Today the gold standard for ensuring the security of software systems are human experts - pentesters, bug hunters and offensive security researchers. These experts simulate attacks, and report any weaknesses they find.

Offensive security is highly creative and skilled work, but it can be slow, there aren’t enough professionals to meet the demand, and it only reflects the state of security at a single point in time.

The rise of AI makes it imperative that we massively scale offensive security, for two reasons:

• First, AI enables anyone to become a coder: millions of people who are not trained in cybersecurity are now creating new software of their own. Consequently there is ever more software that must be secured.
• Second, bad actors are using AI as a power tool to mount more effective attacks. We must similarly step up our defences.

XBOW meets this challenge by giving superpowers to security teams. With state of the art AI, we’re fighting fire with fire. XBOW is highly effective - it autonomously solves 75% of web app security benchmarks, with zero human intervention and at superhuman speed.

Like a human expert, XBOW forges creative attacks, adapting what it learnt from other instances to the situation in hand. XBOW runs continuously, and aims to redefine the secure development lifecycle for companies. Take a look for yourself at XBOW in action.

And this is only a glimpse of what is possible. XBOW will dramatically enhance all forms of offensive security, accelerating the discovery of vulnerabilities and exploits in all types of software - we merely chose web app security as a starting point.

XBOW’s mission is to stay ahead and defeat the bad actors. We are building XBOW because it must be built, and we’re the best team to do it. All of us are deeply committed to making the technology available in a safe and responsible way.

Everything I have done has led up to the creation of XBOW: my research as a prof at Oxford, founding Semmle (now GitHub Advanced Security) and founding GitHub Copilot. Security at XBOW is led by Nico Waisman, a legendary security researcher in his own right, and most recently the CISO of Lyft. Diego Jurado and Joel Noguera are cutting edge security researchers as well, famous for their exploits on HackerOne and beyond. Key people who joined me when I founded GitHub Copilot are now at XBOW: Albert Ziegler, Andy Rice, Aqeel Siddiqui and Johan Rosenkilde. Their skills are complemented by deeply experienced engineers Brendan Coll, Ewan Mellor and Fernando Russ. Finally, Brendan Dolan-Gavitt, the leading academic researcher at the intersection of security and AI, joined XBOW and the AI research team alongside Tom Bolton. This truly is the best possible team to bring AI to offensive security.

XBOW has an ambitious mission, and we understand the stakes are high. That’s why it’s essential for us to succeed. We need the best possible investors, who will stay the course with XBOW as it transforms all aspects of application security. I am overjoyed, therefore, to announce that we have joined forces with Konstantine Buhler and Lauren Reeder at Sequoia Capital, who led a $20M seed round. Konstantine and his partners provide tremendous value to XBOW. I recently had the privilege of going through Sequoia’s Arc program which helped articulate XBOW’s plans.

Sequoia Capital are joined by a number of prominent angel investors, who also support XBOW through their advice and expertise in the market: Amjad Masad (founder of Replit), Michele Catasta (VP of AI at Replit), Olivier Pomel (founder of Datadog), Ambassador Howard H. Leach, Joseph M. Hall and others.

Come and meet XBOW at BlackHat and DEFCON in Las Vegas! Check out this video, where I talk through an example of XBOW at work. Join the waitlist to try it out for yourself when we’re ready to ship!