Major spike in AI-driven exploits sees startup land fresh funding to deploy General Security Intelligence with custom AI agents that work 24/7 to secure businesses’ systems

depthfirst, an applied AI lab shaping the future of software security, today announced its $40M Series A round, led by Accel with participation from Alt Capital, BoxGroup, Liquid 2 Ventures, Mantis VC, SV Angel, and notable angel investors including Jeff Dean, Kirsten Green, Colin Evans, Logan Kilpatrick, and Julian Schrittwieser. depthfirst’s novel AI platform, General Security Intelligence, is designed to detect, triage, and remediate vulnerabilities across every layer of software and infrastructure.

Software security vulnerabilities are accelerating as AI-generated coding tools flood the software ecosystem. At the same time, businesses are entering a new era of threats: no longer limited to human-scale exploits, they now face automated, autonomous, and always-on adversaries. depthfirst is building General Security Intelligence with agents that understand company systems end-to-end and can respond with the same speed and intelligence as AI-empowered attackers. By hardening the global software stack, the company provides the conditions necessary not only for resilient businesses, but for safe and controllable AI.

“We’ve entered an era where software is written faster than it can be secured,” said Qasim Mithani, co-founder and CEO of depthfirst. “AI has already changed how attackers work. Defense has to evolve just as fundamentally.”

In the four months since launching its product, depthfirst has developed agents that uncover 8x more true-positive vulnerabilities than traditional static analysis tools, while reducing false positives by 85%. The company’s model also achieved state of the art performance on CyberGym, a leading cybersecurity evaluation framework, recently delivering a 90% performance improvement over its previous benchmarks. Since making its product generally available, the company has signed industry-leading companies such as Lovable, Supabase, Moveworks, AngelList, and more as customers.

“depthfirst felt like adding an autonomous senior product-security engineer to our team at AngelList,” said Alberto Martinez, Head of Security, AngelList. “It quickly surfaced our top issues and got smarter over time by tracking context across scans, eliminating false positives, and opening ready-to-merge fixes our developers immediately understand. It’s doubled the efficiency of our security-engineering team.”

Existing security tools are designed to find yesterday’s threats. This is falling short in the AI era, where offense is rapidly outpacing defense. In contrast, depthfirst’s General Security Intelligence platform, built with a unique AI-first defense approach, goes beyond surface scans to fully understand a customer’s code, context, and threat model; and most importantly, catch vulnerabilities before they are exploited by bad actors.

"depthfirst has fundamentally changed how we think about code security and quality at Moveworks,” said Damian Hasse, CISO, Moveworks. “They not only find code defects and complex threats like backdoors and malware, but also proactively offer fixes. The result is stronger security and a measurable lift in code quality and review efficiency across the board."

depthfirst was founded in 2024, with a mission of securing the world’s software and a belief that software is the foundation of modern civilization, yet vulnerabilities threaten its integrity, security, and resilience. The depthfirst founding team includes technical leaders from Google DeepMind, Databricks, and Faire, bringing together a deep AI understanding with security research to solve security's hardest problems with AI-native architecture. The Series A funding will support the company's research and development, GTM efforts, and hiring across applied research, engineering, product, and sales.

“Software security is plagued by claims of ‘better signal to noise’ and legacy tools that are generally ill-equipped to meet the heightened risks of modern day threats,” said Sara Ittelson, Partner at Accel. “depthfirst has the industry background and team best poised to transform this $400B corner of the enterprise market, and just in time as AI and agentic tools become widely adopted.”

To learn more about depthfirst, visit https://www.depthfirst.com and try out a demo today.

About depthfirst

depthfirst is an applied AI lab developing novel security solutions for businesses facing modern, AI-era threats to their systems. The company’s AI-native security platform General Security Intelligence builds context on a company's code, infrastructure, and business logic to find complex vulnerabilities, focus on the important issues, and provide developers with ready-to-merge fixes. The company’s mission is to help secure the world’s software powering society’s critical systems before they are threatened by new-age, AI-empowered bad actors. The company has raised $40M from investors including Accel, Liquid 2 Ventures, Alt Capital, and Mantis VC.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260114573872/en/