OX Appsec Security Ltd., a startup that helps developers find the most urgent vulnerabilities in their code, has raised $60 million to enhance its technology.

The Series B investment was announced today. Lead investor DTCP was joined by Microsoft Corp., IBM Ventures, Swisscom Ventures, Evolution Equity and Team8. OX Security’s total outside funding now stands at $94 million.

Not all the vulnerabilities in a company’s applications have a realistic chance of leading to a data breach. If a security flaw affects a workload that isn’t accessible from the public web, hackers have no way of exploiting it. Vulnerabilities in noncritical assets, such a virtual machine that doesn’t contain any business data, likewise pose a limited risk.

According to OX Security, the large number of non-urgent vulnerabilities in enterprise networks make it difficult to find issues that do require immediate remediation. The company has developed a cloud platform that promises to ease the task. The software uses artificial intelligence to evaluate whether a vulnerability can be exploited and, if so, what data it might expose.

If OX Security finds an employee password in a GitHub repository, its AI algorithms might start the evaluation by checking whether the repository is publicly accessible. In case it is, the platform can carry out simulated cyberattacks to determine whether the password could be used to log into important systems. 

After finding a vulnerability that poses a risk, OX Security evaluates the business impact of a potential breach. It can determine if the system affected by the vulnerability contains sensitive business data. Additionally, the platform identifies cases where a security flaw in one system could be used by hackers to compromise other technology assets.

Alongside code vulnerabilities, application programming interfaces are another source of risk in software projects. One of the main issues is that APIs sometimes go unnoticed, which means any security flaws they contain are left unfixed. OX Security says that its platform can automatically find all the APIs in an application environment and scan them for vulnerabilities.

The platform generates remediation suggestions for the security flaw it finds. If a code vulnerability isn’t fixed, OX Security can block it from rolling out to production.

“The OX Security Unified AppSec platform connects every signal across the software supply chain — code, pipeline, cloud, runtime — giving our customers a unified view of what’s real, what’s reachable, and how it impacts risk,” co-founder and Chief Executive Officer Neatsun Ziv wrote in a blog post. 

The company disclosed on occasion of today’s funding round that its annual recurring revenue has topped $10 million. It will use the capital to develop new features, including better AI models for determining the severity of vulnerabilities. OX Security plans to grow its international presence in conjunction.

Image: OX Security