Enclave raises $6M seed to find critical code vulnerabilities using LLMs — backed by Aaron Levie and Mark Benioff

some lore on the timeline. Bluetooth is such a strange name for technology. Apparently, it's named after a Scandinavian king who united Norway and Denmark. And the logo is a combination of two Norse runes. I like Bluetooth. Uh anyway, let's bring in our next guest, Tal Hoffman from Enclave. He's the founder and CEO here to tell us about Cedron. How are you doing?

What's going on?

Hey, thanks for having me. How are you?

We're good. Uh please introduce yourself and the company.

Yes, please. Uh so, I'm Dal. I'm the co-founder and CEO of Enclave. Mhm.

Essentially, we're an AI code security platform um using LLM to find critical vulnerabilities in code bases. Yeah.

The way traditional scanners want.

Yeah.

Um yeah.

So, huge week. Uh take us through how you've been processing it from your perspective. What is AI actually capable of doing? What is not there yet? Uh how have you been processing all the news around AI and cyber security this week? Yeah, I think what uh Tropic has done is like tremendous for the industry. Um I think it's a tremendous leap forward for security. Um I think the real novel thing that they did they did besides finding the unknown unknowns the vulnerabilities that have been there for decades.

Sure.

Uh were able to exploit autonom autonomously vulnerabilities.

Uh essentially exploitability is the name of the game as I see it right. U because a vulnerability that's not explo exploitable is not worth as much until right now unless something changes. Uh so I think it's a huge leap forward. Um and I think they've done very correct moving deploying it safely. Um yeah I think it's very exciting for anyone that's in code security including ourselves.

And yeah how do you see yourself fitting in? Tell me about the shape of the business, the strategy, uh how you want to roll out your products.

Yes. So I think uh especially with MOS and the recent changes, I think that it's going to be um asymmetrically deployed. Um and so I think that this creates an opportunity for other organizations that do not have access to the technology

to be proactive about it and and procure whether it's for to us or our competitors. I think it's uh net positive for the industry um especially uh with new attack surfaces being exposed uh and created and with new teams uh from regular developers to go to market and uh everything in between deploying more code. Um so I think it's a tremendous opportunity. Um yeah.

How are you thinking about interfacing with project glasswing? Do you want to fold into that and then be able to uh do things on top of the private models that are maybe deployed these in this asymmetric way or uh do you want to use other models and sort of figure out a different uh way to differentiate and add value?

Yeah. No, I think we want to go and partner with entropic that has done great work and open AI and all those big lab.

I think uh the alpha is currently in using them. Um so definitely want to partner with them. We are talking with them.

Uh again I think they are doing a tremendous job but I think ultimately most organizations do not currently have access to this technology and they need an independent uh system level reviewer that's able to constantly uh like deploy the state-of-the-art.

Tell us about the round. You raised some money.

Yes.

Yeah. Yeah. Yeah. So, uh, we have raised, uh, $6 million led by 850. Um, and then we have another a bunch of exciting investors on board like

Levi,

brother.

Mother, Mark Benny of U.

Whoa.

Yeah,

you got the dolphin in.

Dolphin.

The dolphin. You don't you don't see him him ripping ripping personal check. Uh la last question from my side. What what have conversations been with uh with customers like who who do you need to get to? Who are the key stakeholders? Uh how how diffuse is the understanding of cyber security threats these days? Uh and what are you educating customers about most frequently?

Uh yes, I think so. We have just out of beta just released the product. Uh I think for us we're trying to cater to both the security practitioners at the end of the chain like we've we are seeing very uh we are seeing a lot of anger from them to have their own CL code their own cursor write their own shiny object uh so we want to empower them but I think most importantly um we want to empower developers uh to be able to deploy safely and quickly because it's becoming very concerning. Yeah,

we can see we have some new zero days that we'll be publishing soon following responsible disclosure

and I think that like security is going to be uh very big as a role the new job you see how sexy security has become the last couple of weeks. Um so I would say like ar your security personnel u but ultimately this whole thing is very good for them. Um you can assume that bad state actors already utilize uh those those zero days so eventually um as more organizations get exposed to this powerful tech that is LLM powered security research um the safer it becomes um and I think it's become very obvious we don't have to do much education it's like the the opportunity is very obvious the problem is very obvious

how are you thinking about the business model do you want to uh sit between the code that's written and the pull request and the code review phase. Uh do you want to be actively monitoring systems in production? Both.

Yeah, definitely both. Uh but we are trying to be um like to prevent those issues to begin with whether it's through GitHub through the P request through cloud code, MCP, through cursel uh but also yeah definitely also prevent production and I mentioned exploitability. Um so context is most important here is look and looking at your and I think this is something that whis has done a great job with sure is looking at the cloud environment the run at the cloud environment at the runtime see what's exploitable what's not because you can have a 10.0 zero CVSS vulnerability that's completely irrelevant uh because it's not exposed to the internet. Um so yeah, we want to be both preventing but also finding uh live uh vulnerabilities, but right now we are focused on code. Yeah.

Yeah, makes a lot of sense. Uh well, congratulations on the round. Thank you so much for coming on and breaking it down for us and have the rest of your day. We'll talk to you soon.

See you soon.

Goodbye.

Cheers.

Um what else is in the timeline before we wrap up the show? Uh Yahoo's G800 is at Augusta. If you got really good SEO between uh 1994 and 1999, then messed everything up after that, your executive team in 2026 will still have a G800 money, says Chris Baky. That is very funny. And Preston Holland is chiming in with some crying emojis. Um

Secretary Kennedy

new podcast,

the Secretary Kennedy podcast. Derek Thompson says, "The urge to pod cannot be denied. Tech VCs and David Rubenstein are richer than God. What do they want to do in their enormously valuable spare time? Fire up a mic and pod. Yeah. What does Jamie Diamond want to do after JPM? Start a media company, i.e. pod. Again, RFK Jr. is in charge of all government health policy. What does he want to do with that power? Pod about it.

Uh, in this uh Will highlighted Jeremy's post, posting is the end state. It's the treasure that waited that awaited Alexander at the end of his conquest. It's all that's left for man after gaining the world. It's all there is at the very end of it all. Celebrities, billionaires, industrialists, scholars, all wind up as the humble poster.

Poster. Uh, David Rubenstein's podcast is deeply underrated. If you're not already listening to it, the David Rubenstein show, peer-to-peer conversations, airs on Bloomberg television. He's also done history with David Rubenstein on PBS. Uh, he is the chairman of Carlilele Group. And, uh, yes, truly, uh, very successful, but still enjoys a recorded conversation. Um, in other news, uh, The Acquired Podcast just released a new website, acquired.fm.

Stunning. Many people are calling it the most beautiful podcast website in history.

It's incredible. Really, really well done. Uh, every time you mouse over something, you get a vinyl record that pops out. Uh, I'm very excited to see uh, the physical instantiation of this and and it fits the brand perfectly. Uh, it's a great uh, uh, so many iconic episodes, so many iconic interviews. So, congratulations to uh the folks at Acquired. Every company has a story. Uh really, really welldesigned.

We got to have him back on very soon.

Uh but thank you for being with us today. We'll see you tomorrow.

It's been an honor

and a privilege to podcast with you today.

We'll see you tomorrow. Leave us five stars on Apple Podcast and Spotify. Sign up for a newsletter.