Depthfirst, a San Francisco-based AI-native autonomous security platform, has raised $80M in Series B funding led by Meritech Capital. The platform analyzes code, business logic, and infrastructure to discover real vulnerabilities like business logic flaws and chained issues, while reducing false positives, generating pull requests with fixes, and verifying resolutions. The capital will fund training proprietary security models, expanding the AI research team, and scaling enterprise adoption.
Following XBow's Massive AI Security Round
The timing aligns with surging investor interest in AI-driven cybersecurity. XBow raised $120M for autonomous security testing just 11 days prior. Depthfirst's rapid $80M raise comes less than 90 days after its $40M Series A led by Accel, signaling conviction in AI-native defenses against escalating threats. This follows a wave of cyber startups riding the AI funding surge.
AI Attacks Demand Reasoning Security
AI accelerates both code generation and vulnerability discovery by attackers, outpacing rule-based tools. Traditional SAST engines miss business logic flaws and chained exploits, overwhelming security teams with noise. Depthfirst targets fast-growing startups like Moveworks and Fortune 500 firms building AI systems, where 85% false positive reductions and 8x alert noise cuts prove essential.
dfs-mini1 Powers Smarter Detection
Depthfirst launched dfs-mini1, an in-house model post-trained via reinforcement learning that outperforms frontier models at 10-30x lower cost on smart contracts and generalizes broadly. Unlike generic LLMs, it simulates real hacker attacks to validate exploitable paths, avoiding unexploitable flags. Customers like Persona achieved 2x code coverage, while AngelList saw 70% less security engineering load.
As Qasim Mithani, Co-Founder and CEO, explained:
"AI is making it dramatically easier to write code… and attack software. This means companies are at bigger risk than ever."
Autonomous PRs Accelerate Remediation
The platform autonomously generates merge-ready pull requests, with 80% developer acceptance rates across customers like ClickUp and Supabase. It handles code security, supply chain risks, secrets detection with credential validation, and dynamic testing in running apps. This agentic approach acts like an autonomous senior security engineer, remediating 130+ complex vulns at Moveworks.
Meritech Signals Hyper-Growth Bet
Meritech led the $80M round, joining Accel, Forerunner Ventures, The House Fund, Box Group, Liquid 2 Ventures, and others, pushing total funding to $120M at a $580M post-money valuation. Revenue grew 300% over the last two quarters with 20+ customers. Investors back Depthfirst's control over model training for responsive security evolution amid superhuman AI hacking risks.
AI Cybersecurity Balloons to $94B
The AI cybersecurity market stands at $25.35B in 2024, projected to reach $93.75B by 2030 at 24% CAGR per Grand View Research. Depthfirst positions against incumbents like Snyk and Veracode by focusing on full-stack reasoning from code to runtime. Peers like XBow highlight the rush into autonomous appsec as AI code velocity surges.
Ex-AWS Inspector Builders Lead Charge
Co-founder Qasim Mithani built AWS Inspector vulnerability scanning and led platform security at Databricks. Daniele Perito shaped Cash App's founding security team and co-founded unicorn Faire. CTO Andrea Michi brings DeepMind RL expertise, enabling dfs-mini1's edge. This trio translates hyperscale infra and security wins into AI-native vuln remediation.
Expanding Research Amid Hiring Surge
Funds target AI model training and research team growth, with a new San Francisco HQ opened in February 2026 attended by Mayor Daniel Lurie. Recent hires include ex-Apple security researchers and Databricks engineers, alongside 8+ open roles. Depthfirst eyes broader security domains beyond smart contracts while scaling to more enterprise wins.