability. "Security teams are drowning in coordination work: chasing down system owners, writing tickets, proving fixes happened," explains Vineet Edupuganti, chief executive officer and co-founder of Cogent. "We built AI agents that handle that work end-to-end, so security teams can finally keep pace with attackers." Cogent's platform integrates with existing vulnerability management, ticketing and communication tools to ingest findings such as newly disclosed Common Vulnerabilities and Exposures and internally detected weaknesses. The agents then analyze contextual data gathered from enterprise systems to determine asset ownership, map vulnerabilities to affected services and assess real-world risk based on environmental factors. The system generates structured remediation guidance and tracks the status of fixes through integrations with engineering workflows. Agent actions are logged, traceable and subject to configurable approval gates and policy enforcement mechanisms. The Cogent platform's capabilities include automated investigation of vulnerabilities, correlation of assets to responsible teams, prioritization based on contextual risk signals and creation of remediation tasks for engineers. The agents monitor remediation progress and verify completion once patches or configuration changes are applied. The system is also designed for enterprise governance requirements, including audit trails, reproducibility of agent decisions and integration into established change-management processes. While relatively young, having only formally launched in July of 2025, Cogent is already seeing strong growth and is working with dozens of Fortune 1000 companies. Notable Cogent customers include Upwind Security Inc., Alteryx Inc. and CSC Generation Holdings Inc. The Series A funding round was led by Bain Capital LP, with Greylock Partners, Definition Capital and founders and executives from OpenAI Group PBC, Abnormal Security Corp. and Datadog Inc. also participating. "The enterprise security landscape has reached a clear inflection point. The volume of vulnerabilities has outpaced what traditional, human-driven coordination can handle," said Enrique Salem, partner at Bain Capital Ventures. "Cogent's AI enables teams to accomplish five times more with the same resources. This represents a fundamental reset of what's possible in security operations, and we're proud to partner with this team as they continue to push the boundaries." The new funding takes the total raised by Cogent to $53 million.