DryRun Security, a Texas-based AI-native startup delivering application security (AppSec) for development and security teams, has snapped $8.7 million in seed funding. The round was led by LiveOak Ventures, which backed Fastn and Work-Bench with participation from Cannage Capital.
With this new funding and product launch, the company is poised to change the way teams approach application security. DryRun Security will use the investment to increase its engineering hires and grow its Go To Market (GTM) function.
Challenges in AppSec market
Every company today is managing more code than ever before, and AppSec professionals are challenged to identify the needle in the haystack of code changes that deserve further review. Security issues backlogs are growing while developers fumble through confusing results from code scanning tools that can’t support new technologies fast enough. All of this is creating a system where developers often bypass (or ignore) security review and the security team is left to retrofit old tools by writing new rules that aren’t easy to maintain and result in growing technical debt.
DryRun Security finds the needle in the haystack of code changes so AppSec teams spot unknown risks before they start.
What does the company do?
DryRun Security was co-founded in 2023 by two application security luminaries, James Wickett and Ken Johnson. Having worked in the AppSec space for years, the founders shared a vision for empowering development teams to build secure software without disrupting their workflows.
It goes beyond AI and LLM’s early automation capabilities to build what it calls Contextual Security Analysis (CSA). This approach both identifies security risks and seamlessly integrates mitigation into developers’ workflows. CSA layers static context, change context and application context to make contextually aware assertions in near real-time and is ideal for distributed, modern applications and teams. It fits naturally in an organisation practicing DevOps, prioritises reducing security tool pressure on developers and makes it easy for developers to reason about security.
The company is also introducing Natural Language Code Policies (NLCP), a game-changing feature that frees AppSec teams from the painstaking work of building and maintaining scripted policy rules. By allowing them to define their security policy in an intuitive, domain-focused way, NLCP cuts the overhead of custom rule writing and helps teams get coverage across all of their code bases without worrying about the language or framework.
“DryRun Security is a true leap forward in application security, enabling application security teams to identify code risk in a way that previously wasn’t possible,” said Creighton Hicks, Partner at LiveOak Ventures. “The current generation of pattern-matching tools strictly looks at the literal syntax of code. DryRun Security is built from the ground up to leverage the latest in AI technology. This not only eliminates the need to write complicated pattern-matching rules but also goes beyond the literal syntax to understand risk based on code context and behavior. For the first time, DryRun Security enables the left hand of application security to know the security implications from what the right hand of development is doing, even if there’s not technically an insecure line of code.”
“We know how frustrating it is when risky code slips in unnoticed—especially for AppSec teams who want to stay on top of every critical change,” said James Wickett, co-founder and CEO of DryRun Security. “That’s why we built DryRun to find the ‘needle in the haystack’ of code changes, so teams can spot unknown risks before they start—without slowing developers down. Our early customers are already seeing tangible, day-one improvements in their security posture, validating that modern, AI-native application security tools can finally keep up with the code velocity of today’s software development teams.”
“With DryRun Security, we’ve transformed how we manage application security across our global development team. The GitHub integration ensures that our developers get precise and instant feedback directly in their workflow, enabling them to fix security issues without skipping a beat. The tool has not only helped us catch risks like hardcoded credentials early but has also fostered a culture of security among our developers. DryRun Security is an indispensable part of our AppSec toolkit,” said Gary Gonzalez, CTO at PlanetArt.
The post AI-powered AppSec: DryRun Security secures $8.7M to tackle growing code risks appeared first on Tech Funding News.