# OX Security

> OX Security is an application security company that built an Active Application Security Posture Management (ASPM) platform to give development and security teams a single, code-to-cloud view of software risk. Founded in 2021 by Check Point veterans Neatsun Ziv and Lior Arzi, OX consolidates scanning across the software development lifecycle - from source code and open-source dependencies to CI/CD pipelines and cloud - then uses context and attack-path analysis to surface the roughly 5% of vulnerabilities that are actually exploitable and reachable, so teams stop drowning in alerts. The company raised a $60M Series B in May 2025 (total funding around $94-101M) with backing from DTCP, IBM, Microsoft's M12, Evolution Equity, Team8 and others.

- **Founded:** 2021
- **Headquarters:** New York, United States (with R&D in Tel Aviv, Israel)
- **Founders:** Neatsun Ziv (Co-Founder & CEO), Lior Arzi (Co-Founder & CPO)
- **Team size:** ~170 employees
- **Products:** OX Active ASPM Platform, OX VibeSec, PBOM (Pipeline Bill of Materials), OSC&R Framework, Attack Path Reachability Analysis
- **Notable:** Raised $60M Series B in May 2025, bringing total funding to roughly $94-101M., Co-created the OSC&R open framework - the first ATT&CK-style matrix for software supply chain attacks., Named 'Application Security Company of the Year' in the 8th Annual CyberSecurity Breakthrough Awards.

## Products & services

- **OX Active ASPM Platform** — End-to-end application security posture management that maps risk from source code to cloud workloads, correlates findings across scanners, and prioritizes by exploitability and reachability.
- **OX VibeSec** — AI-driven security agent that streams real-time security context into IDEs, AI coding assistants and CI/CD pipelines, and continuously enforces security policies.
- **PBOM (Pipeline Bill of Materials)** — Proprietary extension of SBOM that records source components, pipeline configs, CI/CD tool versions, artifact signatures, deployment targets and approver identities for full software lineage.
- **OSC&R Framework** — Open Software Supply Chain Attack Reference - an ATT&CK-style matrix for supply chain threats, co-created with security experts from Google, Microsoft and GitLab.
- **Attack Path Reachability Analysis** — Analysis that determines whether a vulnerability is actually reachable and exploitable in context to cut false positives.
- **OX Agentic Pentester** — Agentic security capability within the platform that tests and validates exposure across the pipeline.

## Achievements

- Raised $60M Series B in May 2025, bringing total funding to roughly $94-101M.
- Co-created the OSC&R open framework - the first ATT&CK-style matrix for software supply chain attacks.
- Named 'Application Security Company of the Year' in the 8th Annual CyberSecurity Breakthrough Awards.
- Recognized as a Leader in the 2026 Gartner Magic Quadrant for Software Supply Chain Security (company-reported).
- Grew to 200+ enterprise customers and crossed ~$10M ARR.
- Introduced PBOM and Attack Path Reachability Analysis to reduce false positives in AppSec.

## Latest updates

- **2025-05** — Closed a $60M Series B led by DTCP with participation from IBM, Microsoft, Swisscom Ventures, Evolution Equity and Team8.
- **2025** — Launched VibeSec and reframed its platform around 'Active ASPM' for AI-driven software delivery.
- **2024-05** — Introduced Attack Path Reachability Analysis to sharpen vulnerability prioritization.

## Links

- Website: https://ox.security
- LinkedIn: http://www.linkedin.com/company/ox-security
- Twitter/X: https://twitter.com/OX__Security

---

Profile page: https://yespress.io/ox-security
Published by YesPress — https://yespress.io
Last updated: 2026-07-18
