Artificial intelligence and machine learning, next-generation technology and secure development, threat detection
Funds fuel R&D automatic repair and risk prioritization tools
Michael Novinson (Michael Novinson)•
May 7, 2025
The application security startup led by a longtime checkpoint executive raised $60 million to address the surge in AI-generated code and the adversarial use of AI.
See also: Enhance your cybersecurity team with Genai
According to co-founder and CEO Neatsun Ziv, New York-based OX Security plans to use Series B investments to automate massive repairs and bridge the gap between problem identification and resolution. According to ZIV, OX wants to help focus on 5% of key vulnerabilities through wise prioritization and remediation, through wise prioritization and remediation.
“It’s always good to have a fundraiser when all the stars are in place,” ZIV told Information Security Media Group. “The market is embracing the message. Everything seemed in place. I took part in this fundraising when there was at least a year or more before I had to do a fundraiser.
Founded in 2021, OX Security employs 165 people and emerged from Stealth in September 2022, generating $34 million in seed funds led by Evolution Equity Partners, Team8 and Microsoft’s Venture Fund. The company has been led by ZIV, which spent nearly a decade on checkpoint software, and has been led by the best stints in five years leading the threat prevention and intelligence business of the Israeli giant (the UK software security code has earned mixed reviews).
How Ox Security’s approach differs from the current situation
According to ZIV, DTCP has been selected as the lead investor in OX’s Series B funding due to its long-standing relationships and shared strategic vision. He compared today’s AI-driven disruption to the early days of cloud adoption, except that the innovation cycle is six months rather than a few years. This accelerated pace requires a different approach to product planning, infrastructure and responsiveness, Ziv said.
“We’re basically making it a huge increase in R&D to help us address new challenges,” Ziv said. “So it’s really the biggest investment and it’s going to go back to the product and bolster it and fit into the new era we’re aiming to work on.”
AI models trained on large open source datasets often reuse code patterns that may already be known to contain deprecation or vulnerabilities, Ziv said. These models work with statistical correlation rather than an overall understanding of security risks, allowing us to unconsciously introduce serious problems in our codebase. Furthermore, cybercriminals are using AI to speed up development and development.
“They don’t know how to build protected code, and protected code usually means slow performance, and because they’ve learned in open source, they optimize for other things that are usually security performance,” Ziv said. “So there are many cases where machines make other decisions just because they lack context.”
He said that, rather than an overwhelming development team with thousands of low-priority alerts, Ox security uses context intelligence to isolate only the most important vulnerabilities. The system performs layered context analysis by asking questions such as “Is this vulnerability active?” “Is your password rotating?” “Is it behind two-factor authentication?” Flags important, provable, and viable issues.
“If you find a password in your code, you can say, ‘Hey, I found a password in your code,’ but there are hundreds of passwords,” Ziv said. “So the developers will ignore you.”
Why OX Security has a Repair Center Stage
While 90% of OX efforts so far have focused on detection and prioritization, ZIV sees future opportunities for solving and improving large-scale risks with minimal developer intervention. The new AI model can ingest not only vulnerable snippets, but also develop code-specific proposals that ingest surrounding contexts – variable names, logic flows, architectural patterns – and develop more usable, code-specific proposals.
“If I’m offering you a general solution, then you still need to do a lot of work to modify it into your code,” Ziv said. “What is absolutely amazing about AI is to make suggestions and blend together, so you get something amazing. Now, that’s a small mental gap, but that’s a big hurdle you need to go through. And AI is simply amazing.
One of the most interesting KPIs in OX is the amount of code changes scanned daily (currently around 100 million lines) that reflects not only the use of clients, but also the speed of changes in the software environment. According to ZIV, once flagged, OX tracks how customers fix high-priority issues after flagging them, helping with high-priority issues.
An era of misunderstanding of cloud infrastructure as a major security risk is behind us. Issues like the open S3 bucket are alleviated by stricter controls and smarter defaults. As a result, cloud security providers are beginning to pivot towards application security, but ZIV said they face challenges due to different focuses on buyer personas and organizations. This gives an edge to professional vendors like OX.
“We’re going back to the code to see if the vulnerabilities themselves and whether they’re reachable,” Ziv said. “And I think now the new generation, where Ox is part of it, is saying, ‘Hey, the only thing you can trust is what’s happening in code compared to production.’ ”
