The current generation of generative AI is creating a profound paradox for enterprise security: the tools that allow developers to ship code at unprecedented speed are equally available to malicious actors, accelerating the pace of attack. This reality is forcing a complete re-evaluation of application security, driving venture capital toward AI-native solutions designed to combat this escalating threat landscape. Accel, recognizing this urgent need, recently led a robust $40 million Series A round into DepthFirst, a startup building AI security software agents.
Sara Ittelson, Partner at Accel, spoke with Bloomberg about the investment, framing the shift not merely as a technological update but as a societal imperative. The conversation centered on why existing application security (AppSec) tools—often relying on static analysis—are failing in the age of autonomous code generation and deployment. The traditional security workflow is simply too slow and too prone to false positives to keep pace with modern DevOps cycles, especially those augmented by AI copilots.
Ittelson emphasized that the core differentiators for the next wave of security platforms must be performance, speed, and, critically, the ratio of signal to noise. As developers leverage large language models to churn out software at scale, the volume of potential security alerts generated by legacy tools becomes overwhelming, obscuring actual threats. DepthFirst directly addresses this by building AI security agents capable of agentically scanning a company’s code, architecture, and business logic. This approach allows them to identify and verify vulnerabilities with a precision that static analysis cannot match.
The empirical evidence supporting this performance gap was a crucial data point for Accel's decision. Ittelson noted that DepthFirst is capable of finding "verified vulnerabilities eight times more than the previous best-in-class." The emphasis here is on verified—meaning the platform is not just flagging potential issues, but confirming exploitable holes and offering immediate, one-button remediation. This ability to move beyond mere detection to automated correction is essential for any modern security platform aiming to serve large enterprises operating at high velocity.
Accel's long history of investing in foundational security companies, including CrowdStrike and Netscope, suggests a clear pattern: major technological transitions necessitate a complete replacement of the security apparatus built for the previous era. The cloud transition required new endpoint and network security; the AI transition requires AI-native security. This belief system underpins the large Series A funding, even in a market that has otherwise seen venture funding slow down. Investing in a company like DepthFirst is a long-term bet on the enduring requirement for durable, high-performance security infrastructure capable of evolving alongside the rapid advancement of generative AI.
Beyond the technology, the caliber of the founding team was paramount. The founders hail from elite technical backgrounds at companies like Google DeepMind, Databricks, and Faire, merging deep AI expertise with scalable enterprise experience. Ittelson highlighted that this blend of backgrounds is rare and highly valuable in the emerging AI security domain. "This is technical leaders from companies like Databricks, from Google DeepMind, from Faire," she stated, "These are folks who have built large, durable companies and confronted these security problems at an incredible scale, but marrying that cyber experience with the AI experience." This interdisciplinary strength is a signal that the company is not just chasing a trend, but building a fundamental, resilient platform.
Ultimately, the investment reflects a recognition that as software gains autonomy—whether through AI agents writing code or managing critical infrastructure—the stakes for security rise dramatically. The complexity of modern software systems, combined with the speed of AI-driven development, demands a security partner that can operate on the offensive, anticipating and neutralizing threats before they manifest. Ittelson concluded by emphasizing the broader mission: "We want to make sure if we’re giving these devices access to our homes, to our businesses, that they’re secure." DepthFirst is positioned as the generation-defining solution to ensure that the rapid evolution of AI does not compromise the integrity of critical digital systems.
