Portfolio Highlights DFJ Growth Story
Team Companies Our Stories Founder Stories News
Ramin Sayar, Sam Fort, Will Morrison, Angel Duan

XBOW: Putting Hackers on Their Heels in the AI Era

AI is ushering in a new era of cybersecurity with myriad threats coming from new vectors. Attackers are gaining speed, scale, and sophistication to target vulnerabilities faster and more frequently than ever before. At the same time, defenders are rebuilding the security stack with AI-native tools designed for this new reality. But one of the most important software security practices has remained largely unchanged: penetration testing is still overwhelmingly a human-based chore.

Organizations hire skilled hackers to perform penetration tests that simulate cyberattacks and discover security vulnerabilities before adversaries find them. These exercises are extremely valuable, but they are slow, expensive, and limited by human capacity. A typical engagement happens once or twice a year, takes weeks to complete, and usually focuses on only a handful of critical systems. Meanwhile, the attack surface keeps expanding. AI coding tools are dramatically increasing the speed of software development. New applications, APIs, and infrastructure are created every day. Development velocity is rising, but testing coverage is not. Most organizations simply cannot test everything they build using legacy manual approaches.

The result is a growing gap between the software that gets tested and the software that gets deployed. As AI-powered threats scale, that gap becomes increasingly perilous. Since vulnerabilities can now be discovered and exploited automatically, security testing must evolve to meet this threat.

At DFJ Growth, we identified this risk in the AI era and began looking for a solution—one that could replicate the creativity and persistence of elite penetration testers but operate continuously and autonomously at machine scale.

Enter XBOW: Hacker Intelligence at Machine Speed
When we met Oege de Moor and his team at XBOW, we were inspired by their vision and impressed with their strategy to solve the modern pentesting challenge. Now, as XBOW begins to scale, we are thrilled to lead its $120 million Series C financing. XBOW’s first product is an autonomous penetration testing agent that behaves like an expert human hacker.

XBOW shifts the existing paradigm, transforming penetration testing from a highly manual, slow, and infrequent point-in-time assessment to an autonomous, expedient, and continuous security function.

Instead of a periodic and point-in-time engagement, penetration testing becomes an always-on capability. Organizations can test systems as they are built, not months later. Vulnerabilities surface earlier. Security teams gain broader coverage across their infrastructure, and the results are striking. XBOW routinely uncovers vulnerabilities and attack paths that years of traditional testing had missed.

XBOW didn’t just articulate a compelling vision; it proved its capabilities in the real world.

Last year, the company deployed its agent in HackerOne, the world’s largest bug bounty arena. Thousands of human hackers compete there to find actual vulnerabilities in real company systems. XBOW climbed the leaderboards to become the #1 hacker in the US, and a few months later, the #1 hacker globally, as the first and only non-human competitor to do so in HackerOne history. Commercially, its autonomous penetration-testing agent is now deployed with over 100 customers and is scaling rapidly.

AI x Cyber Visionary
Few entrepreneurs have helped define the future of both AI software development and software security, but Oege de Moor is one of them. Prior to founding XBOW, Oege founded Semmle, a code security company acquired by GitHub that became the foundation for GitHub Advanced Security. He then led the creation of GitHub Copilot which kickstarted the AI coding revolution. The deep insights gained from shaping how software is built and how it is secured are uniquely reflected in XBOW’s approach.

The shift underway in cybersecurity is clear. In a world of autonomous attackers, anything that can be exploited will be exploited. Security teams need the ability to test continuously, at the same speed that software is created.

XBOW is starting with autonomous penetration testing, but its vision is much larger—evolving the very function of penetration testing into a broader, continuous, agentic security suite embedded directly into the development lifecycle. Built by a team that helped shape the modern developer stack, XBOW brings an AI-first architecture to one of the most human-bound disciplines in cybersecurity.

We are excited to partner with the XBOW team as they build toward a future where autonomous offense is the best defense.

Team Companies Our Stories Founder Stories News
Careers Contact
Investor Reports
© 2025 All Rights Reserved. DFJ Growth
DFJ Growth
1 North B Street, Suite 2500, San Mateo, CA 94401
[email protected]  |  (650) 233-9000
X CLOSE