A team of former GitHub software engineers has secured $20 million in venture capital funding from Sequoia Capital to build a new company that uses AI to enhance the efficiency and effectiveness of pentesters, bug hunters, and security researchers.
The startup, called XBOW, is the brainchild of Oege de Moor (previously founded Semmle, sold to Microsoft’s GitHub) and multiple former GitHub software engineers working on automating vulnerability research and mitigation.
The leadership team also includes former Lyft CISO Nico Waisman, a researcher renowned for his expertise in offensive security and exploit mitigations.
In a note announcing the new startup, de Moor said XBOW stands out as the first AI product to autonomously pass 75% of web security benchmarks, accurately finding and exploiting vulnerabilities.
The benchmarks, provided by offensive research teams at PortSwigger and PentesterLab, are designed to train security professionals and cover a wide range of vulnerabilities. The XBOW chief executive said the product was also evaluated against 104 novel benchmarks created in-house and the AI successfully tackled 85% of these.
“Reading through these workings, I’m struck by how some of the solutions are delightfully original,” said de Moor. “In offensive security, hallucination can be a feature!”
The company published several case studies showcasing the capabilities of its AI technology and believes it can provide a significant boost for bug hunters and security researchers.
In addition to Semmle, now GitHub Advanced Security, de Moor was heavily involved in the creation of GitHub Copilot.
Related: GitHub Becomes CVE Numbering Authority, Acquires Semmle
Related: Code Analysis Firm Semmle Launches With $21 Million in Funding
Related: GitHub Announces General Availability of Code Scanning Feature