depthfirst, an applied AI lab focused on software security, has announced a new funding round and has raised $40m in a Series A.
The round was led by Accel, with participation from Alt Capital, BoxGroup, Liquid 2 Ventures, Mantis VC and SV Angel. The round also included notable angel investors Jeff Dean, Kirsten Green, Colin Evans, Logan Kilpatrick and Julian Schrittwieser.
Founded in 2024, depthfirst develops AI-native security technology designed to detect, prioritise and remediate vulnerabilities across the full software stack. Its core platform, General Security Intelligence, is built to understand systems end-to-end, allowing it to operate at a pace that matches increasingly automated and AI-driven cyber threats.
The company is positioning its technology as a response to a rapidly changing threat landscape, where AI-assisted code generation has increased both the speed of software development and the volume of potential vulnerabilities. According to depthfirst, traditional security tools struggle to keep up with this shift, leaving organisations exposed to always-on, autonomous attackers rather than isolated human-led exploits.
The newly secured funding will be used to support research and development, expand go-to-market efforts and accelerate hiring across applied research, engineering, product and sales teams. depthfirst said the investment would also help it continue developing agents capable of identifying complex vulnerabilities earlier in the software lifecycle.
In the months since launching its product, the company claims its AI agents have identified significantly more true-positive vulnerabilities than conventional static analysis tools, while sharply reducing false positives. depthfirst also reported strong benchmark results on CyberGym, a widely used cybersecurity evaluation framework, and said it has already signed customers including Lovable, Supabase, Moveworks and AngelList.
depthfirst co-founder and CEO Qasim Mithani said, “We’ve entered an era where software is written faster than it can be secured. AI has already changed how attackers work. Defense has to evolve just as fundamentally.”
Damian Hasse, CISO at Moveworks, added, “depthfirst has fundamentally changed how we think about code security and quality at Moveworks. They not only find code defects and complex threats like backdoors and malware, but also proactively offer fixes. The result is stronger security and a measurable lift in code quality and review efficiency across the board.”
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
