An AI Agent That Hacks Like a Human — And Just Raised $40M to Prove It

The cybersecurity industry has long faced an uncomfortable paradox: as software grows more complex, the pool of elite penetration testers capable of finding critical vulnerabilities only shrinks. On March 18, 2026, RunSybil announced a $40 million Series A led by Khosla Ventures to solve this problem with AI agents that autonomously hack enterprise software — finding, exploiting, and documenting real vulnerabilities without a human in the loop.

The round drew a roster of investors that reads like a who's-who of AI and cybersecurity: S32, Anthropic's Anthology Fund (the $100M joint venture with Menlo Ventures), Conviction, and Elad Gil all participated. Angel investors include Nikesh Arora (CEO, Palo Alto Networks), Amit Agarwal, Jeff Dean (Google), and leaders from OpenAI, Stripe, and Google. When the CEO of the world's largest cybersecurity company and the godfather of deep learning at Google both write personal checks into an early-stage startup, it signals something significant.

From Hacker Kid to OpenAI's First Security Hire

RunSybil's origin story begins with Ari Herbert-Voss, a founder whose biography reads like a cybersecurity thriller. Growing up in a mostly Mormon community in Utah, Herbert-Voss was drawn to the online hacker scene in middle and high school. He pivoted away when friends "started getting arrested," redirecting his talents toward a Ph.D. in machine learning at Harvard.

The inflection point came in 2019 when OpenAI released GPT-2. Herbert-Voss immediately grasped its implications: "This changes everything about the economics of what it would take to run a cyber campaign." He sent hacking demos to Sam Altman and Jack Clark (then OpenAI's head of policy, later Anthropic co-founder), and was hired as OpenAI's first security research employee. He dropped out of Harvard to take the role.

For three years at OpenAI, Herbert-Voss watched language models grow exponentially more capable. By 2022, he became convinced that offensive cyber capabilities would evolve rapidly as powerful models became widely available. He left OpenAI and founded RunSybil in 2023 with Vlad Ionescu, who had led offensive security red teams at Meta and worked alongside "the best red teamers in the industry."

Inside Sybil: Black-Box AI Pentesting

RunSybil's core product is Sybil, an AI agent that conducts continuous, autonomous penetration tests against live applications. What sets it apart from the crowded landscape of security tools is its approach: Sybil is a black-box testing platform that requires zero access to source code.

Unlike static code analysis tools (including Claude Code Security or OpenAI Codex's security features), Sybil reasons like an actual attacker. It dynamically interacts with live systems, discovering forgotten endpoints, probing authentication boundaries, and — critically — chaining multiple vulnerabilities together to find paths to sensitive data. The entire process runs autonomously.

The results are tangible: RunSybil claims a 90%+ reduction in false positives compared to conventional vulnerability scanners. Because Sybil actually exploits the vulnerabilities it finds, it only reports issues that are genuinely exploitable — eliminating the noise that buries security teams.

"Not as a project, but as a permanent capability embedded in how they build," Herbert-Voss said, describing how RunSybil integrates into engineering workflows. As AI coding tools like Cursor and GitHub Copilot accelerate code production, continuous autonomous security testing becomes not a luxury but a necessity.

The Investor Signal

The composition of this round tells a story beyond the $40M headline.

Khosla Ventures leading the round reflects Vinod Khosla's conviction in frontier AI applications. "What it takes to add security and penetration testing to the AI world is definitely frontier — RunSybil is on the edge," Khosla stated, while also noting strategic concerns about "AI's cyber capabilities falling into adversaries' hands like China."

The Anthology Fund's participation is particularly noteworthy. This $100 million vehicle, jointly managed by Anthropic and Menlo Ventures, targets AI startups across infrastructure, applications, and trust & safety. For Anthropic — a company built on AI safety — to invest in an offensive security AI startup signals a nuanced understanding that better attack simulation is essential to better defense.

Nikesh Arora investing personally is perhaps the strongest signal. As CEO of Palo Alto Networks (market cap ~$120B), he has more visibility into enterprise security trends than almost anyone. His participation suggests that autonomous pentesting is a category that even the largest incumbents view as legitimate and complementary rather than threatening.

