RunSybil raises $40M to automate offensive security, founded by OpenAI's first security hire
Mar 19, 2026 with Ari Herbert-Voss
Key Points
- RunSybil raises $40M led by Khosla to automate offensive security by finding vulnerabilities enterprises miss, backed by angels including Nikesh Arora and Jeff Dean.
- Founder Ari Herbert-Voss, OpenAI's first security hire, left after realizing the company had no credible defense against bad actors gaining access to powerful models.
- RunSybil targets enterprises with legacy codebases and massive attack surfaces, positioning security as a revenue enabler rather than a cost center where customers want to replace bug bounties entirely.
Summary
Ari Herbert-Voss, OpenAI's first security hire in 2019, has raised $40M for RunSybil, a startup automating offensive security to proactively find vulnerabilities across enterprise systems. Khosla led the round, with participation from S32, Conviction, and Elad Gil, plus angels including Nikesh Arora, Jeff Dean, and Ian Goodfellow.
Herbert-Voss spent three years at OpenAI as a core researcher on GPT-3 and Codex and built the first API monitoring system to ensure customers followed terms of service. He left because the company had no credible answer for what happens when bad actors gain access to powerful models. During an anonymized review of model outputs, he saw a request to lock a file system that could be educational or malicious with no way to determine intent. Blocking bad actors one-by-one amounts to playing whack-a-mole against a fundamentally asymmetric threat.
RunSybil tailors its pitch by customer size. The startup now targets enterprises with decades-old codebases, complex environments, and massive attack surfaces. Large customers are asking RunSybil to replace their bug bounties entirely, a near-term TAM opportunity. The team includes engineers from top security firms and his cofounder built the red team at Meta.
Herbert-Voss argues that even if AI-generated code becomes more secure, hacking won't get harder. Speed—the velocity of attack and deployment—will be the decisive factor. Code analysis alone catches structural flaws but misses behavioral and ecosystem-level vulnerabilities. Most scanners fail to find authentication bugs, yet RunSybil has repeatedly discovered decade-old authentication vulnerabilities that yield strong bug bounty payouts. Analyzing code is like studying dinosaur bones: you learn structure but miss muscles, feathers, behavior, and how the organism actually functioned.
Herbert-Voss is skeptical about direct-to-consumer plays as vibe coding spreads. People don't pay for security voluntarily. A 10-person startup using OpenAI's models faces economics that make standalone security tools hard to sell. If the underlying tool costs $20–$200 monthly, customers balk at additional security premiums. RunSybil's bet is instead on the enterprise ecosystem—companies with massive legacy systems and genuine compliance pain where security is a revenue enabler, not a cost center.
Forward-deployed engineers matter in his model because enterprise security adoption is political, not just technical. CTOs want problems solved and security teams fear displacement. A deployed engineer builds trust, communicates with stakeholders, and reduces organizational friction, particularly valuable when the customer sees security as a bottleneck to shipping or selling rather than as intrinsic risk.