# depthfirst

> depthfirst is a San Francisco applied AI lab building an AI-native security platform that detects, triages and remediates software vulnerabilities before attackers can exploit them. Its 'General Security Intelligence' uses custom AI agents and purpose-trained security models to read a company's code, business logic and infrastructure, surfacing more true-positive vulnerabilities while cutting false positives and delivering developer-ready fixes. Founded in 2024 by leaders from Databricks, Google DeepMind and Faire, the company raised $120M across Series A and B within a few months of leaving stealth.

- **Founded:** 2024
- **Headquarters:** San Francisco, California, United States
- **Founders:** Qasim Mithani (Co-founder & CEO), Andrea Michi (Co-founder & CTO), Daniele Perito (Co-founder)
- **Team size:** ~36 employees
- **Products:** Platform, Code, Supply Chain, Secrets, Agentic Pentesting
- **Notable:** Raised $120M total (Series A + Series B) within roughly 90 days of emerging from stealth., Reached a reported $580M valuation before turning two years old., Reports 8x more true-positive vulnerabilities than traditional static analysis while reducing false positives by 85%.

## Products & services

- **Platform** — An autonomous security command center that spans from code design through production environments.
- **Code** — AI vulnerability detection that reads code and business logic to find issues beyond traditional scanner capabilities, with real-time PR review.
- **Supply Chain** — Reachability analysis that surfaces which dependency components an attacker can actually reach, not just which are present.
- **Secrets** — Detects and prevents credential and secret leaks in repositories.
- **Agentic Pentesting** — AI agents that discover vulnerabilities in running code the way a human pentester would.
- **Dependency Firewall** — Detects malicious behavior in software dependencies before it reaches your build.
- **dfs-mini1** — A specialized security model, initially focused on cryptocurrency smart contracts, running at 10-30x lower cost than frontier models while outperforming them on the OpenAI EVMBench benchmark.

## Achievements

- Raised $120M total (Series A + Series B) within roughly 90 days of emerging from stealth.
- Reached a reported $580M valuation before turning two years old.
- Reports 8x more true-positive vulnerabilities than traditional static analysis while reducing false positives by 85%.
- 80% of its fix recommendations are accepted and merged by developers.
- Trained dfs-mini1, a security model that runs 10-30x cheaper than frontier models while outperforming them on OpenAI's EVMBench.
- Signed Fortune 500 and high-growth customers including ClickUp, Supabase, Lovable, incident.io and Moveworks.

## Latest updates

- **2026-03** — Announced an $80M Series B led by Meritech Capital at a reported $580M valuation, bringing total funding to $120M.
- **2026-01** — Emerged from stealth with a $40M Series A led by Accel to secure the world's software.
- **2025-12** — Made its AI-native security products generally available and began signing Fortune 500 and high-growth customers.

## Links

- Website: https://depthfirst.com
- LinkedIn: https://www.linkedin.com/company/depthfirst/
- Twitter/X: https://x.com/depthfirstlabs
- GitHub: https://github.com/DepthFirstDisclosures

---

Profile page: https://yespress.io/depthfirst
Published by YesPress — https://yespress.io
Last updated: 2026-07-12
