.@AlmanaxAI is joining @depthfirstlabs!
@mmwtsn and I started the company two years ago because we'd grown tired of seeing weekly multi-million-dollar hacks destroying blockchain companies and stealing people's life savings. We believed the industry needed to move from annual security audits and pentests to continuous ones, and that AI would eventually get us there. We were among the first to see the potential of AI in cyber and build new solutions in this space.
When we started, most security teams told us our product wouldn't work, they didn’t need more findings, and they didn't trust AI to be good. But then we saw how the commercial tools our clients were using were missing many of the vulnerabilities we were detecting, while producing an absurd number of false positives.
We ended up working with some of the largest blockchain companies: Solana, Stellar, Aptos, Privy and Bridge (now part of Stripe), DFNS, Algorand. When people didn't believe, we showed them results: we found issues in Vitalik's code (arguably one of the best software engineers on Earth), ethically disclosed hundreds of vulnerabilities (to Ripple, Coinbase, Fireblocks), and won security competitions against thousands of researchers.
As we progressed, we realized that while crypto companies were among the most vulnerable (exploits directly steal money), the problem was widespread beyond blockchain. The rise of vibe coding created an enormous new attack surface and new models and harnesses were detecting vulnerabilities that had gone unnoticed in software packages for decades, some of which power most of today’s internet.
The time between CVE public disclosure and first confirmed in-the-wild exploitation has dropped from 2.3 years in 2018 to eight hours today. This and the release of frontier cyber models shook the industry. So we expanded our product support to languages and tech stacks used widely by enterprises.
But the scale of what needs to be done requires more than what any one small team can do alone
We believe joining forces with depthfirst will significantly accelerate our shared vision to secure the world’s software.
depthfirst is already swinging at the same future we set out to build, with the team and the resources to lead the way. Their bet, and now ours, is that the next major security platform will be in product security. As their investor @arshammem put it, every category eventually gets one company whose name becomes synonymous with it: Palo Alto Networks for the network, CrowdStrike for the endpoint, Wiz for the cloud. Product and application security, notwithstanding many attempts, is still left without a crowned victor.
We think depthfirst can be that company.
Thanks to our great team, investors, and customers who believed in us and shared our vision of the world.
Our ambition is now even bigger and we’re excited to build that future with @qasimmith, @andreamichi, Daniele, and the entire @depthfirstlabs team.
6
9
47
4,892















