Allow me to start with some context. We’re living in a world shaped by four undeniable trends:
- More code is generated than ever before — much of it by GenAI.
- Disclosed vulnerabilities are growing at a staggering pace — up 25% year over year.
- Threat actors are executing attacks faster, weaponizing software vulnerabilities in record time — often with the assistance of AI.
- Despite all this, AppSec budgets and resources have remained relatively flat.
More code. More vulnerabilities. Faster attackers. Same defense.
In a world where every cybersecurity trend is working against honest businesses, security and operations teams’ abilities to respond are eroding by the day. Something has to change. Defenders and protectors need to focus — but not on everything. We already know that’s too much to manage. More ≠ better.
Security and Ops teams must hone in on the 5% of risks that actually matter.
But how do you know…with certainty…what matters?
That’s why OX exists.
Today, I’m excited to share that OX Security has raised $60 million in new funding, increasing our total raise to $94 million, led by DTCP with participation from IBM Ventures, Microsoft, Swisscom Ventures, Evolution Equity Partners, and Team8.
But this isn’t just a funding milestone. It’s fuel for a mission we care deeply about: helping security teams focus on what matters with software security.
Why This Round, and Why Now?
AppSec has a focus problem. Organizations are using more AppSec tools than ever. SAST, DAST, SCA, CSPM, CI/CD scanning, runtime protection — you name it. But all this tooling has created a new problem: thousands of unprioritized problems; dozens of disconnected tools; and no good way to discern which vulnerabilities are reachable, exploitable, and would have a business impact if compromised.
This all results in a flood of security tickets that lack context, relevance, or prioritization. It’s no wonder software developers are frustrated with security teams; fixing “all the things” doesn’t work.
Which is why we started OX — to build more than an AppSec tool. More than an off-the-shelf ASPM. We set out to redefine how security and development teams work together. Our mission was — and remains — to provide developers and AppSec teams with one unified platform that offers total visibility and clear actionability. And unlike other AppSec and ASPM tools, OX doesn’t just detect more risks — it helps teams fix the right ones.
Since launching almost 4 years ago, we’ve been blown away by the response from the market. Enterprises across industries — from fintech to healthcare to Fortune 100 software — have adopted OX to bring order to their AppSec chaos.
The Application Security Platform Enterprises Use
The OX Security Unified AppSec platform connects every signal across the software supply chain — code, pipeline, cloud, runtime — giving our customers a unified view of what’s real, what’s reachable, and how it impacts risk. OX then helps ensure the right people have the information they need to drive down risk and ensure software is delivered securely, on time, and without onerous effort.
This is a true paradigm shift.
OX’s Code Projection and precise prioritization deliver on the broken promises of legacy AppSec tools, whose flood of alerts has become their Achilles’ heel. As GenAI accelerates code creation, OX unifies fragmented AppSec solutions into a single, cohesive platform. The result? Laser-sharp accuracy that helps secure the ever-expanding attack surface — without slowing teams down.
What’s next?
This new funding round will allow us to continue to lead the charge in redefining software supply chain security. It will help OX accelerate our momentum and give our teams even greater power to:
- Expand support across your toolchain so OX works wherever and however you build software
- Develop even more precise prioritization models to highlight what’s reachable, exploitable, and matters to your business
- Increase your visibility across the SDLC for a full picture of what’s actually at risk
- Build new workflows so your teams can resolve issues automatically
- Continue go-to-market expansion to bring ASPM to more enterprises around the world
We believe the future of AppSec isn’t about more tools or more data. It’s about the right data, with the right context…and putting that data to work so teams can fix what matters, without distraction, without delays. All of this is possible, but it’s not possible with the same old, same old.
If you’re building modern applications and want a smarter, more focused way to manage risk, we’re here to help.
Let’s stop chasing noise and focus on the 5% that matters.
P.S. That 5% figure? It’s not a guess. We’ve got the data to back it up. Let us show you how we cut your security debt by 95% in under 90 minutes.
)
