Ox Security Raises $60M to Revolutionize AI-Generated Code Vulnerability Scanning

Ox Security lands a fresh $60M to scan for vulnerabilities in code | TechCrunch

As "vibe coding" gains in popularity and tech companies push devs in their employ to embrace generative AI tools, a platform that scans for vulnerabilities in AI-generated code has raised a fresh round of funding. Ox Security, which models risk across both AI- and human-produced code, on Wednesday announced that it closed a $60 million Series B. The round was led by DTCP with participation from IBM Ventures, Microsoft, Swisscom Ventures, Evolution Equity Partners, and Team8, and it brings Ox's total raised to $94 million. Neatsun Ziv and Lior Arzi founded New York- and Tel Aviv-based Ox in 2021. Software and IT engineers by trade, the pair met at Check Point, where they worked on the security firm's threat prevention product lines. Ox's platform, which TechCrunch last profiled in 2022, is aimed at both security teams and developers, offering tools to scan code in applications and secure a company's broader supply chain. Ox can model threats and even recommend fixes, assisting with code reviews and generating executive reports that highlight breaches and possible reasons they occurred. "Over the past year, AI has significantly transformed software development," Ziv told TechCrunchw. "While these tools accelerate development for both experienced developers and beginners, they often lack the critical thinking and judgment needed to catch subtle security flaws ... Ox frees up developers' time, allowing them to focus on innovation, while simultaneously improving the organization's overall security posture." Ziv claims that Ox is analyzing over 100 million lines of code daily for around 200 customers, including eToro, SoFi, and two of its investors, Microsoft and IBM. "Our customer base spans from Fortune 10 companies to small- and medium-sized businesses," Ziv said. "We also count military and government entities as clients, as well as federal agencies." According to Ziv, Ox's new capital will be put toward growth and expansion as the 150-employee startup competes for market share against rivals such as Snyk, Veracode, Synopsis, and Checkmarx. Ox is generating around $10 million in annual recurring revenue -- a figure Ziv anticipates will double by the end of the year -- and plans to be cash-flow-positive within the next 2-3 years. "We want to position ourselves for long-term success and this way we can focus on scaling and reaching our bigger goals," ZIv said. "We've seen significant growth in revenue, and received offers that give us the opportunity to make a leap forward. We felt it was the right time to take this step for the company."

Microsoft backs $60M round for application security startup OX Security - SiliconANGLE

Microsoft backs $60M round for application security startup OX Security OX Appsec Security Ltd., a startup that helps developers find the most urgent vulnerabilities in their code, has raised $60 million to enhance its technology. The Series B investment was announced today. Lead investor DTCP was joined by Microsoft Corp., IBM Ventures, Swisscom Ventures, Evolution Equity and Team8. OX Security's total outside funding now stands at $94 million. Not all the vulnerabilities in a company's applications have a realistic chance of leading to a data breach. If a security flaw affects a workload that isn't accessible from the public web, hackers have no way of exploiting it. Vulnerabilities in non-critical assets, such a virtual machine that doesn't contain any business data, likewise pose a limited risk. According to OX Security, the large number of non-urgent vulnerabilities in enterprise networks make it difficult to find issues that do require immediate remediation. The company has developed a cloud platform that promises to ease the task. The software uses artificial intelligence to evaluate whether a vulnerability can be exploited and, if so, what data it might expose. If OX Security finds an employee password in a GitHub repository, its AI algorithms might start the evaluation by checking whether the repository is publicly accessible. In case it is, the platform can carry out simulated cyberattacks to determine whether the password could be used to log into important systems. After finding a vulnerability that poses a risk, OX Security evaluates the business impact of a potential breach. It can determine if the system affected by the vulnerability contains sensitive business data. Additionally, the platform identifies cases where a security flaw in one system could be used by hackers to compromise other technology assets. Alongside code vulnerabilities, application programming interfaces are another source of risk in software projects. One of the main issues is that APIs sometimes go unnoticed, which means any security flaws they contain are left unfixed. OX Security says that its platform can automatically find all the APIs in an application environment and scan them for vulnerabilities. The platform generates remediation suggestions for the security flaw it finds. If a code vulnerability isn't fixed, OX Security can block it from rolling out to production. "The OX Security Unified AppSec platform connects every signal across the software supply chain -- code, pipeline, cloud, runtime -- giving our customers a unified view of what's real, what's reachable, and how it impacts risk," OX Security co-founder and Chief Executive Officer Neatsun Ziv wrote in a blog post.

Ox Security closes Series B at $60 million

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community. With a focus on helping enterprises move from reactive security to actual, measurable risk reduction, Ox's platform works to enable precise, evidence-based risk prioritisation, highlighting the impact of security findings throughout the software development life cycle. Ox's proprietary Code Projection technology analyses how code behaves in real-world environments and traces potential vulnerabilities back to their source in the code origin. The cybersecurity company focuses on evaluating reachability, exploitability, and business impact. This allows teams to pinpoint critical vulnerabilities, helping to significantly improving risk posture and saving millions in developer hours. This product has also shown its value amid a growing realisation that traditional application security tools are not up to scratch and are failing security teams. Current tools are overwhelming teams with constant alerts and there being no way to prioritise issues that pose genuine risk, time, resource and funds are wasted. By chasing non-critical issues, teams are increasing the likelihood of missing actual threats and exposing themselves to greater risk. Further, AI is transforming how software is built and while being capable of producing code at unprecedented speed, the technology also introduces unfamiliar and often invisible risks. Ox expresses that AI-generated code may look clean, but structural flaws still persist that are undetectable by traditional tools. The application security platform is also working to establish an AI-powered agentic code review, enhanced by critical thinking modules and those that can mimic the judgement of top security engineers. By continuously modeling risk across both AI and human-generated code, the platform spots and fixes vulnerabilities within the 5% of issues that pose the most risk. Neatsun Ziv, CEO and co-founder of Ox Security shares: "Any security tool can find endless vulnerabilities and issue a nonstop stream of alerts. We're here to tell you which specific vulnerabilities will actually get you breached - and make it painfully clear what to fix first. We built Ox to solve the actual AppSec problem: not finding issues but knowing which ones to fix. That's what gets buy-in from developers. That's what prevents breaches, and why the market is finally ready for change." Dean Shahar, managing director at DTCP comments: "We are very excited to be partnering with Ox to support them in their next stage of growth. OX is the precision blade that slices through the noise of endless vulnerabilities, empowering organizations to zero in on the critical 5% that truly matter. "This is a true paradigm shift - Ox's code projection and precise prioritization finally deliver on the broken promises of legacy security tools, whose flood of alerts has become their Achilles' heel. As GenAI accelerates code creation beyond human scale, OX unifies fragmented AppSec solutions into a single, cohesive platform, delivering laser-sharp accuracy to secure the ever-expanding attack surface."