The AI that hacks better than humans just hit $1B

An AI system just beat every human hacker on the planet — and investors are pouring money into it. XBOW, the autonomous security platform built by GitHub Copilot creator Oege de Moor, just closed a $120 million Series C round at a valuation north of $1 billion. The round was led by DFJ Growth and Northzone, with Sequoia Capital, Altimeter, and Alkeon Capital also participating.

What makes this different from every other cybersecurity startup? XBOW doesn't just scan for problems — it attacks your software the way a real hacker would, then proves the vulnerability is real by actually exploiting it.

An AI reached #1 on the world's biggest hacker leaderboard

HackerOne is the world's largest platform where ethical hackers (people companies pay to find security holes) compete to discover vulnerabilities. Thousands of elite security researchers spend years climbing its rankings.

XBOW reached #1 on HackerOne's U.S. leaderboard in just 90 days — the first time a machine has ever outranked every human hacker on the platform. It submitted nearly 1,060 vulnerabilities, including 54 rated critical and 242 rated high severity.

How XBOW actually finds vulnerabilities

Traditional security scanning tools check for known patterns — like running through a checklist. XBOW does something fundamentally different. It thinks like an attacker:

In one demonstration, XBOW chained together 48 different exploits in a single simulated attack — including using a crafted image file to trick a server into revealing internal data. In another test, it cracked an encrypted cookie in 17.5 minutes by analyzing error messages from the server.

Who's behind XBOW — and why it matters

Oege de Moor isn't a random startup founder. He created GitHub Copilot (the AI coding assistant used by millions of developers) and GitHub Advanced Security. His team includes security researchers from Tesla and DeepMind, and the company's CISO is Nico Waisman, the former head of security at Lyft.

De Moor's pitch is simple: "Attackers are already using AI. Defenders need to move just as fast."

Traditional penetration testing (where companies hire security experts to try to break in) typically happens once or twice a year and takes weeks. XBOW runs continuously inside a company's development pipeline — testing every code change as it ships.

Over 100 companies already use it

XBOW's customer list includes Moderna (the vaccine maker), Samsung Electronics, and other Fortune 500 companies. The platform offers three tiers:

The company plans to double its team to 300 by end of 2026 and expand into Asia-Pacific, with a new South Korea office to deepen its Samsung partnership.

Why this signals a shift in cybersecurity

XBOW's rise reflects a broader trend: AI isn't just helping defenders — it's becoming the attacker too. Companies that previously relied on annual security audits now face AI-powered threats that operate around the clock. The old model of hiring a team of ethical hackers for a two-week engagement is starting to look like bringing a knife to a drone fight.

With $235 million in total funding and a unicorn valuation, XBOW is betting that every company will eventually need an AI hacker on their side — not to replace human security experts, but to handle the sheer volume of code shipping every day.

As de Moor put it when he founded the company: "When I founded XBOW, few believed AI could truly think like a hacker." The HackerOne leaderboard suggests they were wrong.

Related Content — Get Started with Easy Claude Code | Free Learning Guides | More AI News