Xbow, a Seattle-based autonomous offensive security platform powered by AI, has raised $120M in Series C funding led by DFJ Growth and Northzone. The platform performs penetration testing by executing targeted attacks, discovering vulnerabilities, and validating them through real exploitation in web applications. The capital will scale delivery of continuous, scalable security testing to enterprises worldwide.
Unicorn Raise Fuels AI Pentest Surge
The round values Xbow at over $1B, following $75M Series B and $20M seed from Sequoia. It arrives as Escape raised $18M Series A on March 10, 2026, for similar AI pentesting. Xbow differentiates with independent HackerOne validation, where it topped the US leaderboard and uncovered original production vulnerabilities. This signals investor rush into autonomous tools amid AI threats.
AI Attackers Shrink Exploit Windows
Attackers leverage AI for 24/7 operations, outpacing annual manual pentests. AI-accelerated development floods apps with vulnerabilities, demanding continuous testing. Traditional scanners produce noise without exploit proof, leaving gaps in complex web apps. Enterprises like Moderna and Samsung SDS face rising compliance pressures for proven security.
Autonomous Hacker Validates Exploits
Xbow's multi-agent AI executes deep attack chains, like 1,060 autonomous attacks and 48-step paths to RCE. It delivers zero false positives with real exploitation, unlike DAST scanners such as Invicti ($145M+ funded). Recent launches include Public API for programmatic tests and Assessment Guidance for context-aware scoping. Deployed safely in production at 100+ customers, including Fortune 500.
As Oege de Moor, Founder and CEO, noted:
"Attackers are already using AI. Defenders need to move just as fast."
Growth VCs Back Proven Platform
DFJ Growth brings AI conviction from Scale AI and OpenAI; Northzone adds transatlantic scale from Spotify. Sequoia continues support after leading seed, drawn to cybersecurity plays like Snyk. Altimeter follows its Series B lead, while new investors Sofina and Alkeon signal growth equity conviction. NFDG Ventures connects via AI expertise from GitHub ties. Ramin Sayar joins the board.
Pentesting Market Scales to $5.5B
The penetration testing market stands at $2.72B in 2026, projected to reach $5.54B by 2031 at 15.29% CAGR per Mordor Intelligence. Competitors include Pentera ($250M funded) for breach simulation and Horizon3.ai ($100M+). AI integration drives shift to continuous testing as cloud and AI code expand attack surfaces. XBOW positions as leader with HackerOne-proven autonomy.
GitHub Copilot Creator Leads Charge
Founder Oege de Moor created GitHub Copilot and founded Semmle, acquired by GitHub in 2019 to form Advanced Security. His 30+ years in program analysis directly fuel XBOW's vuln detection. Team includes ex-GitHub Advanced Security alumni and professors from Oxford and Cambridge. Recent hires: CRO Niro Rajadurai, CMO Jonaki Egenolf, South Korea GM WonLae Lee.
Scaling Global with Exec Hires
Post-funding, Xbow launched on AWS Marketplace and eyes RSAC presence. New South Korea GM expands APAC amid Samsung SDS customer win. Exec hires target revenue growth; 100+ customers validate production readiness. Funds enable hyper-scale to counter AI attackers industry-wide.