Depthfirst, a startup focused on securing AI-driven software development, has closed a $40 million Series A to accelerate its platform and expand go-to-market. Accel led the round with participation from SV Angel, Mantis VC, and Alt Capital, signaling strong investor appetite for tooling that defends code, data, and pipelines shaped by generative AI.
Founded in 2024, the company positions itself as an “AI-native” security provider at a moment when both attackers and defenders are rapidly adopting machine learning. The raise underscores a broader shift: organizations are writing and deploying code faster with AI assist, while adversaries experiment with automated phishing, vulnerability discovery, and malware generation.
A Bet on AI-Native Defense for Modern Software
Depthfirst’s core product, General Security Intelligence, analyzes codebases, developer workflows, and build systems to surface risks that traditional scanners often miss in AI-accelerated environments. Beyond static checks, the platform monitors credentials exposure, hardcoded secrets, and dependencies across open source and third-party components, aiming to reduce the window between code creation and remediation.
The approach reflects how software is changing. With code now authored and refactored by AI, risky patterns can proliferate quickly, and security controls must move “upstream” into the IDE, the pull request, and the CI/CD pipeline. Vendors across the stack are chasing this shift; Depthfirst is staking its claim on continuous, model-aware analysis rather than episodic audits.
Investors and Early Traction for AI Security Startup
Accel’s participation adds weight to Depthfirst’s thesis and gives the company runway to hire in applied research, engineering, product, and sales. The startup says it has early partnerships with AngelList, Lovable, and Moveworks, a sign that AI-forward teams are looking for guardrails that fit developer workflows without slowing release velocity.
In practical terms, expect investment in integrations with source control, ticketing, and runtime observability, as security buying increasingly favors platforms that plug cleanly into existing SDLC toolchains. Investors are also watching for evidence that AI-aware findings translate into lower false positives—long the pain point for application security teams.
Why AI Security Is Suddenly Urgent for Developers and CISOs
Security researchers and enterprises alike report that adversaries are using generative models to scale social engineering, improve phishing copy, and triage targets. Threat labs have documented model-assisted vulnerability discovery and code obfuscation, while large vendors have detailed campaigns that blend automation with human operators. Anthropic, for instance, recently described disrupting an AI-orchestrated espionage effort, highlighting how rapidly the threat landscape is evolving.
At the same time, mainstream development now leans on AI coding assistants and expansive open source supply chains. Verizon’s Data Breach Investigations Report has long noted the dominant role of the human element, and when AI accelerates commits and merges, mistakes can propagate across microservices before traditional review cycles catch up. NIST’s Secure Software Development Framework and the AI Risk Management Framework, along with MITRE ATLAS for ML-specific threats, are shaping how teams measure and mitigate these new classes of risk.
Depthfirst’s value proposition sits at that intersection: prevent credential leaks and insecure patterns as they’re introduced, track exposure across dependencies, and give security teams explainable findings that map to established frameworks. If it can shorten mean time to remediate without burdening developers, it will earn a seat beside longstanding SAST, SCA, and secrets management tools.
Team with Dual DNA in AI Research and Security Ops
The leadership blends AI and enterprise security experience. CEO and co-founder Qasim Mithani previously worked at Databricks and Amazon, grounding the company’s approach in large-scale data and platform engineering. Co-founder Daniele Perito led security and risk engineering at Square, now part of Block, bringing hard-won lessons from payments and compliance-driven environments. CTO and co-founder Andrea Michi worked at Google DeepMind, adding research depth as the product tackles model-aware analysis.
Mithani has argued that software is now built faster than it can be secured, and that defenders must automate at least as aggressively as attackers. That perspective mirrors what CISOs are asking vendors to prove: measurable risk reduction aligned to developer speed.
What to Watch Next as Depthfirst Deploys Series A
Near term, the milestones to track include breadth of integrations across code hosts and CI/CD, support for model and data lineage in AI workflows, and independent validation of detection quality. Alignment to NIST, SOC 2, and ISO 27001 will matter for regulated buyers, while mapping security controls to MITRE ATT&CK and ATLAS can help teams operationalize findings.
With fresh capital, Depthfirst joins a competitive cohort pursuing AI and software supply chain security. If it can demonstrate lower time-to-fix and fewer noisy alerts—without compromising developer experience—it stands to become a default tool for organizations modernizing their AppSec programs for the GenAI era.
