Vulnerability management as we know it is on life support. It’s not that issues have always outpaced fixes, it’s not knowing the few critical things that need fixing now and the arduous remediation process. The math around vulnerabilities is reaching a breaking point. With the public announcements of Mythos and GPT-5.5, the landscape of AI has once again changed significantly. Agents, and the powerful models that power them, are now increasing the top of the funnel. Security practitioners want to focus on real-world exploitability. XBOW sits at the center of this transition, replacing manual pentesting with AI-native continuous offensive security.
S Ventures invested in XBOW because it represents a category-defining change in how organizations secure modern applications. Today’s security stack struggles to keep pace with software velocity. Release cycles are accelerating, AI is lowering the cost of building – and attacking – applications, and traditional pentesting remains slow, expensive, and episodic. XBOW rethinks this model.
At its core, XBOW deploys autonomous AI agents that test applications across environments. These agents don’t just scan, they behave like real attackers, validating true exploitability with near-zero false positives and producing fully auditable logs of every action.
This matters because most security tools optimize for detection, not validation. XBOW instead answers the only question that ultimately matters: can this actually be exploited?
What makes this possible is a deeply technical system built for scale. XBOW can orchestrate thousands of agents in parallel, running tens of thousands of simultaneous tests across environments. These agents coordinate, specialize, and continuously refine their strategies – avoiding the chaos that typically breaks multi-agent systems at scale.
Critically, the platform solves long-standing blockers in automated pentesting. It handles complex authentication flows (OAuth, OTP, session state), detects business logic vulnerabilities that historically required human intuition, and maintains a complete audit trail for every action taken. And it does all this without source code, architecture diagrams, or other documentation about the environment, simulating a real attacker.
This technical advantage is translating into real traction. XBOW is trusted at some of the world’s largest and critical organizations. These customers aren’t experimenting – they’re replacing or augmenting traditional pentesting with a continuous model that scales with their development velocity.
SentinelOne views offensive security as a critical input to defense. We envision a world where both solutions work synergistically, creating a virtuous cycle: SentinelOne provides the attacker agent rich endpoint telemetry, detection logic, and environmental context – enabling more efficient, targeted, and higher-fidelity testing. In return, XBOW generates validated, real-world exploit paths that SentinelOne can immediately use to harden detections and block confirmed attack techniques. The result? Every successful attack directly strengthens our defense coverage.
SentinelOne’s own AI-Powered Red Team has leveraged XBOW to significantly increase the frequency and scale of testing, while uncovering novel, high-impact vulnerabilities that traditional human-led engagements often miss.
We believe XBOW is early but clearly leading. While competitors and model providers are exploring adjacent areas like code scanning, XBOW operates at a fundamentally harder layer: orchestrating real-world attacks against live systems, at scale, with provable outcomes.
In a world where software is built (and attacked) faster than ever, security must become continuous, automated, and validated. XBOW is one of the first companies to make that vision real.
S Ventures is excited to join DFJ Growth, Northzone, Sequoia, NFDG, Altimeter, and others as part of the company’s Series C announced March 2026.