Valuation was not disclosed, but the caliber of investors at a $40M Series A for a company founded in 2023 suggests a premium valuation reflecting both the founders' pedigree and early customer traction.

Market Opportunity: Timing Is Everything

The global penetration testing market was valued at $2.45 billion in 2024 and is projected to reach $6.25 billion by 2033 (12.5% CAGR). The U.S. market alone is expected to grow from $1.98 billion in 2025 to $4.38 billion by 2031 at a 14.2% CAGR.

But these numbers understate RunSybil's opportunity. The traditional penetration testing model — hire expensive consultants, wait weeks for a report, remediate, repeat quarterly — is fundamentally broken in an era where AI coding assistants can generate thousands of lines of code per day. The mismatch between accelerating development velocity and static security testing cadences creates an expanding attack surface that only autonomous, continuous testing can address.

The shift toward Penetration Testing as a Service (PTaaS) and AI-driven continuous security validation is already underway. AI-powered pentesting tools reduce testing time by up to 30%, and 80% of organizations cite regulatory compliance as a primary driver for adoption. Sectors like finance, insurance, and healthcare — where compliance audits are frequent and stakes are existential — represent natural beachheads.

Competitive Landscape

RunSybil enters a market with several notable players:

• Horizon3.ai (NodeZero): The most established autonomous pentesting platform, dynamically traversing networks and chaining exploits. Primarily focused on internal network penetration testing.
• Pentera: An automated security validation platform providing risk-based remediation roadmaps. More focused on breach and attack simulation than true autonomous hacking.
• XBOW: An AI-powered offensive security platform achieving up to 75% success rates on web security benchmarks.
• Traditional firms (Cobalt, Synack, HackerOne): Human-driven pentesting and bug bounty platforms increasingly under pressure to integrate AI.

RunSybil's differentiation lies in its pure black-box approach — no source code, no internal access, just external interfaces. This most faithfully replicates a real attacker's perspective. Combined with the founding team's unique intersection of frontier AI research (OpenAI) and elite offensive security operations (Meta red team), RunSybil occupies a distinctive position that is difficult to replicate.

Customers and Traction

For a company that launched just a few years ago, RunSybil's customer list is striking. Named customers include Cursor (AI code editor), Notion (collaboration platform), Baseten (AI infrastructure), Turbopuffer (vector database), and Thinking Machines Lab (AI research). The company also serves "several major financial institutions and Fortune 500 companies" that have not been publicly named.

The diversity of this customer base — from cutting-edge AI startups to risk-averse financial institutions — suggests broad product-market fit. It also validates Herbert-Voss's thesis that every company shipping software needs continuous penetration testing, regardless of size or industry.

Risks and Open Questions

No analysis would be complete without addressing the risks.

Dual-use concerns are the elephant in the room. A tool designed to autonomously hack software could, in the wrong hands, become an offensive weapon. Khosla himself flagged concerns about AI cyber capabilities reaching adversaries. How RunSybil manages access controls, model security, and responsible disclosure will be watched closely.

Regulatory uncertainty looms. California's AI oversight unit is reportedly investigating autonomous security agents that probe live systems. As AI regulation evolves globally, RunSybil may face compliance requirements that constrain its product's capabilities or go-to-market approach.

Scaling enterprise sales with a small team will test execution. The $40M war chest will fund engineering expansion, security research, and go-to-market acceleration, but converting Fortune 500 pilots into seven-figure enterprise contracts requires building trust in a category where the consequences of failure — a missed vulnerability, or worse, an AI agent causing unintended damage to a production system — are severe.

What to Watch

RunSybil's $40M Series A marks a pivotal moment in the convergence of AI and cybersecurity. The company sits at the intersection of three powerful trends: the explosion of AI-generated code creating new attack surfaces, the chronic shortage of elite security talent, and the maturation of AI agents capable of complex autonomous reasoning. With a founding team that uniquely bridges frontier AI research and offensive security operations, backing from the most prestigious names in both AI and cybersecurity investing, and early traction with customers ranging from Cursor to Fortune 500 banks, RunSybil is positioned to define the autonomous offensive security category. The key question isn't whether AI will transform penetration testing — it's whether RunSybil can maintain its edge as the inevitable wave of competition arrives.