DepthFirst raises $80M Series B in under 90 days to build AI vulnerability detection for enterprise

Speaker 1: When when when did you raise the last round before this? We raised in

Speaker 6: early January. So it's been It's remarkable. Less than ninety days. And the reason why we raised it was because we're seeing so much traction. Yeah. Customers are seeing so much value from our product. Mhmm. And we're doubling down on our research efforts like like you mentioned at the top of the segment. So Yeah. We are investing really heavily on

Speaker 1: training and fine tuning our own models. Mhmm. Let's talk about the customer impact first. What are the companies that are using your service and plugging in and getting value and sort of walk me through the user journey of actually working with you? Yeah. That's a very good question. So

Speaker 6: we work with some of the largest companies in the world, Fortune 500 companies. We also work with really fast growing startups Yeah. Ranging from companies like Lovable, ClickUp Sure. Superbase, like, top names in in tech. Yeah. The way they use our product is that they connect their code repository and their environments, so their staging and their production environments. Yeah. And then we go our agents go and figure out how the application is supposed to run and then deviations from the expected behavior. Mhmm. So they figure figure that out, they replicate it in prod in production, production, and then they give, like, remedial remediation instructions to agents and developers.

Speaker 1: And on the research side, walk me through building an in house model. What was special about that? Did you have to use I I imagine you didn't do a whole base pre train yourself, but what what what is unique about the model, and what were the keys to success?

Speaker 6: Yeah. So, you know, we when we started the company almost two years ago, we really believed that software security is a very deep problem. Now everybody in the market seems to realize that. But back then, people thought that, you know, the CrowdStrike and Palo Alto was a monopoly in the market. Mhmm. But in the age of AI, as code is being written faster than ever before and attackers are already leveraging AI to exploit vulnerabilities, a new type of solution needs to exist, and that's what Deferred is. Mhmm. So we invested very heavily in building a world class research team. My cofounder, Andrea Michi, comes from DeepMind. He spent seven years building reinforcement learning there before LMs were sexy. This is, like, back in 2019. And my other cofounder, Daniele, was the cofounder of Fair Wholesale. And before that, he led security at Square and Cash App. So that's our background as a founding team, and then we also have, like, some of the top researchers in the world working with us. In terms of, like, building our own model, we used GPT OSS as our base model, and then we took vulnerability data, we planted flags, and then we had the model try to find those flags. Sure. And then we use an RL loop to Mhmm. To basically improve the model's performance. And we were able to do better than OPUS four dot six at one tenth of cost at Wow. In this particular benchmark. That's very cool. What was your reaction to the Mythos news yesterday? It seems like

Speaker 1: really remarkable results in in bug finding and and and vulnerability tracing, lots of partnerships. How did you process the news? What what are the key takeaways?

Speaker 6: Yeah. I mean, I think it's amazing news. It's like validation that security is such an important area in the age of AI. Something that we believed for two years, you know, the reason why I work sixteen hours a day is because I believe that in the age of AI, like, know, software needs to be secure. Yeah. So I'm really happy Anthropic is investing in this. Yeah. And Anthropic is also one of our partners. So we work with Anthropic, we work with OpenAI, we work with DeepMind, we work with all the labs, and our product sits on top of that. So we use the best model for the use case that the model's good at. So we use, you know, four dot six for code analysis. We use, like, other product other models for Sure. Capturing the flag type of vulnerability detection I mentioned. So it's good news overall. But, you know, in an enterprise environment, complex enterprise environment, you need to ingest all types of data. You need to figure out, like, the cloud environment, how, like, the software is deployed. You need to figure out if there's a firewall there, if there's a WAF there. And our product ingests all of that data and then gives, like, actionable vulnerabilities, the ones that really matter to our customers. And then with a click of a button, they can just fix it. So we see that as being a significant value add for product.

Speaker 1: Talk about the decision to plant the flags yourself versus what what it appears Mythos did was was just look across every single open source project and just sort of Yeah. Maybe brute force a bunch of vulnerabilities until they found bugs all over the place. And it seems like they were able to find a lot of different stuff by just throwing every possible hacking technique at every possible open source repo. Is that the correct way to think about that strategy? And then do you think you'll wind up doing something like that in the future?

Speaker 6: So we did both, actually. So we run our product, our model on open source too. So, like Okay. We found hundreds of bugs. Yeah. We're responsibly disclosing them because we don't want to Yeah. Of course. Get them get them out there, you know, so attackers can exploit them. Yeah. We So found vulnerabilities in Chrome, we found vulnerabilities in like Linux, like in really deep, you know, software that's existed for So like not very heavily used products.

Speaker 1: No. Only the most used products Only the most used, yeah. Yeah.

Speaker 6: So and that's helped us improve our product, and we have team of world class security researchers on staff. Yeah. So people who hacked iPhones for a living, you know, thankfully, they're working for us. Yeah. But, like, those types of folks who are going and evaluating the the results. Yeah. And then helping us improve the model based on that and improve the product and the model. Well, thank you for everything that you do. We need more white hat hackers than ever. Very clearly, we were just talking about the Axios hack. George One one final,

Speaker 2: question Tyler on our team wanted us to ask. Why not use, are you, fine tuning on any of the Chinese open source models or do those, scare you?

Speaker 6: We we are experimenting with some of them, but we would we're an American company, we would love to use American models. I was actually I met Jensen Huang yesterday Mhmm. And it was so amazing to see the investment that's going in in this area, especially in training source models. He's gonna do open source models too. Right? Yeah. Yeah. So we're very excited and we're partnering with NVIDIA and he loved our vision. He Okay. He thinks that in the age of AI, I mean, as agents are everywhere, security is gonna be, like, extremely important. So he's completely bought in to our vision to our vision, and he's really excited about it. Yeah. Very cool. Great. Congratulations on the progress in the round. We will talk to you soon. Have a good day. Thank you. Talk to you soon. Bye. Nice meeting you. Bye.

Speaker 1: Up next, we have the cofounder and CEO of Mutiny. Mutiny just raised $72,000,000 from Sequoia Capital and Y Combinator, reaching eight figure ARR. Woah. Bringing Jalay Razay from the waiting room into the Ultradome. How are you doing? Going on? Good. How are you? We're good. Thanks so much for joining the show. Please give us an introduction of yourself and the company.

Speaker 10: So I'm Jaleh. I'm the cofounder and CEO of Mutiny. And yesterday, we announced the new Mutiny, which is an AI agent that companies like Rippling and Snowflake use to create anything customer facing in order to get a deal from cold all the way to closed. Okay. Yeah. Walk me through I mean,

Speaker 1: what does that actually mean? Add assets to landing pages, battle cards? Like, walk me through the the the workflow of closing customers in the modern era.

Speaker 10: Yeah. Absolutely. So