XBOW Investment Reflects Growing Enterprise Shift Toward Continuous Security Validation

• XBOW was founded in 2024 and has scaled to more than 100 enterprise customers worldwide in under two years
• The company is positioned as a leader in autonomous security tools built specifically for the AI threat era
• Liberty Global itself is a XBOW customer, reflecting a strategic rather than purely financial investment thesis
• The XBOW founding team includes pioneers of the AI coding revolution with GitHub Copilot, bringing direct expertise in how AI-generated software is built and where it is vulnerable
• Liberty Global Tech Ventures operates within Liberty Growth, focused on category-defining AI and technology businesses in large and fast-growing markets
• Cybersecurity is identified by Liberty Global as one of the most critical and fastest-growing areas of enterprise software investment

Why AI Offensive Security Investment Is Accelerating Now

This investment does not exist in isolation. It reflects a structural shift in how the enterprise security market is thinking about vulnerability identification and remediation and why the traditional approach is no longer viable.

Vulnerability management has evolved to a completely different form. AI solutions are developing software faster and more efficiently than any human-led security review process ever could. However, cybercriminals have also leveraged the power of artificial intelligence to discover and exploit vulnerabilities at rates faster than defensive scans and penetration tests are able to detect them. There is less time between when a vulnerability first occurs and when an attacker discovers it. But there isn’t enough time between when a vulnerability is discovered and when it is addressed.

Three forces are converging to make autonomous offensive security a near-term enterprise buying priority:

1. AI has changed the speed at which vulnerabilities are weaponized. As threat actors leverage AI to perform scanning, exploit vulnerabilities, and locate weaknesses, the penetration test process, performed every quarter, becomes a risk factor rather than an assurance one.
2. AI-generated code is introducing vulnerabilities at a scale human review cannot catch. The same AI coding tools accelerating software development are generating code with embedded vulnerabilities that traditional SAST and SCA tools were not designed to detect at this volume. Autonomous offensive security tools that can find and fix these vulnerabilities before they reach production represent a fundamental capability upgrade.
3. Institutional capital is validating the category at the highest level. When Sequoia Capital, Northzone, DFJ Growth, and Liberty Global are all backing the same autonomous offensive security platform and one of the investors is also a customer, this is not speculative category creation. It is institutional confirmation that enterprise demand is real, growing, and ready to convert into procurement decisions.

Voice From the Field: AI Offensive Security as the Only Viable Defense

“In an era where AI allows threat actors to weaponize vulnerabilities at machine speed, the only viable defense is a proactive offense. There isn’t a better team to tackle this challenge than the one who pioneered the AI coding revolution with GitHub Copilot, bringing unparalleled expertise in both how software is built and how it is secured.” Bobbie Maltiel, Partner, Liberty Global Tech Ventures

“Liberty Global has deep expertise in scaling technology businesses globally, and their commercial network will be vital as we enter our next phase of growth. With partners like them operating alongside us on the front lines, we’re accelerating our mission to stay ahead of AI attacks to defend the world together.” Oege de Moor, Founder and CEO, XBOW

These are not statements about future market positioning. They are direct articulations of why the traditional vulnerability management model is structurally mismatched with the current threat environment and why autonomous offensive security is the category being built to replace it.

AI Offensive Security Impact on Enterprise Buyers

How the XBOW Investment Signals Three Immediate Pressure Points for Security and Engineering Leaders:

1. Vulnerability Management Risk Exposure: What Is Actually at Stake

Every enterprise running AI coding agents, third-party libraries, and cloud-native software pipelines is accumulating vulnerabilities faster than traditional detection and remediation cycles can close them. The risk is not just that vulnerabilities exist. It is that threat actors using AI can find and exploit them before security teams running conventional penetration testing schedules have any visibility into the exposure. Autonomous offensive security tools that operate continuously are no longer a premium capability. They are the baseline response to a threat environment that does not pause between scheduled assessments.

2. Offensive Security Operational Pressure: What Security Teams Are Being Asked to Change

Security teams that have built their assurance programs around periodic penetration tests, manual vulnerability triage, and reactive remediation workflows are being asked to defend an attack surface that changes continuously and is attacked at machine speed. The operational pressure to shift from reactive to proactive offensive security, finding vulnerabilities before attackers do at scale and automatically, is coming simultaneously from threat intelligence, from engineering teams shipping AI-generated code, and from boards that are beginning to ask pointed questions about vulnerability management program maturity.

3. Offensive Security Budget Implication: Where Enterprise Vulnerability Management Spending Is Shifting

Investment at this level from this group of institutional backers into a company with this growth trajectory signals a category transition that enterprise procurement teams should be tracking now. Autonomous offensive security tools are moving from early adopter deployments into mainstream enterprise evaluation cycles. Security leaders who build this category into their near-term budget planning will be ahead of the curve. Those who wait for the category to fully mature before evaluating will find themselves in reactive procurement mode against a threat environment that has already moved.

AI Offensive Security Demand Signal: Where Enterprise Buying Is Accelerating

This Investment Is a Direct Trigger for Accelerated Procurement Across These Offensive Security Categories:

What Enterprise Security Leaders Should Do About AI Offensive Security Now

Offensive Security Actions in the Next 30 Days:

• Assess the current frequency and scope of your penetration testing program against the speed at which your codebase is changing, specifically the volume of AI-generated code entering production without offensive security validation
• Identify whether your vulnerability management program has real-time or continuous detection capability or whether it operates on cycles that create exploitable windows between assessments
• Brief your board and risk committee on the gap between AI-speed vulnerability weaponization and your current mean time to detect and remediate

Offensive Security Adjustments Between 30 and 60 Days:

• Evaluate autonomous offensive security platforms against your current penetration testing program, specifically assessing whether continuous automated testing can close the coverage gap between scheduled assessments
• Review your AI coding pipeline against your vulnerability detection capability and map where AI-generated code enters production without offensive security validation
• Engage your threat intelligence provider on current attacker tooling, specifically AI-driven vulnerability scanning and exploitation capability, to calibrate your defensive timeline requirements

Long-Term AI Offensive Security Investment Between 60 and 90 Days:

• Build autonomous offensive security capability into your security program architecture as a continuous function rather than a periodic assessment
• Establish formal requirements for AI-native vulnerability management that reflect the speed and scale of your current development environment
• Align offensive security investment with engineering leadership to ensure that vulnerability identification and remediation is integrated into the development pipeline rather than sitting outside it as a separate assurance function

CyberTech Intelligence POV: AI Offensive Security Is the Category That Defines the Next Procurement Cycle

At CyberTech Intelligence, this investment reflects a market inflection point that enterprise security leaders need to recognize and act on now:

The vulnerability management model built for human-speed development and human-speed attacks is structurally obsolete in an AI-driven threat environment. Autonomous offensive security is not the next generation of this category. It is the replacement.

The institutional capital backing XBOW from investors who have seen category transitions at scale is not speculative. It is a forward-looking read on enterprise demand that is already materializing. Organizations running traditional penetration testing programs against AI-generated codebases in an environment where threat actors are weaponizing vulnerabilities at machine speed are operating with a structural assurance gap that boards, regulators, and risk committees are beginning to identify and question.

Demand is not created. It is triggered by risk, urgency, and market events.

The convergence of AI-speed attacks, AI-generated code volume, and institutional validation of autonomous offensive security as the category response is one of the clearest 30 to 90 day procurement signals in the enterprise security market right now. The organizations and vendors that move on this signal now will be ahead of the category curve. Those that treat this as a funding announcement to monitor will be evaluating the category reactively after the threat environment has already made the case for them.

Who Should Care About AI Offensive Security Investment Signals