Enclave raises $6M seed to find critical code vulnerabilities using LLMs — backed by Aaron Levie and Mark Benioff

Enclave, an AI code security platform, has raised a $6M seed round led by 8VC, with angel participation from Aaron Levie (Box) and Mark Benioff (Salesforce). Founder and CEO Tal Hoffman says the company uses LLMs to find critical vulnerabilities in codebases that traditional scanners miss.

The core problem

Hoffman's argument is that exploitability, not just vulnerability detection, is what matters. A vulnerability with a CVSS score of 10 that isn't exposed to the internet is irrelevant; one that's buried in production code and reachable by a bad actor is the real threat. He cites Wiz as a reference point for doing this well on the cloud side, reading the runtime environment to separate real exposure from theoretical risk.

Enclave is positioning to do the equivalent at the code layer, sitting between the pull request and production rather than replacing either. The product integrates with GitHub, Cursor, and Claude's Code via MCP, with plans to cover live production monitoring as well. Hoffman says the company is just out of beta.

“What Anthropic has done is a tremendous leap forward for security. The really novel thing they did besides finding the unknown unknowns — the vulnerabilities that have been there for decades — is they were able to exploit vulnerabilities autonomously. Exploitability is the name of the game... We have some new zero days that we'll be publishing soon following a responsible disclosure.”

Asymmetric deployment as the pitch

Anthropic's recent work, which Hoffman describes as a major leap for the industry, demonstrated autonomous exploitation of previously unknown vulnerabilities. His read is that this capability will be asymmetrically deployed — sophisticated state actors and well-resourced organizations will have access to it before most enterprises do. That gap is Enclave's commercial opening. He says he's in active conversations with Anthropic and OpenAI about partnerships, framing Enclave as an independent, system-level reviewer that keeps pace with frontier model capability.

Customer motion

Enclave is targeting both security practitioners and developers directly, arguing that developers shipping more code faster with AI tooling are creating new attack surfaces faster than security teams can review them. Hoffman says he doesn't need to educate customers much — the threat is visible enough that demand is pulling. The company has zero days in responsible disclosure that it plans to publish soon, which will serve as product validation.

The investor names — Benioff and Levie alongside 8VC — signal enterprise distribution ambitions. Whether Enclave can hold its position as the frontier labs build deeper into security tooling themselves is the open question Hoffman doesn't fully address.