Exclusive: VulnCheck nabs $25M Series B funding
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
Threat intelligence startup VulnCheck has raised a $25 million Series B round led by Sorenson Capital, the company first shared with Axios.
Why it matters: AI tools are helping researchers uncover even more software bugs, driving market appetite for tools that can help security teams sort through the growing backlog.
Zoom in: Founded in 2021, VulnCheck provides both enterprise and government customers with an autonomously updated dataset about the most critical vulnerabilities out there and how hackers are exploiting them.
- The data helps companies sift through the flood of bug reports tied to flaws across their software environments.
- In the last year, VulnCheck grew enterprise annual recurring revenue by 557% and government ARR by 306%, CEO Anthony Bettini told Axios.
- The latest funding brings VulnCheck's total venture funding to $45 million. National Grid Partners joined the round as a new investor, alongside existing backers Ten Eleven Ventures and In-Q-Tel.
What they're saying: "The vulnerabilities that are getting exploited typically aren't zero days," Bettini said.
- "They're typically vulnerabilities that are... publicly disclosed, and what's happening on the threat actor side is they're exploiting them faster and faster — and that's largely due to automation."
The big picture: AI models are getting better at finding and validating bugs in software. Anthropic's Claude Opus 4.6 model, released earlier this month, identified roughly 500 zero-day flaws in open-source software during initial testing.
- At the same time, the rise of "vibe coding" — or writing code quickly and experimentally with the help of AI — is accelerating the release of insecure applications.
- "What I would want if I was an enterprise is a way to shortcut it and prioritize the [most severe] issues most quickly — and that's exactly what VulnCheck does with their exploitability data," Ken Elefant, a partner at Sorenson Capital, told Axios.
Between the lines: AI may accelerate vulnerability discovery, but automating the rest of the vulnerability management lifecycle is far more complicated.
- Patching and testing how severe a bug is requires nuanced information about each individual system, and creating a patch isn't a guarantee if a system needs to be completely rebooted or is in operational technology that can't be shut down (like a tool that helps run a railroad).
What's next: VulnCheck plans to use the funding to hire, expand its product offerings, and deepen its international footprint.
Go deeper: The autonomous world is arriving. No one is ready.
