Listen to this articleRunSybil, an AI native security platform using autonomous agents for continuous black-box penetration testing of software systems, raised $40 million in funding led by Khosla Ventures.
RunSybil’s latest funding round closed at $40 million. This seed stage investment was led by Khosla Ventures, with participation from S32, the Anthology Fund (a joint vehicle from Anthropic and Menlo Ventures), Conviction, and Elad Gil. Angel investors included Nikesh Arora, Amit Agarwal, Jeff Dean, and executives and founders from OpenAI, Palo Alto Networks, Stripe, Google, and other leading technology organizations. The round values the company’s AI native offensive security platform as a high priority solution for enterprise risk management.
RunSybil was co-founded in 2023 in San Francisco by Ari Herbert-Voss (CEO) and Vlad Ionescu (CTO). Herbert-Voss previously served as OpenAI’s first security research hire in 2019 after dropping out of a Harvard Ph.D. program focused on machine learning efficiency; he entered the role through direct outreach to Sam Altman and Jack Clark based on demonstrated hacking capabilities and concerns around LLM misuse. Ionescu previously led offensive security red teams at Meta. The company maintains a small, elite team of alumni from OpenAI, Meta, Mandiant, NCC Group, and Trail of Bits, operating in a hybrid model with hubs in San Francisco and New York City while actively hiring additional engineers, researchers, and customer-facing talent.
How RunSybil works?
The platform’s core product, Sybil, deploys autonomous AI agents that conduct continuous, black-box penetration testing on live applications and infrastructure. Unlike static code scanners or LLM based reviewers, Sybil reasons like an expert human attacker: it maps the full stack (code, APIs, cloud, infrastructure), discovers forgotten endpoints, explores authentication boundaries, chains vulnerabilities across layers, and validates real exploitability through live attacks. It operates without requiring source code access, integrates feedback on every pull request and deployment, and re-evaluates the attack surface proactively. This approach targets high risk systems handling customer data, transactions, and access; supports multi tenant business logic testing; and delivers pre validated findings that replace periodic pentests and unpredictable bug bounty programs while reducing false positives by over 90 percent versus traditional tools.
The capital will deepen engineering investment, expand security research capabilities, and accelerate go to market efforts to meet surging enterprise demand. RunSybil already counts high growth startups including Cursor, Turbopuffer, Notion, Baseten, and Thinking Machines Lab among its customers, along with several major financial institutions and Fortune 500 companies. Early deployments have surfaced critical vulnerabilities missed by conventional methods, for example, in one major financial platform test, Sybil chained a lower severity flaw into a path granting unauthenticated access to all customer accounts.
Recommended: Eridu Emerges From Stealth With Over $200M In Funding
The timing and investor composition reflect a broader market shift. As AI agents reshape procurement, legal, finance, engineering, and operations, software deployment velocity outpaces traditional security testing schedules. Regulated sectors (finance, insurance, healthcare) face strict audit and compliance requirements that demand persistent, demonstrable validation rather than “point in time” assessments. RunSybil positions itself squarely in Phase 4 of Continuous Threat Exposure Management (CTEM) by proving exploitability at scale. Vinod Khosla noted the solution addresses frontier challenges at the intersection of AI scaling and adversarial cyber capabilities, emphasizing the need for technically ambitious platforms that security teams can embed permanently rather than treat as discrete projects. Herbert-Voss and Ionescu’s combined expertise in frontier AI development and elite red team operations creates a defensible moat: the agents inherit institutional knowledge from the industry’s top offensive practitioners.
This round establishes RunSybil as a category creator in AI driven offensive security. With top tier backing from firms and individuals who have shaped AI infrastructure and cybersecurity, the company is positioned to capture share from legacy pentesting, bug bounty, and scanner vendors while scaling into regulated enterprise environments. The focus on live exploitation, continuous cadence, and black-box autonomy differentiates it sharply from code analysis tools, enabling organizations to maintain a permanent offensive capability that evolves with every code change and deployment.
Please email us your feedback and news tips at hello(at)techcompanynews.com
