depthfirst Secures $80M to Fuel AI Arms Race in Software Security

SAN FRANCISCO, CA – March 31, 2026 – In a move that underscores escalating investor conviction in specialized artificial intelligence for cybersecurity, applied AI lab depthfirst today announced an $80 million Series B funding round. The financing, led by Meritech Capital, comes less than 90 days after the company emerged from stealth with a $40 million Series A, bringing its total capital raised to a swift $120 million.

The rapid succession of funding highlights a growing consensus that traditional security measures are ill-equipped for the new landscape of AI-accelerated software development and AI-powered cyberattacks. Concurrent with the funding, depthfirst unveiled its first in-house security model, dfs-mini1, a specialized system designed to prove that in the AI arms race, tailored intelligence may be the ultimate weapon.

The New Frontier of AI Defense

At the heart of depthfirst's strategy is a pivot away from relying on general-purpose AI systems toward developing highly specialized models. The first of these, dfs-mini1, is initially focused on one of the most complex and high-stakes areas of software security: cryptocurrency smart contracts. Built upon an open-source foundation, the model was post-trained using reinforcement learning within security-specific virtual environments, a method that allows the AI to learn by actively identifying and exploiting vulnerabilities for rewards.

When evaluated on OpenAI EVMBench, a standard benchmark for smart contract vulnerabilities, dfs-mini1 reportedly outperformed larger, more generalized 'frontier models' while operating at a fraction of the expense—running at 10x to 30x lower cost. This combination of superior performance and economic efficiency is central to the company's thesis.

“When you own the training process, you can optimize for what actually matters in your domain,” said Andrea Michi, Chief Technology Officer of depthfirst, in the company's announcement. “In our case, that means vulnerability detection and verification. The result is a model that can be cheaper to run, better at the task, more responsive to continued investment than a general-purpose system.”

Early internal tests also suggest dfs-mini1’s capabilities may extend beyond its initial focus, showing promise on other security tasks. This indicates that the training methodology could be a transferable blueprint for creating a suite of specialized AI agents, each an expert in a different domain of software security. This approach directly confronts a burgeoning threat landscape where adversaries use AI to automate reconnaissance, generate polymorphic malware, and craft sophisticated social engineering campaigns at a scale and speed that overwhelm legacy systems.

Investor Confidence and Market Disruption

The $120 million war chest, amassed in under three months, signals a significant market validation. The Series B round saw participation from Forerunner Ventures and The House Fund, alongside existing investors Accel, Box Group, Liquid 2 Ventures, Alt Capital, and Mantis VC. This financial backing is not just a bet on a single company, but on a fundamental disruption of the multi-billion dollar legacy security market.

“Recent public-market reactions suggest investors are starting to recognize that AI will disrupt the legacy security stack,” stated Qasim Mithani, co-founder and CEO of depthfirst. “But to win in security, companies will need to deploy security-specific models in products optimized for real security workflows. To build these models, you need specialized data, domain-specific evaluation, and deep expertise in post-training.”

Investors echoed this sentiment, pointing to the company's unique blend of capabilities. “What impressed us about depthfirst is their rare combination of research capabilities and security experience that has helped them deliver the exact solution customers need,” noted Arsham Memarzadeh, General Partner at lead investor Meritech Capital.

This strategy of owning the entire intelligence stack—from the underlying model to the final product experience—is seen as a key differentiator. “They are building a company that can own both the product experience and the intelligence underneath it,” said Sara Ittelson, Partner at Accel, who led the company's Series A round. “We continue to believe this approach will fundamentally change how modern systems are secured.”

Bridging the Gap Between Development and Security

Beyond its advanced research, depthfirst’s early success is rooted in its practical application. The company's platform, General Security Intelligence, is designed to integrate seamlessly into modern software development cycles, a critical feature for customers like ClickUp, Supabase, incident.io, and Moveworks.

As businesses release code and infrastructure changes at an unprecedented rate, security teams often become a bottleneck. Traditional scanning tools are notorious for producing a high volume of 'false positives,' drowning developers in noise and creating friction. depthfirst addresses this by reasoning across a company's entire software system—its code, infrastructure, and business logic—to identify complex vulnerabilities that other tools miss and, crucially, to deliver precise, ready-to-merge fixes directly within developer workflows.

The impact is measurable. According to the company, 80% of its automated fix recommendations are accepted and merged by developers, a stark contrast to the industry norm and a powerful indicator of developer trust and utility.

Early clients have reported significant gains in efficiency. The Head of Information Security at AngelList, an early customer, stated that adopting the platform “felt like adding an autonomous senior product-security engineer” to the team, estimating it cut their security engineering workload by approximately 70%. During an initial test, the system surfaced 15 new, true-positive vulnerabilities that had been missed by previous efforts, with zero false positives.

Similarly, the CISO at Moveworks noted that depthfirst “fundamentally changed how we think about code security and quality,” leading to a measurable improvement in both code integrity and the efficiency of their review process. This ability to provide actionable intelligence rather than just alerts is positioning the platform as an essential tool for securing software at the speed of AI-driven development.

With its new infusion of capital, depthfirst plans to aggressively expand its AI research team, train additional security models for new domains, and scale its enterprise adoption. The company is on a mission to secure the world’s critical software, building a defense system designed not for the threats of yesterday, but for the emerging, AI-empowered adversaries of tomorrow.