XBOW Raises $120M to Let AI Agents Hack You Before Criminals Do
The creator of GitHub Copilot and GitHub Advanced Security just hit unicorn status with an autonomous hacking company. XBOW closed a $120M Series C led by DFJ Growth and Northzone, valuing the Seattle-based startup at over $1 billion. Sequoia, Altimeter, Sofina, and Alkeon Capital also participated, bringing total funding to $237 million.
XBOW does one thing: it uses AI agents to autonomously find and exploit real security vulnerabilities in your systems before attackers do. Not theoretical scans, not pattern matching. The agents reason through offensive security workflows using real attack techniques, then validate that the vulnerabilities are actually exploitable. They reached the top of the HackerOne leaderboard and are now deployed at some of the most security-forward companies in the world.
The timing is not accidental. RSAC 2026 just wrapped up and the conference made one thing clear: the agentic security market is exploding. XBOW sits at the intersection of two massive trends. First, enterprises need continuous security testing because the attack surface changes every time an AI agent deploys new code. Second, there are not enough human pentesters on the planet to keep up with the pace of AI-driven software development.
Founder Oege de Moor brings serious credibility. He built CodeQL at GitHub (now the backbone of GitHub Advanced Security) and co-created GitHub Copilot. The new board additions signal enterprise scaling: former Sumo Logic CEO Ramin Sayar joined from DFJ Growth, plus a new CMO, General Counsel, CRO, and GM for South Korea.
In a world where AI agents are writing more and more production code, you need AI agents hunting for the bugs those agents introduce. XBOW is the autonomous red team for the agentic era.
https://xbow.com
← Back to all articles
XBOW does one thing: it uses AI agents to autonomously find and exploit real security vulnerabilities in your systems before attackers do. Not theoretical scans, not pattern matching. The agents reason through offensive security workflows using real attack techniques, then validate that the vulnerabilities are actually exploitable. They reached the top of the HackerOne leaderboard and are now deployed at some of the most security-forward companies in the world.
The timing is not accidental. RSAC 2026 just wrapped up and the conference made one thing clear: the agentic security market is exploding. XBOW sits at the intersection of two massive trends. First, enterprises need continuous security testing because the attack surface changes every time an AI agent deploys new code. Second, there are not enough human pentesters on the planet to keep up with the pace of AI-driven software development.
Founder Oege de Moor brings serious credibility. He built CodeQL at GitHub (now the backbone of GitHub Advanced Security) and co-created GitHub Copilot. The new board additions signal enterprise scaling: former Sumo Logic CEO Ramin Sayar joined from DFJ Growth, plus a new CMO, General Counsel, CRO, and GM for South Korea.
In a world where AI agents are writing more and more production code, you need AI agents hunting for the bugs those agents introduce. XBOW is the autonomous red team for the agentic era.
https://xbow.com
Comments