Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation

Autonomous offensive security company XBOW on Wednesday announced raising $120 million in a Series C funding round to scale its AI-powered platform that autonomously discovers and validates software vulnerabilities. The round, which values the company at over $1 billion, was led by DFJ Growth and Northzone. The investment also included participation from Sofina, Alkeon Capital, Altimeter, NFDG Ventures, and Sequoia Capital.  This latest funding, which brings the total raised by the Seattle-based company to $237 million, will be used to accelerate expansion, fuel product innovation, and support international growth. XBOW uses AI reasoning and adversarial workflows to continuously test applications for security flaws. Unlike traditional point-in-time penetration testing, the platform operates autonomously to identify and validate vulnerabilities at machine speed, aiming to keep pace with both modern development cycles and AI-powered attackers.  The company validates its platform through testing on live systems, having previously demonstrated its capabilities by reaching the top of the HackerOne leaderboard. The XBOW platform is designed to execute targeted attacks autonomously, allowing security teams to explore deeper attack paths than traditional testing typically allows. Every potential finding is independently validated through real exploitation, providing teams with clear, reproducible proof and eliminating theoretical risks and scanner noise.  The system aims to work alongside security experts by automating exploration and validation, freeing them to focus on investigation, judgment, and remediation. The company was founded by Oege de Moor, creator of GitHub Copilot and GitHub Advanced Security, and includes a core group of engineers from the original Copilot team. Nico Waisman, formerly CISO at Lyft, serves as the company’s CISO. He assembled a team of human hackers to help train the XBOW system.  “When I founded XBOW in January 2024, few believed AI could truly think like a hacker and operate at machine speed. We proved it. XBOW reached the top of the HackerOne leaderboard and is now deployed at some of the most security-forward companies in the world,” said de Moor. “Attackers are already using AI. Defenders need to move just as fast. XBOW provides that continuous speed, and this funding enables us to bring it to the entire industry.” Related: Manifold Raises $8 Million for AI Detection and Response Related: Cloud Security Startup Native Exits Stealth With $42 Million in Funding Related: Tech Giants Invest $12.5 Million in Open Source Security WRITTEN BY SecurityWeek News More from SecurityWeek News Surf AI Raises $57 Million for Agentic Security Operations Platform In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown Webinar Today: Securing Fragile OT in an Exposed World In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity Fig Security Launches With $38 Million to Bolster SecOps Resilience In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI Latest News The Collapse of Predictive Security in the Age of Machine-Speed Attacks Cloud Security Startup Native Exits Stealth With $42 Million in Funding ‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors Virtual Summit Today: Supply Chain & Third-Party Risk Summit EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches Manifold Raises $8 Million for AI Detection and Response Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Nudge Security has appointed Patrick Dillon as Chief Revenue Officer. Arctic Wolf has named Will May as its Chief Revenue Officer. Palo Alto Networks has named Danielle Gonzalez as its new Chief People Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email