Skip to main content

XBOW

Category: AI in Cybersecurity

An AI-powered autonomous offensive security platform that performs fully automated penetration testing, discovering and exploiting vulnerabilities without human intervention. XBOW was founded in 2024. The company is led by Oege de Moor. Based in Seattle, United States. Team size: 50-100. Total funding raised: $237.0M. Latest round: Series C ($120.0M, Mar 2026). Key investors include DFJ Growth, Northzone, Altimeter Capital, Sequoia Capital.

Founded
2024
Headquarters
Seattle, United States
Team size
50-100
Total funding
$237.0M

Value proposition

Delivers expert-level penetration testing at machine speed with autonomous AI agents that discover, analyze, and validate vulnerabilities in hours instead of weeks. Eliminates manual testing bottlenecks while providing SOC2 and ISO 27001-compliant reports.

Products and solutions

XBOW Pentest On-Demand (fully automated penetration testing service), XBOW Enterprise (continuous attack surface discovery platform), XBOW Lightspeed (rapid web application testing), XBOW API (integration for automated security workflows), XBOW Security Benchmark (vulnerability validation suite)

Unique value

First AI system to reach #1 on global HackerOne leaderboard, outperforming thousands of human hackers. Operates with complete autonomy—executes targeted attacks, explores deep attack paths, and validates findings through real exploitation without human intervention. Solves 75% of web application security benchmarks with zero human input.

Target customer

Enterprise security teams at large financial services and technology companies; organizations requiring continuous security testing and compliance-ready penetration testing reports

Industries served

Cybersecurity, Financial Services, Technology, Enterprise Software, E-commerce, Healthcare IT

Technology advantage

Combines AI reasoning with adversarial workflows modeled on real-world attack techniques. Uses a persistent coordinator directing thousands of parallel AI agents with fresh context. Separates creative AI exploration from deterministic validation, ensuring findings are exploit-validated before surfacing. Integrates source-code-level context with headless browsing and runtime exploitation. Achieves human-level security testing at machine speed, completing assessments in hours versus weeks for traditional pentesting.

How they differentiate

First fully autonomous AI penetration testing platform requiring zero human intervention, reaching #1 on HackerOne global leaderboard. Completes assessments in hours vs weeks for traditional methods. Competitors rely on human testers or hybrid approaches, while XBOW delivers 100% automated exploitation and validation with expert-level results.

Main competitors

Veracode, Synack, Cobalt

Key partnerships

Microsoft (integration with Microsoft Security Copilot and Microsoft Sentinel data lake), AWS Marketplace (XBOW Enterprise listing), Sequoia Capital (strategic investor and partner), Major financial services and technology companies (enterprise customers including Fortune 500), HackerOne platform (bug bounty participation)

Notable customers

Fortune 500 financial services companies, Enterprise technology companies, Microsoft (strategic partnership), Security-forward global enterprises

Major milestones

Series C funding led by DFJ Growth and Northzone (Mar 2026) achieving unicorn status, First AI to reach #1 on HackerOne global leaderboard, Microsoft partnership embedding XBOW into Microsoft Security ecosystem, Appointed WonLae Lee as GM South Korea for APAC expansion, Appointed Ron Gabrisko (Databricks CRO) to Board of Directors

Growth metrics

Achieved unicorn status with $1B+ valuation in March 2026. Reached #1 position on HackerOne global leaderboard, outperforming thousands of human ethical hackers. Deployed at some of the most security-forward companies worldwide. Plans to double team size to 300 employees by end of 2026.

Market positioning

Premium autonomous offensive security platform targeting enterprise security teams at Fortune 500 companies. Positioned as a new category of 'autonomous offensive security' rather than traditional penetration testing services. Higher cost structure justified by speed (hours vs weeks) and comprehensive coverage.

Geographic focus

Primary focus on North America (Seattle HQ), expanding into Asia-Pacific region starting with South Korea. Serves global enterprise customers including financial services, technology, and healthcare sectors.

Patents and IP

No publicly registered patents disclosed as of March 2026

About Oege de Moor

Oege de Moor is a seasoned entrepreneur and academic with over 30 years in program analysis. He founded Semmle (acquired by GitHub in 2019), which formed GitHub Advanced Security. He created GitHub Copilot, one of the most successful AI developer tools. He was a Professor of Computer Science at the University of Oxford from 1996-2019. He holds a DPhil in Computer Science from Oxford and a Master's from Utrecht University.

Official website: