Provally
Category: AI in Cybersecurity
AI-powered cybersecurity startup that verifies SAST findings by generating and executing exploit code to eliminate false positives Provally was founded in 2026. The company is led by Gwangjun (Kwangjun) Choi. Based in San Francisco, United States (HQ); Seoul, South Korea. Team size: 2-10. Total funding raised: $250,000. Latest round: Seed. Key investors include BluePoint Partners (via Geek's School accelerator program).
- Founded
- 2026
- Headquarters
- San Francisco, United States (HQ); Seoul, South Korea
- Team size
- 2-10
- Total funding
- $250,000
Value proposition
Reduces SAST false positive rates from industry-standard 60-80% down to ~2% by using AI agents to generate and execute real exploit code in isolated environments, enabling security teams to focus on genuine threats
Products and solutions
AutoProof (AI-powered vulnerability verification engine that generates and executes exploit code in isolated environments to confirm real threats), greprules.io (free community hub for OpenGrep/Semgrep-compatible SAST rules), greprules Plugin (integrates SAST rules into local development and AI-assisted coding workflows)
Unique value
AI-native exploit-code verification engine that proves which vulnerabilities are real by actually running attack simulations, cutting false positives from 80% to 2%
Target customer
DevSecOps teams, security engineers, and developer teams at enterprises using SAST tools who suffer from alert fatigue
Industries served
Financial services (securities firms — first paid contract), software development, enterprise application security
Technology advantage
AI agents that generate and execute proof-of-concept exploit code in sandboxed environments to verify SAST findings; reduces false positive rate to ~2% vs industry 60-80%; founding team's offensive security expertise (zero-day discoveries at Microsoft, Samsung, Naver); CVE-to-SAST-rule pipeline that turns public vulnerability data into OpenGrep rules
How they differentiate
Unlike traditional SAST tools that only flag potential issues (with 60-80% false positive rates), Provally's AutoProof uses AI to actually generate and execute exploit code in isolated environments to confirm whether a vulnerability is genuinely exploitable, reducing false positives to ~2%
Main competitors
Checkmarx, Snyk, Mend (formerly WhiteSource), Fluid Attacks, Endor Labs
Key partnerships
BluePoint Partners (investor and accelerator partner via Geek's School program)
Notable customers
Securities firm in South Korea (first paid contract, name undisclosed)
Major milestones
Founded January 2026, First paid contract with a securities firm during Geek's School accelerator, Seed funding from BluePoint Partners (April 2026), Launched greprules.io and greprules Plugin (free SAST rules community hub), Presented at OWASP Seoul chapter and RSAC 2026
Market positioning
Early-stage AI-native application security verification layer that sits on top of existing SAST tools to validate findings, differentiated by exploit-code generation rather than static analysis alone
Geographic focus
Global (HQ in San Francisco, R&D/roots in South Korea)
About Gwangjun (Kwangjun) Choi
Co-founder & CEO at Provally; former offensive security researcher at S2W (cyber threat intelligence firm); discovered zero-day vulnerabilities in Microsoft, Samsung, and Naver software
Official website: https://provally.io/