AI cybersecurity company Depthfirst has successfully secured $120 million in new funding. This investment propels the two-year-old startup to a valuation of $580 million, following a recent $40 million Series A round just two months prior.

Founding Vision: Purpose-Built AI for Security

From DeepMind to Defense

Depthfirst CTO Andrea Michi previously spent nearly seven years at Google’s DeepMind, developing AI models focused on optimizing energy performance for infrastructure like windfarms and data centers.

Michi concluded that the most effective approach for large-scale problem-solving AI is building models specifically for the task from the ground up, rather than adapting existing Large Language Models (LLMs).

In 2024, Michi cofounded Depthfirst to apply this principle to cybersecurity. The goal is to create AI that autonomously identifies software weaknesses and proposes necessary corrections.

Developing General Security Intelligence

The company is creating what it terms “General Security Intelligence.” This concept mirrors general artificial intelligence, aiming for AI capable of performing security tasks as proficiently as humans.

CTO Michi stated the objective: “We want to make sure these systems that are complex and fragile can sustain a world where AI hacking capabilities are superhuman and that means always staying one step ahead of the attackers.”

Rapid Growth and Leadership Team

Financial Milestones and Customer Base

CEO and cofounder Qasim Mithani noted that the company is scaling operations rapidly. Depthfirst has reported 300% revenue growth across the last two quarters.

The firm currently serves more than 20 clients, ranging from large multinationals to emerging AI startups, including the $6.6 billion coding platform Lovable.

Mithani previously served as the head of infrastructure security at Databricks, the $134 billion data analytics company. The third cofounder is Daniele Perito, formerly a cybersecurity chief at Block, Jack Dorsey’s payments firm.

Market Potential in Application Security

Arsham Memarzadeh, the Meritech investor leading the Series B round, sees Depthfirst positioned to capture significant share in the $18 billion application security market. This sector focuses on protecting applications, distinct from traditional server or system security.

Memarzadeh drew a parallel to Wiz, which dominated cloud security before its acquisition by Google for $32 billion. He believes Depthfirst possesses the necessary leadership and technology to replicate such success in its specialized niche.

He emphasized the importance of owning a key threat vector: “In cybersecurity, I think it's really hard to become a large enduring business unless you own one of the key threat vectors,” he noted. Otherwise, a company risks being “relegated to a feature rather than a product.”

First Model Launch and Training Methodology

Targeting Crypto Smart Contracts

Depthfirst is launching its initial proprietary model this week, named dfs-mini1. This model is specifically designed to autonomously detect security flaws within cryptocurrency smart contracts.

Michi explained the initial focus: “We started on smart contracts because it's one place where a vulnerability can be catastrophic, can lead to loss of funds.” Mithani confirmed that more models targeting other verticals will follow.

Reinforcement Learning Approach

The company trains its AI using reinforcement learning, allowing agents to learn through iterative trial and error rather than relying on massive amounts of pre-labeled data.

Agents are placed in virtual environments tasked with exploiting smart contracts. They receive a reward each time a vulnerability is successfully identified.

Mithani detailed the depth of the process: “Our agents go very deep. They try to figure out how the application works... and the agent tries to figure out the most exploitable vulnerabilities.” He added that building models from scratch is more cost-effective as it allows control over training power requirements, avoiding fees paid to external providers like OpenAI and Anthropic.

Future Scope: Augmentation, Not Replacement

With the recent influx of capital, Depthfirst plans to expand its AI capabilities to cover many functions currently handled by human cybersecurity teams.

However, Michi clarified that the company does not intend to eliminate security staff roles. He concluded: “The goal is not to replace a very scarce resource. For me the question is: can we augment these people now to help face a much bigger threat than we have now?”