Depthfirst Raises $40M Series A to Scale AI Security Platform Against Evolving Cyber Threats

AI security firm, depthfirst, announces $40 million series A | TechCrunch

Cybercriminals are increasingly using AI in their attacks. At the same time, cyber defenders are also turning to the technology to fight back. Depthfirst, a security startup positioning itself at the forefront of this AI-powered defense, announced Wednesday that it had raised $40 million in a Series A round. Founded in October 2024, the company raised the round from Accel Partners, which led the investment, with participation from SV Angel, Mantis VC, and Alt Capital. Depthfirst offers a platform called General Security Intelligence, an AI-native suite that helps companies scan and analyze their codebases and workflows for signs of trouble. The company says that the platform also allows companies to protect themselves from credential exposures and to monitor threats to their open-source and third-party components. The company plans to use the new capital to hire additional staff for applied research and engineering, as well as product and sales. "We've entered an era where software is written faster than it can be secured," said Qasim Mithani, the company's co-founder and CEO, as part of the announcement. Mithani, who previously worked for Databricks and Amazon, added that automation has changed how bad actors execute their attacks. "AI has already changed how attackers work. Defense has to evolve just as fundamentally." The company's leadership comes with backgrounds in both AI and security. One of Depthfirst's other co-founders, Daniele Perito, previously served as director of security and risk engineering at Square, which is part of Jack Dorsey's Block. Its CTO (and another co-founder), Andrea Michi, was previously an engineer at Google DeepMind. Just as AI can be used for legitimate purposes, it can also be used by cybercriminals to automate a whole range of malicious processes -- from writing malware to social engineering attacks to scanning for vulnerabilities to exploit. Last November, Anthropic claimed that it had thwarted the first "AI orchestrated cyber espionage campaign." Depthfirst says it can help protect companies from many of these "AI-driven exploits," and that it has already developed partnerships with a number of prominent companies, including AngelList, Lovable, and Moveworks.

Depthfirst secures $40M to expand agentic approach to software security - SiliconANGLE

Depthfirst secures $40M to expand agentic approach to software security Artificial intelligence-native security platform startup depthfirst Inc. revealed today that it had raised $40 million in new funding to support its research and development, go-to-market efforts and hiring across applied research, engineering, product and sales. Founded in 2024, depthfirst was created in response to a rapidly changing threat landscape where software is developed faster than traditional security tools can keep up and where attackers are increasingly using AI to find and exploit weaknesses. The company has as its mission to secure the world's software by building tools that understand and protect code at the speed and scale of both development and attack. Depthfirst's General Security Intelligence platform uses custom AI agents to actively analyze and interpret a company's codebases, infrastructure and workflows. The platform uses deep context and machine learning to detect subtle, complex vulnerabilities that traditional tools often miss. The company takes a continuous, context-aware vulnerability detection approach, in that the platform doesn't just look for known patterns but also builds an understanding of how systems are structured and how they operate in real time. By doing so, the platform can catch not only obvious bugs but also logic flaws, insecure configurations and emergent threats that arise when software components interact in unexpected ways. Along with detection, depthfirst also offers triage and remediation support, with its AI agents able to assess the severity of findings, reduce false positives and generate actionable recommendations and sometimes even ready-to-merge fixes so that developers can remediate issues more efficiently. Depthfirst only formally launched to the public four months ago and in that time, its agents have uncovered eight times more true-positive vulnerabilities than traditional static analysis tools, while reducing false positives by 85%. In that short time, the company has managed to sign Lovable Inc., Supabase Inc., Moveworks Inc. and AngelList LLC as customers. "Depthfirst felt like adding an autonomous senior product-security engineer to our team at AngelList," said Alberto Martinez, head of security at AngelList. "It quickly surfaced our top issues and got smarter over time by tracking context across scans, eliminating false positives and opening ready-to-merge fixes our developers immediately understand. It's doubled the efficiency of our security-engineering team." The Series A round was led by Accel Partners LP, with Alt Capital, BoxGroup, Liquid 2 Ventures, Mantis VC, SV Angel and angel investors including Jeff Dean, Kirsten Green, Colin Evans, Logan Kilpatrick and Julian Schrittwieser also participating. "Software security is plagued by claims of 'better signal to noise' and legacy tools that are generally ill-equipped to meet the heightened risks of modern-day threats," said Sara Ittelson, partner at Accel. "Depthfirst has the industry background and team best poised to transform this $400 billion corner of the enterprise market and just in time as AI and agentic tools become widely adopted."