Artificial intelligence cybersecurity startup Grego AI formally launched today with a claimed method of using existing AI models to find critical software vulnerabilities that human auditors and other automated tools routinely miss.

Founded in 2024, the company calls its approach Deep Invariant Analysis. The tool scans a full codebase and works out how each module and dependency links to the next.

Smaller agents are turned loose in sandboxes, with each one following a different route through the stack. In the case where one of the agents spots something that looks like a weakness, it puts together a proof-of-concept exploit and fires it off.

The bug is either confirmed as reproducible or thrown out.

Grego AI argues that the bugs it is built to surface are not the kind a developer spots in a code review. In a big codebase, the worst flaws often only show up once five, six or seven layers of dependencies start behaving in ways nobody expected. Human auditors typically cannot see that far into the stack and existing static and dynamic testing tools were not built to reason across that depth.

The company says that its system has identified and helped patch a vulnerability in a major blockchain protocol that, if exploited, would have allowed an attacker to drain $27.7 million. The fix earned the company a $250,000 payout, which it described as the largest bug bounty ever paid for a flaw discovered entirely by an AI system. The protocol involved was not named.

Web3 was chosen as a proving ground because crypto protocols are heavily audited and a single missed flaw translates directly into lost funds. The longer-term target is conventional enterprise software, including financial infrastructure, healthcare systems, cloud platforms and government and defense code.

Grego AI was co-founded by Chief Executive Officer Justus Hanna, a top-30 globally ranked bug bounty hunter and Chief Technology Officer Gregorio Maspero, a 24-year-old national mathematics olympiad gold medalist. The company said it has built proprietary architecture, training methodology, multi-agent sandbox orchestration and a self-refinement pipeline around general-purpose foundation models to push reasoning capability beyond what those models exhibit out of the box.

“The frontier models from the leading labs all have a big reasoning limitation,” said Maspero. “Even for their max versions, they can’t hold and trace complex logic across many layers of interacting systems, and no AI lab was able to solve this. But we did.” Maspero added that the company has been approached by one of the major AI labs to discuss the work, though he declined to name which one.

Grego AI is funded by cyber•Fund and is also backed by Guillermo Rauch, founder and CEO of Vercel Inc.

Image: SiliconANGLE/Ideogram