DepthFirst raises $80M Series B in under 90 days to build AI vulnerability detection for enterprise

Summary

DepthFirst closes $80M Series B in under 90 days

DepthFirst has raised an $80M Series B from Veritech, less than 90 days after its previous raise in January 2026. The pace reflects what Mithani describes as strong enterprise traction — customers are generating enough pull that the company moved to double down on research before the prior financing had time to season.

What the product does

DepthFirst deploys agents into enterprise environments by connecting to a company's code repository and its staging and production systems. The agents map expected application behavior, identify deviations, replicate vulnerabilities in production, and then deliver remediation instructions to developers and downstream agents. Customers include Fortune 500 companies as well as fast-growing tech names including Lovable, ClickUp, and Supabase.

“My name is Kasim Mitani. We are building intelligence to discover and remediate vulnerabilities at scale in an enterprise environment. We just raised an $80,000,000 Series B round. We raised in early January, so it's been less than ninety days. We were able to do better than Opus 4.6 at one tenth of cost on this particular benchmark.”

DFS Mini One

Alongside the raise, DepthFirst launched DFS Mini One, an in-house vulnerability detection model. The company used an open-source base model, planted vulnerability flags in controlled environments, and ran a reinforcement learning loop to improve detection performance. Mithani claims the model outperforms Claude Opus 4.6 on their internal vulnerability benchmark at one-tenth of the cost.

The founding team's background shapes the research direction. Co-founder Andrea Michi spent seven years building reinforcement learning at DeepMind before 2019, well before large language models became mainstream. Co-founder Daniele previously co-founded Fair Wholesale and led security at Square and Cash App.

Mythos and the competitive landscape

Anthropic's Mythos announcement, which surfaced the day before this conversation, drew a measured response from Mithani. He frames it as market validation rather than a threat, noting that Anthropic is already a DepthFirst partner. DepthFirst uses multiple frontier models across its pipeline, selecting each model for the task it performs best: Claude for code analysis, other models for capture-the-flag-style vulnerability detection.

His argument is that enterprise deployment requires more than a capable model. Ingesting cloud configuration data, firewall state, WAF presence, and deployment topology is what produces actionable vulnerabilities rather than raw findings. The click-to-fix remediation layer is where he believes DepthFirst's value concentrates.

On open-source vulnerability research, DepthFirst has run its model across public codebases and found hundreds of bugs, including vulnerabilities in Chrome and Linux. The company is disclosing them responsibly to avoid giving attackers a head start.

Nvidia and model sourcing

On whether DepthFirst fine-tunes on Chinese open-source models, Mithani says the company is experimenting but prefers American models. He mentions meeting Jensen Huang the day before, says Nvidia is a partner, and quotes Huang as being enthusiastic about security as a critical layer in an agentic AI world. Huang also indicated Nvidia plans to release open-source models, which Mithani says DepthFirst is watching closely.