Great offensive security requires getting creative—to safeguard against risks, you must imagine what bad actors might do. For decades, human experts have been the gold standard in this critically important work. Penetration testers (or pentesters), bug hunters and security researchers simulate attacks and find the gaps, so developers can close them.

But with the rise of AI, we have seen an exponential increase both in the amount of code that must be protected and in the volume of exploits, which now cost businesses more than three times what they did less than a decade ago. Human experts simply can’t keep up; last year, nearly two-thirds of organizations reported their biggest challenge in maintaining a pentesting program was finding enough skilled personnel to do the work.

Companies must modernize—and thankfully, XBOW founder Oege de Moor and his team are establishing the new state of the art, leveraging large language models to automate pentesting that scales. XBOW solves an impressive 75% of web app security benchmarks, and it does so with zero human intervention. Customers don’t have to choose between keeping their software secure and sacrificing speed and growth.

XBOW is designed to think like a hacker. It simulates real-world attacks and identifies novel exploits other tools might miss. When it spots a vulnerability, it automatically pinpoints the cause, runs tests to demonstrate how the issue could be exploited, and provides actionable guidance on how to fix it.

This is a transformative innovation for offensive security, and as a world expert in code analysis, Oege is uniquely suited to lead the way. A former Oxford professor turned founder, he sold his first company, Semmle, to GitHub and went on to create the company’s Copilot and Advanced Security products. Along the way, he built a reputation as a brilliant but pragmatic and clear-thinking leader—and a talent magnet, as the highly skilled, deeply committed team at XBOW now attests. We at Sequoia were grateful for the chance to lead their seed round and to welcome Oege to Arc, our company-building immersion for pre-seed and seed-stage founders. It has been a privilege to support him and the team as they grow.

No doubt XBOW’s mission is an ambitious one. But Oege and the team understand that the stakes are high not just for businesses but for national security, as well, and they are moving quickly to stay ahead of attackers and develop the best offering in AI offensive security. Their work is helping security professionals and everyone they protect—and setting a new gold standard for the industry in the process.