Nullify secures $5.2 million for its code-scanning cybersecurity bot

Australian cybersecurity AI startup Nullify has secured $5.2 million in seed funding for its security bot. The round, first reported by Startup Daily, was led by Two Sigma Ventures and Root Ventures. This follows a $1.1 million pre-seed round in 2023.

The company was founded by Shantanu Kulkarni, Tim Thacker, and Tony Mao, who previously developed and taught cloud cybersecurity at the University of New South Wales (UNSW). Their professional experiences in cloud security roles within the financial, health insurance, and technology sectors exposed them to the ongoing challenges of secure software development.

Nullify’s security bot assists software developers and security teams in identifying and resolving security vulnerabilities within their code. The tool is embedded directly into the workflow and scans the code for vulnerabilities anytime it’s updated. It also utilises AI to then fix any issues it finds.

Nullify uses a combination of open-source resources and generative AI to identify, prioritise, and rectify security flaws.

Nullify is already in early access use by enterprises and scale-ups around the globe, with a public release scheduled for the end of June as part of NY Tech Week.

“Demand for Nullify is growing super fast as our annual recurring revenue (ARR) has already tripled since the inception of our company, all before launching a generally available product,” Tony Mao, co-founder of Nullify, said to SmartCompany.

“This is exciting, but it also means we need to hire to build product faster and meet the demand. We will be using our funds to invest heavily into R&D to build out the AI Security Engineer to help understaffed security teams in big organisations fix security issues in 10x less time.”

During the company’s pre-seed round in mid-2023, Shantanu Kulkarni, co-founder and CEO of Nullify, emphasised the increasing pace at which developers are expected to push code and the strain this puts on security teams to maintain software security.

“Nullify is built for organisations to enable their developers, and not just security teams, to own the security of the software they build,” Kulkarni said in 2023.

“By leveraging both open-source tools and generative AI, Nullify can detect, prioritise and fix security vulnerabilities for developers, saving them hours each week on security work and allowing them to spend more time building software.”

According to Nullify, we’re in a pivotal moment for cybersecurity, underscored by recent major cyberattacks and the new national cybersecurity regulations introduced by the Australian government.

These regulations, which are estimated to cost the industry up to $9 billion, reflect the growing need for advanced security testing capabilities in response to an evolving cyber threat landscape.

And the money is flowing in that direction, too. In addition to Nullify’s latest cash injection, we saw it in recent weeks with Bugcrowd’s $156 million raise. Incidentally, Sajeeb Lohani, Director of Cyber at Bugcrowd is also an angel investor in Nullify’s seed round.

At the time of Bugcrowd’s raise, CEO Dave Gerry pointed to supply chain risks being under the microscope across 2024.

And this is something Nullify is focused on, aiming to mitigate the risks associated with software supply chain vulnerabilities, offering businesses a proactive solution to detect, triage, and fix potential security issues.