OX Security Secures $60M to Aid Developers in Tackling Critical 5% of AppSec Risks in AI Era

Revolutionizing AppSec in the Age of Vibe Coding

In the fast-paced world of software development, the advent of vibe coding—characterized by AI-assisted creativity and rapid code generation—has transformed how developers work. While this shift has boosted productivity, it's also led to a growing security debt. To address this, OX Security has secured a $60 million Series B funding round, led by DTCP and supported by IBM Ventures, Microsoft, Swisscom Ventures, Evolution Equity Partners, and Team8, bringing their total funding to $94 million.

This funding couldn't come at a more critical time. The influx of clean-looking yet potentially vulnerable code from AI tools, combined with traditional human errors, has overwhelmed existing Application Security (AppSec) tools. These tools often flood teams with alerts, many of which are irrelevant, leading to developer fatigue and missed vulnerabilities that could result in serious breaches.

Neatsun Ziv, CEO and Co-founder of OX Security, emphasized the challenge: "As AI-generated code becomes commonplace, the risks it introduces are often hidden beneath seemingly harmless code, which traditional security tools are ill-equipped to detect. OX is pioneering agentic code review, using AI enhanced with critical thinking modules to mimic the judgment of top security engineers. We continuously model risk across both AI and human-generated code to identify and prioritize the vulnerabilities that truly matter."

AI-Powered Security for an AI-Generated World

OX Security's approach is all about precision over volume. They focus on the 5% of issues that are exploitable, reachable, and impactful—those that could realistically be used by attackers to cause breaches. Their platform employs an Application Security Posture Management (ASPM) engine that integrates static and dynamic analysis, software composition, CI/CD pipelines, cloud infrastructure, and runtime behaviors. By modeling exploitability, analyzing attack path reachability, and correlating findings with business impact, OX provides a risk profile that's meaningful, manageable, and actionable.

The AI-driven prioritization engine integrates with over 100 developer and security tools, and its deployment is quick—often completed in just a few hours. This allows DevOps and AppSec teams to seamlessly embed OX into their existing workflows without slowing down.

The Real Problem: Too Many Alerts, Not Enough Context

Modern enterprises use a variety of security tools, from SAST and DAST to SCA, CSPM, and runtime monitoring. However, the sheer volume of alerts from these tools, without unified prioritization, leads to developers ignoring or delaying fixes, security teams wasting time on low-priority issues, and critical vulnerabilities being overlooked.

Ziv added, "Any security tool can find endless vulnerabilities and issue a nonstop stream of alerts. We're here to pinpoint which specific vulnerabilities will actually lead to breaches—and make it clear what to fix first."

OX's platform offers code-to-cloud traceability, translating security issues into terms developers can understand, and providing guided fix recommendations. Its unified dashboard centralizes vulnerabilities, risk assessments, and remediation workflows, helping teams reduce their mean time to remediation (MTTR) from weeks to days.

Why Now? A Perfect Storm for AppSec

In a recent blog post, Ziv highlighted the urgency of this funding round. "More code is being generated than ever before—much of it by generative AI. Disclosed vulnerabilities are increasing at an alarming rate. Threat actors are executing attacks faster, weaponizing software vulnerabilities in record time—often with AI assistance. Yet, AppSec budgets and resources have remained relatively flat."

This imbalance creates a dangerous situation: a larger attack surface, faster exploits, but the same limited security coverage. OX was founded in 2021 by Neatsun Ziv and Lior Arzi, both veterans from Check Point, in response to this new landscape, particularly following the SolarWinds supply chain attack. Their goal was to build an AppSec platform that reduces risk by helping teams focus on what matters most.

Trusted by Global Leaders

Today, OX Security is trusted by over 200 organizations across various sectors, including fintech, healthcare, cloud, and enterprise software. Clients include Microsoft, IBM, SoFi, eToro, FICO, Tomorrow.io, and 888 Holdings. Security executives praise OX for its ease of integration, exceptional customer support, and its ability to deliver real security improvements. Key benefits cited include:

• End-to-end traceability
• Faster triaging and resolution
• Automated remediation workflows
• Confidence in code before deployment

Danny Wishlitzky, Head of IT and Cybersecurity at Proximity, noted, "OX Security supports our need for transparency and end-to-end traceability. This provides us with greater control—blocking vulnerabilities and improving accuracy throughout the development lifecycle."

What’s Next? Building the Future of Secure Development

The $60 million infusion will fuel OX's next wave of innovation. Upcoming priorities include:

• Deeper support across the entire toolchain
• More precise risk modeling
• Broader visibility throughout the SDLC
• Enhanced automation of triage and fixes
• Global go-to-market expansion

OX plans to continue leading the shift from fragmented tooling to unified, AI-driven application security, especially as vibe coding and generative AI become central to software development.

Dean Shahar, Managing Director at DTCP, said, "OX is the precision blade that slices through the noise of endless vulnerabilities. As generative AI accelerates code creation beyond human scale, OX delivers laser-sharp accuracy to secure the ever-expanding attack surface."

The future of AppSec isn't about detecting more—it's about knowing more. OX Security is ushering in a new era where alerts are contextual, risks are quantifiable, and fixes are prioritized based on real-world impact. For developers and security professionals navigating the era of vibe coding, OX offers the clarity the industry has been desperately seeking.

Neatsun Ziv concluded, "Let's stop chasing noise and focus on the 5% that matters."