Offensive security startup RunSybil Inc. said today it has closed on a $40 million round of funding to help enterprises find and fix critical vulnerabilities in their software before the attackers get to them first.

The round was led by Khosla Ventures and saw the participation of several venture capital heavy hitters, including Menlo Ventures, Anthropic PBC’s Anthology Fund, S32 and Conviction. Notable angel investors in the round include Elad Gil, Palo Alto Networks Chief Executive Nikesh Arora, Datadog Inc. President Amit Agarwal and Google DeepMind Chief Scientist Jeff Dean.

The investors RunSybil has managed to attract offer a big hint to the nature of RunSybil’s offensive security platform. It leverages autonomous artificial intelligence agents to simulate the behavior of sophisticated human hackers. Unlike traditional cybersecurity tools that require access to a company’s source code, RunSybil’s agents interact with systems via their standard interfaces, searching for forgotten endpoints and probing for authentication boundaries.

They use reasoning to try to replicate an attacker’s intuition, then chain together multiple minor vulnerabilities to try and uncover paths to sensitive data that’s usually overlooked by legacy scanning tools. It can be thought of as an AI-powered red team, looking to exploit systems and validate security gaps in real time.

RunSybil argues that traditional scanning tools leave a persistent visibility gap in cybersecurity due to their reliance on static code analysis and infrequent manual testing. While existing tools excel at identifying known patterns, they’re unable to replicate properly how attackers explore and manipulate live systems.

Enterprises also have the option to pay for traditional penetration testing, which offers a more thorough examination of its security, but this is done by human experts, meaning it’s slow and comes at a steep cost. As such, most companies do penetration testing only once or twice a year.

Some companies rely on bug bounty programs to entice third-parties to explore their systems looking for weaknesses, but the results of these can be inconsistent. Independent researchers are motivated by the rewards on offer, so they try to cherry-pick the easy-to-find bugs and secure a quick payout, rather than conducting more comprehensive assessments of a system’s architecture.

In other words, there are problems with every kind of cybersecurity testing method, said RunSybil co-founder and CEO Ari Herbert-Voss. “Both approaches miss huge chunks of your actual attack surface,” he said. “We’re the first to provide comprehensive black-box testing using AI to reason like a security researcher and find critical vulnerabilities without ever seeing a line of code.”

The startup says its novel approach has already delivered results for AI startups such as Cursor and Notion Labs Inc., as well as a number of unnamed Fortune 500 companies. Those companies report detecting critical flaws that were repeatedly missed by traditional bug bounty hunters and penetration tests.

It also claims to have reduced the number of false positives by 90% compared with standard security scanners. One advantage of RunSybil’s approach is that its AI agents learn from each previous interaction with a system, which means they become more capable over time. According to Herbert-Voss, it’s like having access to an elite, highly paid team of security researchers.

Khosla Ventures founder Vinod Khosla said RunSybil’s approach to security testing will lead to a fundamental shift in how modern software is protected. “We invest in founders who tackle large, unsolved problems with technically ambitious solutions,” he said. “Ari and Vlad are building exactly the kind of platform security teams will need as software complexity and AI-driven development accelerate.”

With its war chest, RunSybil plans to accelerate its research and development and expand its agentic security testing capabilities. At the same time, it will scale up its go-to-market teams and hire more researchers.

Image: RunSybil