Big Bet on AI-Driven Offense: A Lands $37 Million Round
A New York–based cybersecurity startup, code-named A, has raised $37 million to commercialize an autonomous offensive security engine. The platform uses AI to simulate real-world attacks on a company’s own systems, then automatically patches the weaknesses it uncovers. The founders say the system operates continuously, iterating on its own to outpace evolving threats.
The funding comes from Lightspeed Venture Partners, Cyberstarts, and high-profile angels, including Wiz CEO Assaf Rapaport and Cyera CEO Yotam Segev. The round marks a rare crossover moment where venture capital sees attackers as a resource for protection rather than a threat to security budgets.
In announcing the raise, the company highlighted that the investment from lightspeed wiz’s assaf rappaport underscores a willingness among top tech investors to back aggressive, AI-centered defense tools. The founders say their model stands in contrast to traditional risk scoring, delivering a full offensive lifecycle that homes in on concrete weaknesses and guides rapid fixes.
What the AI-Driven Attacker Does
Unlike conventional security tools that map hotspots or assign severity scores, A’s platform plays both roles of hunter and healer. It continuously probes an organization’s digital perimeter—networks, endpoints, cloud configurations, and software dependencies—to reveal attack paths attackers would exploit. When a flaw is discovered, the system prescribes and sometimes implements remediation, aiming to close openings before criminals attempt an intrusion.
Co-founder and CEO Yossi Torati described the approach as a fundamental shift in how defenders operate. “This is a revolution in the way attackers work and how defenders must respond,” he said in an interview ahead of the launch. His team includes veterans from Check Point, Hunters, and Israel’s IDF Unit 8200, all bringing deep incident response experience to the table.
The Mythos Backdrop: Why Now?
The timing of A’s debut sits in the wake of a notable industry moment. In April, Anthropic released Mythos, a model that autonomously surfaced thousands of previously unknown security flaws across major operating systems and browsers. The demonstration sent a jolt through corporate security teams, who suddenly faced the prospect of mass disclosure by AI-powered tools—both ethical blue-team aids and dangerous off-the-shelf capabilities for criminals.
Analysts say Mythos underscored a chilling reality: attackers need not be highly resourced nation-states to exploit sophisticated bugs. “Today every teenager, every grandparent with a laptop can leverage frontier models to do things once reserved for state actors,” one industry insider observed, noting the increased urgency for proactive defenses. That climate helped create a market for services that can self-correct vulnerabilities before they’re weaponized.
Who Is Backing A—and Why It Matters
- Investors: Lightspeed Venture Partners, Cyberstarts
- Angels: Wiz CEO Assaf Rapaport, Cyera CEO Yotam Segev
- Funding aim: Scale the platform, expand engineering and security operations, and broaden enterprise deployments
The involvement of lightspeed wiz’s assaf rappaport as an investor signals a notable convergence of consumer-grade security leadership with enterprise-grade defense tools. Industry observers say his stake is meaningful beyond the dollars, hinting at potential cross-pollination between consumer fintech security sensibilities and enterprise cyber risk management. In addition to the financial backing, the alliance could accelerate integration with other security workflows and data feeds used by large organizations.
What This Means for Personal Finance and Small Businesses
While the core product targets corporate IT environments, the ripple effects reach households and smaller firms. As AI-powered defense tools mature, small businesses that manage sensitive customer data could gain access to autonomous risk remediation that was previously out of reach for lean IT teams.
For individual investors, the story showcases a broader trend: the shift from reactive risk alerts to proactive risk reduction powered by AI. If tools like A prove they can reliably close security gaps, small business owners may see lower breach-related costs and faster recovery times—two crucial factors for preserving cash flow and protecting credit lines during volatility in public markets.
Financial and Market Implications
From a market perspective, the $37 million raise adds to a growing wave of AI-enabled security startups attracting multi-stage funding. The round’s size places A in a category with other late-stage security startups that blend offensive simulations with defensive hardening, a niche investors see as essential in an era of rapidly evolving cyber threats.
Industry observers caution that autonomous offensive tools carry their own risk vectors. If misused or poorly governed, the same capabilities could be weaponized. The company notes it will pair its platform with strong governance controls, auditing, and compliance features to mitigate misuse and align with tightening regulatory expectations around automated vulnerability research.
Risks, Regulation, and the Road Ahead
As AI-driven cybersecurity tools scale, policymakers are paying closer attention to how autonomous security systems operate. Questions around accountability for automated remediation, data privacy, and potential collateral damage from self-directed exploits will shape how quickly such technologies reach mainstream adoption.
A’s leadership stresses that ethical guardrails and external audits will be integral to product development. The founders aim to ship a commercially viable platform within the next 12 to 18 months and plan to deploy pilot programs with a handful of Fortune 500 firms that have expressed interest in proving out autonomous vulnerability management at scale.
Key Takeaways for Investors and Tech-Savvy Consumers
- The fusion of AI-driven offensive testing with automated remediation marks a new phase in defensive tech.
- The round size, led by prominent venture firms and angels, signals strong appetite for proactive cyber resilience tools.
- The involvement of lightspeed wiz’s assaf rappaport underscores a trend toward cross-domain security collaborations among tech leaders.
Conclusion: A Sign of the Times
As cyber threats grow in speed and sophistication, the industry is moving toward AI-powered defenses that don’t just alert users to risk but actively correct it. The debut of A, backed by a high-profile investor cohort, reflects a broader shift toward proactive, self-healing security architectures. For investors and individuals alike, the question is whether autonomous attackers-turned-defenders can deliver reliable, auditable protection without overreach. If the early pilots prove successful, lightspeed wiz’s assaf rappaport may soon be joined by a broader slate of backers eager to fund the next wave of AI-enabled cyber resilience.
Discussion