Exclusive: AI cybersecurity startup RunSybil raises $40 million in round led by Khosla Ventures

Applications of AI


RunSybil, an AI cybersecurity startup that uses AI agents to automatically hack companies’ software to find security weaknesses, has secured $40 million in venture capital funding.

The round was led by Khosla Ventures with participation from S32, Anthropic and Menlo Ventures’ Anthology Fund, Conviction, and Elad Gil, as well as angel investors including Nikesh Arora, Amit Agarwal, and Jeff Dean, and founders and leaders of companies including OpenAI, Palo Alto Networks, Stripe, and Google.

The company did not disclose the valuation it achieved with the new funding round.

Sybil, the company’s AI agent, performs continuous autonomous penetration testing on running applications to discover, exploit, and document real-world security vulnerabilities without human involvement. This is different from other security tools being talked about today, such as Claude Code Security, which analyzes application source code to find known vulnerabilities before deployment.

Instead, RunSybil probes live systems by testing software that is already running, probing them like a hacker would, chaining together vulnerabilities, and testing authentication boundaries to find paths to sensitive data.

Automate “ethical hacking”

Companies have long used a combination of penetration tests, where outside security experts, or “ethical hackers,” attempt to penetrate their systems. A bug bounty program that rewards independent hackers for reporting flaws. and an internal “red team” that simulates an actual cyberattack. RunSybil says its AI systems can automate much of that work and continuously probe applications for vulnerabilities as new code is deployed.

RunSybil argues that this type of automation is becoming necessary as AI reshapes the way companies operate. Procurement, legal, finance, engineering, and operations are all being reimagined using AI, including the increased use of AI agents. However, security testing is still often treated as a separate scheduled event managed by separate teams on their own timelines. This mismatch can be especially difficult for highly regulated industries such as finance, insurance, and healthcare, which face strict legal and auditing requirements regarding cybersecurity.

RunSybil was co-founded in 2023 by Ari Herbert-Voss, who joined OpenAI as its first security research hire in 2019, and Vlad Ionescu, who previously led the offensive security red team at Meta. They say they represent a rare intersection: people who understand how to build cutting-edge AI systems and how to hack complex software.

“We’re checking all the boxes: auditors, regulators, compliance teams,” Herbert Foss said. But the real work, he said, is to transform where, when and how customers discover and fix security issues, “not as a project, but as a permanent feature built into how they’re built.”

The “cutting edge” of the AI ​​security frontier

said Vinod Khosla, who was an early bet on OpenAI in 2019 and frequently invests in companies he believes are at the frontier of technology. luck “What it takes to add security and penetration testing to the world of AI is definitely a frontier, and RunSybil is at the forefront of that.” He said there is little competition in this part of the offensive security market right now, but established security companies like Palo Alto Networks could eventually move into the space.

For now, “no one knows much about it except for…” [Herbert-Voss]”We invest in founders who are tackling big unsolved problems with technologically ambitious solutions,” he said, adding that he has long been concerned about AI cyber capabilities falling into the hands of adversaries such as China.[Herbert-Voss and Ionsecu] As software complexity and AI-driven development accelerate, we’re building exactly the kind of platform security teams need. ”

Herbert Voss has been immersed in both hacking and AI for many years. Growing up in a predominantly Mormon community in Utah, he said he was drawn to the world of online hacking in middle school and high school, but turned away when his friends “started getting arrested.” He first learned about OpenAI while pursuing his Ph.D. at Harvard University, researching machine learning and how to make algorithms more efficient.

He said he left Harvard convinced that rapidly scaling AI models could unlock powerful new capabilities by training larger systems with more data and computing power.

Evolving your cyber capabilities with an LLM

“After OpenAI dropped GPT-2, I thought, wow, this changes all the economics of running a cyber campaign,” he explained. He sent several hacker demos to OpenAI CEO Sam Altman and Jack Clark, OpenAI’s then-head of policy and later co-founder of Anthropic. They expressed concerns about the potential for abuse of LLM and asked Herbert-Voss to take charge of the security investigation.

However, Herbert Voss said that by 2022, we are beginning to see how quickly offensive cyber capabilities will evolve once strong language models become widely available, including to malicious actors. Similar advances could dramatically expand cyber threats, he said. This led to Herbert-Voss’ decision to leave OpenAI and start RunSybil as a research project.

RunSybil currently works with startups like Cursor, Turbopuffer, Notion, Baseten, and Thinking Machines Lab, as well as what the company calls major financial institutions and Fortune 500 companies. (The company declined to name its Fortune 500 companies or financial customers.) Herbert Voss said customers have already reported finding critical vulnerabilities that weren’t detected using traditional methods.



Source link