Bright Security Inc., a startup using artificial intelligence to help companies improve the security of their applications, has closed a $20 million funding round led by Evolution Equity Partners.

Existing investors DNX Ventures, J-ventures, Fusion Fund and Incubate Fund also participated in the round, which was announced by Bright Security today. The San Francisco-based startup has raised $25.6 million in total funding to date. 

Bright Security provides a cloud service that uses AI to help developers check their applications for vulnerabilities. According to the startup, its service uncovers vulnerabilities by generating a series of simulated cyberattacks against the application that it’s evaluating.

Bright Security enables developers to simulate a variety of common hacking tactics. Using the startup’s platform, a software team can check if its application is vulnerable to SQL injections, a type of cyberattack in which hackers trick a program into leaking valuable business data. Bright Security can also simulate a variety of other online threats, including cross-site scripting attacks that attempt to infect websites with malicious code. 

The startup’s service detects more subtle security issues as well, such as so-called business logic vulnerabilities. A business logic vulnerability is cybersecurity risk that emerges when one of an application’s features is implemented incorrectly. This might mean, for example, an incorrectly implemented login menu that enables users to sign into an application even if they don’t enter a password. 

Bright Security says one of its service’s main advantages over other competition is its ability to prioritize threats. Tools designed to scan application code for vulnerabilities often surface bugs that represent a cybersecurity risk in theory, but in practice can’t be used by hackers to launch a cyberattack.

According to Bright Security, its service automatically filters false positives. This feature spares developers the hassle of investigating bugs that don’t pose a cybersecurity risk, while saving time, and helps software teams tackle urgent vulnerabilities sooner. 

Bright Security says its service’s features make it easier for software teams to implement shift-left testing, a popular approach to improving application security. In shift-left testing initiatives, developers use automated vulnerability scanning tools to resolve cybersecurity issues before they’re released to production. 

“In order for security to actually shift-left, developers need to be comfortable with such tools to ensure that they can integrate them in a meaningful way,” said Bright Security Chief Executive Officer Gadi Bashvitz. “We created a tool that caters to developers as well as AppSec teams, offering a solution that provides remediation solutions in developer speak as well as AppSec language to enable effective usage both pre- and post-production.”

The company says the free version of its service is used by developers at more than 4,000 organizations. Bright Security also has more than 50 paying customers, including “leading technology companies, global financial institutions and cybersecurity companies,” it said today.

Following its latest funding round, the startup reportedly plans to increase its headcount from 68 employees to more than 100 by the end of June. Bright Security intends to grow its engineering, marketing and sales teams as part of the initiative. The startup will also work to expand its service’s feature set.

Image: Unsplash