Breaking: depthfirst raises $80M Series B led by Meritech Total funding hits $120M in under 90 days Reported valuation: $580M 8x more true-positive vulnerabilities vs. static analysis 85% fewer false positives 80% of fixes merged by developers Customers: ClickUp · Supabase · Lovable · incident.io · Moveworks Founded 2024 · San Francisco Breaking: depthfirst raises $80M Series B led by Meritech Total funding hits $120M in under 90 days Reported valuation: $580M 8x more true-positive vulnerabilities vs. static analysis 85% fewer false positives 80% of fixes merged by developers Customers: ClickUp · Supabase · Lovable · incident.io · Moveworks Founded 2024 · San Francisco
The YesPress Profile · Applied AI Lab · Cybersecurity

depthfirst.

The security lab that reads your code the way an attacker would - then hands the developer a fix, not another alert.

San Francisco  /  Founded 2024  /  $120M raised  /  ~36 people
depthfirst logo and brand
depthfirst, photographed as it likes to be seen: a wordmark, a promise, and a great deal of venture capital. The "." is doing a lot of work.

$120MTotal Raised
$580MReported Valuation
8xTrue Positives
80%Fixes Merged
The Feature

A Company That Sells Fewer Alerts

Most security vendors sell you more things to worry about. depthfirst is trying to sell you fewer.

Here is a fact about software security that is both obvious and slightly depressing: the amount of code in the world is going up, the speed at which it is written is going up, and - thanks to AI writing a lot of that code - both curves are getting steeper. Meanwhile the number of humans who can carefully read code for the one line where a bug becomes a breach is going up much more slowly, if at all. This is a supply-and-demand problem, and depthfirst's entire pitch is that you cannot solve it by hiring. You solve it by pointing machines at the problem, because the machines are also what created it.

depthfirst is a San Francisco company, founded in 2024, that calls itself an "applied AI lab." That phrase is worth pausing on, because it is doing two jobs at once. "Applied" means: we ship a product you can buy, today, that plugs into your developers' pull requests. "AI lab" means: we also train our own models, and we would like you to think of us as a research shop, in the way you think of the frontier labs. Most security companies are one or the other. depthfirst insists on being both, and it has raised $120 million to prove the combination isn't just a slide.

The product is organized around an idea the company brands as "General Security Intelligence" - a deliberate, slightly cheeky play on "artificial general intelligence." The claim is not that depthfirst has built a magic brain. The claim is narrower and more useful: an AI agent that reads your code, your business logic, and your infrastructure together can find vulnerabilities that a scanner looking at any one layer in isolation will miss. A traditional static analysis tool sees a function. depthfirst's agents are supposed to see the function, understand what the application does, and reason about whether an attacker could actually reach that line and do something bad with it.

"To win in security, companies will need to deploy security-specific models in products optimized for real security workflows."
Qasim Mithani · Co-founder & CEO

If you have ever run a security scanner, you know the real enemy is not missed bugs. It is false positives - the thousand red alerts that turn out to be nothing, which train your developers to ignore all of them, including the one that mattered. depthfirst's headline numbers are aimed squarely at this. The company says its agents surface roughly 8x more true-positive vulnerabilities than traditional static analysis while cutting false positives by about 85%. Those are the company's own figures, and any buyer should test them, but the direction is the interesting part: more signal, less noise.

The number that actually reveals the strategy, though, is this one: depthfirst says 80% of its fix recommendations get accepted and merged by developers. This is a subtle but important choice of metric. Plenty of tools can tell you something is wrong. Far fewer can write the fix, in your codebase, in a way an engineer looks at and thinks "yes, ship it." The fix-accept rate is a trust metric. It is the difference between a tool that generates work and a tool that removes it.

How do you build agents that developers trust? depthfirst's answer, and the reason it needed the second $80 million, is that you train your own models. The company has built a specialized security model it calls dfs-mini1, which it first pointed at cryptocurrency smart contracts - a domain where a single overlooked bug can drain a wallet in seconds and where adversaries are relentless. depthfirst says the model runs at 10-30x lower cost than frontier models while outperforming them on OpenAI's EVMBench. The bet embedded here is the whole company's thesis: for the highest-stakes, most repetitive slice of a real workflow, a small model trained on exactly that task beats a giant model trained on everything.

"In our case, that means vulnerability detection and verification. The result is a model that can be cheaper to run, and better at the task."
Andrea Michi · Co-founder & CTO

The founding team is the kind that makes investors return phone calls quickly. CEO Qasim Mithani built developer and security products in the early days of AWS, then became an early leader at Databricks, where he built the infrastructure and enterprise platform from the ground up. CTO Andrea Michi was a Research Engineering Lead at Google DeepMind, where he worked on reinforcement learning for Gemini and AlphaDev and published in Nature. Co-founder Daniele Perito co-founded the wholesale marketplace Faire, led security and fraud at Cash App in its early days, and did postdoctoral security research at UC Berkeley. That is a security operator, a frontier-model researcher, and a repeat founder in one room, which is roughly the exact resume you would design if you were trying to build "an AI lab, but for security."

