DepthFirst, an applied AI lab focused on securing software infrastructure, has raised $80m in a Series B funding round.
The round was led by Meritech Capital, with participation from Forerunner Ventures and The House Fund, alongside existing backers including Accel, Box Group, Liquid 2 Ventures, Alt Capital, and Mantis VC.
The latest raise comes fewer than 90 days after the company emerged from stealth mode with a $40m Series A, bringing its total capital raised to $120m.
The speed of the follow-on round reflects growing investor appetite for AI-native approaches to cybersecurity, a sector that has long been dominated by legacy platforms.
DepthFirst was founded on the premise that success in high-stakes AI domains requires two things: products that address genuine customer problems, and specialised models fine-tuned to the most critical tasks within each domain.
Its platform is designed to reason across entire software systems, identify real risk, and deliver precise fixes directly within developer workflows — enabling organisations to secure software at the pace it is produced.
Alongside the funding announcement, the company unveiled its first in-house security model, dfs-mini1. Initially focused on securing cryptocurrency smart contracts, the model was built on an open-source foundation and post-trained through reinforcement learning in security-specific environments.
It was evaluated against OpenAI’s EVMBench benchmark for smart contract vulnerabilities. In early testing, dfs-mini1 outperformed frontier models at between 10 and 30 times lower cost, with internal evaluations suggesting the model can also generalise to other security tasks beyond smart contracts.
The new capital will be used to train additional security models across new domains, expand depthfirst’s AI research team, and accelerate enterprise adoption.
Since making its products generally available in late 2025, depthfirst has partnered with a range of Fortune 500 companies and high-growth software businesses, including ClickUp, Lovable, Supabase, incident.io, and Moveworks. The company reports that 80% of its fix recommendations are accepted and merged by developers, alongside significantly higher recall rates compared to alternative approaches.
Depthfirst co-founder and CEO Qasim Mithani said, “Recent public-market reactions suggest investors are starting to recognize that AI will disrupt the legacy security stack. But to win in security, companies will need to deploy security-specific models in products optimized for real security workflows. To build these models, you need specialized data, domain-specific evaluation, and deep expertise in post-training. Our team is one of the few in security able to do that.”
Depthfirst CTO Andrea Michi said, “When you own the training process, you can optimize for what actually matters in your domain. In our case, that means vulnerability detection and verification. The result is a model that can be cheaper to run, better at the task, more responsive to continued investment than a general-purpose system.”
Copyright © 2026 FinTech Global
Copyright © 2018 RegTech Analyst
