depthfirst secures $40m Series A for AI-driven software security
Applied AI security startup depthfirst has raised a $40m Series A round to push its vision of AI-native software defense into the enterprise. The San Francisco-based company says the funding will accelerate development of its General Security Intelligence platform, designed to keep pace with increasingly automated cyber threats.
For eeNews Europe readers working on complex software stacks, embedded systems, and cloud-connected products, the news matters because security tooling is struggling to keep up with AI-driven development. As developers produce and deploy code faster and across more environments, organizations need new approaches to vulnerability detection and remediation.
Funding and platform ambitions
The Series A round was led by Accel, with participation from Alt Capital, BoxGroup, Liquid 2 Ventures, Mantis VC and SV Angel, alongside a group of high-profile angel investors including Jeff Dean, Kirsten Green and Julian Schrittwieser. depthfirst positions itself as an applied AI lab focused on “securing the world’s software” across all layers, from application code to infrastructure.
At the core of the company’s offering is General Security Intelligence, an AI agent-based platform that aims to understand an organization’s systems end to end. Rather than relying on static rules or narrow scans, the system detects, triages, and remediates vulnerabilities in ways that mirror how modern attackers operate—automated, continuous, and adaptive.
“We’ve entered an era where software is written faster than it can be secured,” said Qasim Mithani, co-founder and CEO of depthfirst. “AI has already changed how attackers work. Defense has to evolve just as fundamentally.”
Early traction and performance claims
depthfirst only launched its product four months ago, but it is already making bold performance claims. According to the company, its agents uncover eight times more true-positive vulnerabilities than traditional static analysis tools, while cutting false positives by 85%. On CyberGym, a well-known cybersecurity evaluation framework, its model reportedly delivered a 90% performance improvement over previous benchmarks.
The startup has also signed up customers including Lovable, Supabase, Moveworks and AngelList. User feedback emphasizes automation and context awareness rather than raw alert volume.
“depthfirst felt like adding an autonomous senior product-security engineer to our team at AngelList,” said Alberto Martinez, Head of Security, AngelList. “It quickly surfaced our top issues and got smarter over time by tracking context across scans, eliminating false positives, and opening ready-to-merge fixes our developers immediately understand. It’s doubled the efficiency of our security-engineering team.”
Building AI-native defense
depthfirst says many existing security tools focus on yesterday’s threats and struggle in an AI-accelerated attack landscape.Its approach goes beyond surface-level scans to model code, system context and threat scenarios, with a focus on catching vulnerabilities before exploitation.
“depthfirst has fundamentally changed how we think about code security and quality at Moveworks,” said Damian Hasse, CISO, Moveworks. “They not only find code defects and complex threats like backdoors and malware, but also proactively offer fixes. The result is stronger security and a measurable lift in code quality and review efficiency across the board.”
Founded in 2024 by alumni of Google DeepMind, Databricks and Faire, depthfirst plans to use the new funding to expand R&D, go-to-market efforts and hiring. Accel partner Sara Ittelson summed up the investment case: “depthfirst has the industry background and team best poised to transform this $400B corner of the enterprise market, and just in time as AI and agentic tools become widely adopted.”
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
