XBOW Reaches Unicorn Status With $120 Million Series C to Scale Autonomous Offensive Security Platform

Seattle-based XBOW announced on March 18 that it has raised $120 million in Series C financing, crossing the billion-dollar valuation mark just over two years after its January 2024 founding. The round was co-led by DFJ Growth and Northzone, with new investors Sofina and Alkeon Capital joining existing backers Altimeter, NFDG Ventures, and Sequoia Capital. Total funding now stands at $237 million.

The company builds what it calls an autonomous hacker, an AI-powered platform that combines large language model reasoning with offensive security workflows modeled on real-world attack techniques. Rather than scanning for known vulnerability signatures, the system chains together multi-step exploitation paths to discover and validate flaws at a pace that manual penetration testing cannot match.

From GitHub Copilot to Autonomous Hacking

XBOW was founded by Oege de Moor, the computer scientist who created GitHub Copilot and GitHub Advanced Security before leaving to start the company. De Moor assembled a team drawn partly from the original Copilot engineering group, applying the same approach of using large language models not to generate code but to break it.

The company’s chief information security officer, Nico Waisman, previously served as CISO at Lyft, bringing operational security experience to a team rooted in AI research. The leadership bench expanded alongside the funding round with the appointments of Jonaki Egenolf as chief marketing officer, Dean Breda as general counsel, and Niro Rajadurai as chief revenue officer.

How the Platform Works

XBOW’s platform applies AI reasoning and adversarial workflows to continuously test applications in live production environments. The system identifies vulnerabilities, validates them through actual exploitation, and adapts to modern development cycles where new code ships daily. The company claims its approach maintains low false-positive rates, a persistent problem in automated security tooling that has historically limited adoption.

The platform reached the top of HackerOne’s leaderboard, the bug bounty marketplace where human security researchers compete to find vulnerabilities in exchange for payments. Achieving a top ranking on a platform designed around human expertise provided an early signal that the autonomous approach could match or exceed manual penetration testing in certain contexts.

Investors See a Category Shift

“XBOW was the first to demonstrate how large language models could be applied to offensive security at scale,” said Barry Schuler of DFJ Growth in the company’s announcement. Northzone’s Sanjot Malhi described the company as “rapidly emerging as a category leader,” noting that Fortune 500 and global enterprises are already using the platform.

As part of DFJ Growth’s investment, Ramin Sayar, the former CEO of cloud monitoring company Sumo Logic, will join XBOW’s board of directors. Ron Gabrisko, who comes from Databricks, was also named to the board.

Market Context

The funding arrives as AI-augmented cyberattacks grow more sophisticated. De Moor framed the investment in explicitly adversarial terms: “Attackers are already using AI. Defenders need to move just as fast. XBOW provides that continuous speed, and this funding enables us to bring it to the entire industry.”

The cybersecurity industry has long relied on periodic penetration tests conducted by human teams, an approach increasingly mismatched with continuous deployment practices. XBOW’s bet is that autonomous offensive testing running continuously in production will become a baseline expectation rather than a premium service, a shift that would reshape how organizations allocate security budgets.

The company has also begun international expansion, appointing WonLae Lee as general manager for South Korea earlier in 2026, signaling ambitions beyond the U.S. enterprise market where it initially gained traction.