XBOW has landed a $120 million Series C round, crossing the $1 billion valuation mark and giving one of cybersecurity’s more closely watched AI startups a serious war chest for expansion. The financing was led by DFJ Growth and Northzone, with new participation from Sofina and Alkeon Capital alongside existing investors including Altimeter, NFDG Ventures, and Sequoia Capital. The deal is not just a capital event. It is also a signal that investors increasingly believe offensive security, long dependent on scarce human talent and periodic testing cycles, is entering a more automated phase in which continuous machine-led adversarial testing becomes a core layer of enterprise defense.
The company’s pitch lands in a moment when the logic of cyber defense is shifting fast. For years, attackers were limited by headcount, expertise, and time. AI changes that equation. Adversaries can now probe more surfaces, more often, across more environments, while engineering teams continue to push code faster and more frequently. That combination makes traditional point-in-time penetration testing feel a bit like an older security rhythm colliding with a much faster software and threat environment. XBOW is positioning itself as the answer to that gap, arguing that defenders need autonomous systems that can reason, test, validate, and adapt at machine speed rather than relying only on periodic human engagement.
Founder and CEO Oege de Moor framed the company’s rise as proof that AI can do more than assist security teams around the edges. According to XBOW, the platform has already demonstrated that autonomous systems can safely operate in live production environments, continuously uncovering deep vulnerabilities while keeping false positives low. That claim matters because the enterprise security market is usually skeptical, and for good reason. Security buyers do not just want flashy automation. They want evidence that an AI-driven system can find real problems without flooding already stretched teams with noise. XBOW’s argument is that it has moved beyond the demo stage and into practical deployment, which is exactly the threshold investors tend to care about when category creation starts turning into revenue scale.
The pedigree around the company adds to that narrative. De Moor is known as the creator of GitHub Copilot and GitHub Advanced Security, and XBOW has been built with engineers from the original Copilot team. Nico Waisman, formerly Lyft’s CISO, joined early and helped shape the company’s safety and deployment model, while also assembling elite human hackers to train the system in adversarial thinking. That mix of frontier AI talent and experienced operators from real security environments is part of what makes XBOW more interesting than a generic “AI for cybersecurity” story. The company is not merely claiming to automate scans. It is trying to replicate, at least in part, the iterative reasoning and exploit-hunting behavior of real attackers.
The new capital will now be used to scale that proposition across enterprise markets, expand internationally, and deepen the product itself. XBOW has also been building out its executive bench, adding new board and leadership appointments in marketing, legal, revenue, and international management, including a South Korea general manager earlier this year. Those moves suggest a company preparing for a more global commercial push rather than staying in pure product-build mode. That is often the real tell. Startups can talk about category leadership all day, but once they start adding go-to-market muscle and regional operators, they are signaling that the next battle is adoption, procurement, and enterprise standardization.
What makes this funding round notable, really, is that it reflects a broader strategic thesis. Cybersecurity is entering an autonomous era not because the industry suddenly loves automation for its own sake, but because the attack surface is growing faster than human workflows can realistically cover. If AI is making attackers more persistent and more scalable, then defenders are under pressure to respond in kind. XBOW is betting that autonomous offensive security becomes a permanent category, not a temporary curiosity. With $120 million in fresh funding and a unicorn valuation behind it, the company now has the capital, visibility, and expectations to try to prove that this is where security testing is headed next.
Leave a Reply