Logo Light Veria Labs
Overview
Announcing our $3.2M Seed Round

Announcing our $3.2M Seed Round

We spun out of the #1 hacking team in the US and raised a $3.2M seed to make getting hacked a thing of the past.

Stephen
February 9, 2026
3 min read
index

We spun out of the #1 hacking team in the US and started Veria Labs (YC F25) to make getting hacked a thing of the past.

Today, we’re announcing our $3.2M seed.

We’ve spent years breaking into some of the most well-engineered products in the world. Billion-dollar companies with great teams. One bug we caught would’ve let an attacker steal over $1B if left unpatched.

We’re good at what we do. But even when you hire the best hackers, they get two weeks and a massive scope to cover.

The Problem with Pentesting

Every company that takes security seriously eventually hires a pentest team. The best ones are expensive, in high demand, and booked out months in advance. When they finally show up, they typically get a two-week engagement window and a massive scope to cover - every endpoint, every authentication flow, every integration, every edge case.

No matter how talented the team, two weeks isn’t enough. Pentesters have to make hard tradeoff decisions about where to focus their time. They can only focus on so much.

Something always gets missed.

Meanwhile, the company’s codebase keeps changing. New features ship weekly. New attack surface appears constantly. That pentest report from three months ago? It’s already stale.

This is the reality of application security today: companies pay top dollar for a snapshot of their security posture that starts degrading the moment it’s delivered.

What We’re Building

That’s why Veria exists. We built software that uses AI to run offensive security testing continuously, not just during a short pentest window.

It does more than surface potential issues from static checks. It explores the application, tests exploitability, and connects related weaknesses into full attack paths.

During one engagement, our AI found six different ways to take over any user’s account on a popular web application. It did this autonomously, then suggested the fixes to patch every single one.

This wasn’t a contrived demo. This was a production application with a real security team behind it.

So far, our AI has found high-severity vulnerabilities in every company we’ve worked with.

How It Works

We took the workflow our team uses in manual engagements and automated the repeatable parts.

The platform maps attack surface, identifies interesting areas, formulates hypotheses about potential weaknesses, and tests them systematically. When it finds something, it doesn’t just flag it. It tries to escalate, chain findings, and demonstrate real impact.

The key difference is that it runs continuously and can test many hypotheses in parallel. It covers breadth that human pentesters often have to skip and goes deep where it matters.

When it finds vulnerabilities, it provides detailed reproduction steps and recommended fixes - the same deliverables you’d expect from a top-tier pentest firm, generated continuously rather than once a quarter.

Who This Is For

We’re bringing this to teams at every stage.

For startups that don’t have a dedicated security team, Veria provides offensive security testing that would otherwise be out of reach. You shouldn’t have to be a Fortune 500 company to know whether your application is secure.

For larger companies with mature security programs, Veria works alongside your internal team. Annual pentests still matter, but they leave long gaps. We continuously test the areas those engagements can’t fully cover in two weeks and retest as your product changes.

Security shouldn’t depend on whether you can afford a six-figure retainer.

Our Investors

We’re grateful to Y Combinator, Paul Graham, Gokul Rajaram, and Matias Woloski (co-founder of Auth0) for backing us - along with MA 7 Ventures, Seaplane Ventures, Amino Capital, Karman Ventures, Lombard Street Ventures, Liquid 2 Ventures, Schema VC, Hypersphere Ventures, BLAST, Unpopular Ventures, Metsu Capital, Antigravity Capital, Rock Yard Ventures, Eight Capital, BBQ Capital, Kevin Moore, Aarthi Ramamurthy, and the Hyperplane founders (now at Nubank).

What’s Next

We’re using this funding to keep building. We’re a small, elite team and intend to stay that way.

If you’re one of the best offensive security engineers in the world and want to work on this problem, reach out.

If you want to know what we’d find in your application: book a call!