Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW

A team of former GitHub engineers has secured $20 million in venture capital funding to build AI-powered security tools.

A team of former GitHub software engineers has secured $20 million in venture capital funding to build a new company that uses AI to enhance the efficiency and effectiveness of pentesters, bug hunters, and security researchers.

The startup, called XBOW, is the brainchild of Oege de Moor (previously founded Semmle, sold to Microsoft’s GitHub) and multiple former GitHub software engineers working on automating vulnerability research and mitigation.

The leadership team also includes former Lyft CISO Nico Waisman, a researcher renowned for his expertise in offensive security and exploit mitigations.  

In a note announcing the new startup, de Moor said XBOW stands out as the first AI product to autonomously pass 75% of web security benchmarks, accurately finding and exploiting vulnerabilities. 

The benchmarks, provided by offensive research teams at PortSwigger and PentesterLab, are designed to train security professionals and cover a wide range of vulnerabilities. The XBOW chief executive said the product was also evaluated against 104 novel benchmarks created in-house and the AI successfully tackled 85% of these.

“Reading through these workings, I’m struck by how some of the solutions are delightfully original,” said de Moor. “In offensive security, hallucination can be a feature!”

Advertisement. Scroll to continue reading.

The company published several case studies showcasing the capabilities of its AI technology and believes it can provide a significant boost for bug hunters and security researchers.

In addition to Semmle, now GitHub Advanced Security, de Moor was heavily involved in the creation of GitHub Copilot.

Related: GitHub Becomes CVE Numbering Authority, Acquires Semmle

Related: Code Analysis Firm Semmle Launches With $21 Million in Funding

Related: GitHub Announces General Availability of Code Scanning Feature

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.