Ox Security Secures $60M in Series B Funding to Address AI-Driven Code Risks

OX Security, a New York-based application security startup led by a former Check Point executive, has successfully raised $60 million in Series B funding. This new capital aims to tackle the increasing risks associated with AI-generated code and its misuse by adversaries in the cybersecurity landscape.

The funding will primarily be allocated toward enhancing automation in remediation processes, narrowing the gap between vulnerability identification and resolution, according to co-founder and CEO Neatsun Ziv. The company’s approach emphasizes prioritizing the most significant 5% of vulnerabilities rather than inundating developers with extensive lists of issues.

According to Ziv, the timing of the fundraising was fortuitous, occurring during a period of strong market receptiveness to their message. “Everything was aligned,” he explained to Information Security Media Group. “We initiated this fundraising well ahead of when it was necessary, allowing us to capitalize on favorable market conditions.”

Founded in 2021, OX Security currently employs 165 personnel and transitioned from stealth mode in September 2022 after securing $34 million in seed funding. The firm has been spearheaded by Ziv, who previously held a significant role at Check Point Software, where he led the company’s threat prevention and intelligence division for five years.

OX Security’s Innovative Approach

DTCP was selected as the lead investor for the Series B round due to a deep-rooted partnership and shared strategic visions. Ziv likened the current disruption brought about by AI to the early stages of cloud adoption, but emphasized that the pace at which innovation is occurring has intensified dramatically, necessitating new strategies in product development and responsiveness.

“We have significantly ramped up our R&D to address the novel challenges we face,” Ziv noted. The company’s efforts are concentrated on enhancing its product to meet the demands of this rapidly evolving landscape.

Ziv elaborated on the concern that AI models trained on vast open-source datasets often replicate deprecated code patterns known to harbor vulnerabilities. As these models rely on statistical correlations, they often lack a comprehensive understanding of security risks, potentially leading to significant flaws within codebases. Meanwhile, cybercriminals are leveraging AI to streamline exploit creation.

Instead of bombarding development teams with countless low-priority alerts, OX Security utilizes contextual intelligence to pinpoint critical vulnerabilities. Their system conducts a nuanced contextual analysis, examining factors such as the activity status of vulnerabilities, password rotations, and the implementation of two-factor authentication, thereby ensuring that flagged issues are actionable.

Focus on Effective Remediation

Historically, 90% of OX’s initiatives have been centered around detection and prioritization. However, Ziv envisions a future where resolving and remediating risks at scale can occur with minimal developer input. New AI models are capable of understanding both vulnerable code snippets and their surrounding context, enabling the formulation of more applicable and code-specific resolutions.

The volume of code changes analyzed daily stands at approximately 100 million lines, reflecting customer engagement and the rapid pace of software evolution. OX Security also monitors how quickly customers address high-priority issues once identified, providing a measure of the effectiveness of their prioritization system.

With the era of cloud infrastructure misconfigurations predominantly behind us, organizations are sharpening their focus on application security. This pivot presents challenges, given the differing buyer personas and organizational priorities within the space, thereby presenting specialized vendors like OX Security with a competitive advantage.

By returning to the code to examine vulnerabilities directly, Ziv remarked, “The new generation we are part of is recognizing that the only reliable insights come from the code in contrast to production environments.” This marks a significant advancement in the battle against cybersecurity threats amidst an ever-evolving technological landscape.