Investors agreed, and did so at a speed that is itself a small story. Accel led a $40 million Series A that depthfirst announced in January 2026 as it emerged from stealth, with backers including Jeff Dean, Kirsten Green, and Logan Kilpatrick. Then - less than 90 days later - Meritech Capital led an $80 million Series B, with Forerunner Ventures and The House Fund joining, at a reported $580 million valuation. Two rounds in a single quarter, before the company turned two. In venture terms this is a market voting with unusual conviction that AI-native security is a category, not a feature.

What can you actually do with depthfirst? If you run an engineering org, you point it at your repositories and it reviews pull requests in real time, flags reachable supply-chain risks (not just every dependency that exists, but the ones an attacker can actually touch), catches leaked secrets before they ship, and runs agentic pentests against your running code. When it finds something, it doesn't just file a ticket - it proposes the patch. The company says customers already include ClickUp, Supabase, Lovable, incident.io, Moveworks, Persona, AngelList, and Corelight; Persona has said it doubled its code-security coverage using the platform.

The honest caveat, which depthfirst would probably agree with, is that the numbers here are early and largely self-reported, and "AI agents that autonomously secure your software" is a sentence that has to survive contact with real, weird, adversarial production systems. Agentic pentesting still wants a human in the loop. Model claims want independent benchmarks. But the underlying observation - that software is now written faster than humans can review it, and that the only thing fast enough to keep up is more software - is not really in dispute. depthfirst's wager is that it can be the software that keeps up. It has $120 million and a very good founding team to find out.

The Platform

Six Things It Does

Autonomous security, from code design through production. One command center, several agents.

Command Center

Platform

An autonomous security command center spanning design through production - the single place the agents report in.

Detection

Code

Reads code and business logic to find vulnerabilities scanners miss, with real-time pull-request review and developer-ready fixes.

Dependencies

Supply Chain

Reachability analysis: which components an attacker can actually reach, not merely which are present in your tree.

Leaks

Secrets

Detects and prevents credentials and secrets from leaking into repositories before they ship.

Offense

Agentic Pentesting

AI agents that probe running code the way a human pentester would - finding vulnerabilities in live systems.

Defense

Dependency Firewall

Detects malicious behavior in dependencies before it reaches your build pipeline.

The Money

$120M in a Single Quarter

Two rounds inside 90 days, from Series A to Series B, at a reported $580M valuation. The bars below show round sizes.

Series A · Jan 2026 · led by Accel$40M
Series B · Mar 2026 · led by Meritech$80M
Series A investors

Accel led

Alt Capital, BoxGroup, Liquid 2 Ventures, Mantis VC, SV Angel, plus angels Jeff Dean, Kirsten Green, Colin Evans, Logan Kilpatrick and Julian Schrittwieser.

Series B investors

Meritech Capital led

Forerunner Ventures and The House Fund joined, alongside existing backers Accel, BoxGroup, Liquid 2 Ventures, Alt Capital and Mantis VC.

The Founders

A Security Operator, a Researcher, a Repeat Founder

Co-founder & CEO

Qasim Mithani

Built developer and security products at early AWS, then became an early leader at Databricks, building its infrastructure and enterprise platform from the ground up.

Co-founder & CTO

Andrea Michi

Research Engineering Lead at Google DeepMind on reinforcement learning for Gemini and AlphaDev; published his work in Nature.

Co-founder

Daniele Perito

Co-founded the marketplace Faire, led security and fraud at early Cash App, and was a postdoctoral security researcher at UC Berkeley.

The Timeline

Stealth to $580M, Fast

2024

Founded in San Francisco

Leaders from Databricks, Google DeepMind and Faire team up to secure the world's most important software.

2025

Products go generally available

The platform ships - Code, Supply Chain, Secrets, Agentic Pentesting and Dependency Firewall - and first enterprise customers sign on.

2026

$40M Series A & exit from stealth

Accel leads the round in January as depthfirst publicly launches its General Security Intelligence platform.

2026

$80M Series B at ~$580M valuation

Meritech Capital leads in March, taking total funding to $120M inside a single quarter.

The Questions

Frequently Asked

What does depthfirst do?
It builds an AI-native security platform that uses custom AI agents and specialized models to detect, triage and remediate software vulnerabilities across code, dependencies, secrets and infrastructure - and delivers developer-ready fixes.
Who founded depthfirst and when?
Founded in 2024 by Qasim Mithani (CEO, ex-Databricks and AWS), Andrea Michi (CTO, ex-Google DeepMind) and Daniele Perito (co-founder of Faire, ex-Cash App).
How much funding has it raised?
$120M total - a $40M Series A led by Accel in January 2026 and an $80M Series B led by Meritech Capital in March 2026, at a reported $580M valuation.
Who uses depthfirst?
Fortune 500 companies and fast-growing software businesses, including ClickUp, Lovable, Supabase, incident.io, Moveworks, Persona, AngelList and Corelight.
How is it different from a traditional scanner?
Rather than emitting more alerts, it reads code, business logic and infrastructure together to find more true positives, cut false positives, and auto-generate fixes that developers merge roughly 80% of the time.
Connect & Share

Follow depthfirst

Sources: depthfirst.com, Forbes, TechCrunch, SiliconANGLE, SecurityWeek, Accel, BusinessWire. Figures are company-reported unless otherwise noted and are approximate.