Company news

Australian-founded cybersecurity startup “Nullify” taps U.S investors for $5.2M seed round to augment security teams with AI as cyber arms race heats up

See the press released published in Startup Daily and SmartCompany.

Nullify, an Australian-founded cybersecurity startup, has returned from San Francisco to announce the December close of a A$5.2M (USD$3.41M) seed funding round co-led by top U.S venture funds Two Sigma Ventures and Root Ventures as they eye a U.S launch in June.

Nullify is building AI agents capable of performing cybersecurity work autonomously, reasoning and making decisions like a real security engineer so organisations can build more secure software without growing the headcount of their security team.

Today, software engineers outnumber security engineers in enterprises 100 to 1, and despite increased investment in cyber defences, the market remains talent-constrained with an estimated workforce gap of 3.4 million. As this disparity continues to increase with the cyber skills shortage, enterprise security teams struggle to keep up with the speed that software is being delivered, at a time when the development of secure software becomes a priority of global security significance.

A recent cyber workforce study by ISC2 further highlighted the acute challenges created in the cybersecurity industry due to this talent shortfall, with 39% of respondents citing delays in patching critical systems as a significant issue that could have been mitigated with sufficient cybersecurity staff.

”Security teams are constantly having to do more with less resources as the threat landscape evolves at a rapid pace. By augmenting security engineers and doing tasks that previously had to be done by humans, Nullify can help blue teams to evolve their defences and fix weaknesses in their software development lifecycle at a rate faster than attackers are able to exploit,”

said Nullify Co-Founder & CEO Shan Kulkarni,

“Our vision is to go beyond a“copilot” model, and train Nullify to operate as an instantiated human resource unit of an organisation’s security team, in the way they may get staff augmentation from an out source or consulting firm. Nullify won’t just scan and create security alerts, it will correlate and enrich disconnected security data, planning and executing these decisions autonomously as a real security team would. Processes like detecting, prioritising, fixing and explaining security vulnerabilities in software have long been manual and inefficient, today we can adapt self-consistent agentic AI architectures that can contextualise complex security data to automate these processes.”

The funding comes as the global national security agenda continues to unfold heavily around cybersecurity, with an "arms race" intensifying, fueled by advancements in artificial intelligence. Both sides, attackers (red teams) and defenders (blue teams), are rapidly adopting AI to augment their capabilities. Strategic studies and implementation roadmaps by agencies like the NSA and the CIA underscore the critical role of adopting AI in cyber defence and intelligence operations, highlighting its use in malware creation, payload generation, and automated discovery by attackers. The wider cybersecurity community currently acknowledges a short-term advantage for attackers in this race, with the ability to comprehensively understand and exploit vulnerabilities hinging on who can best maintain a holistic view of their target's landscape—whether for offensive gains or defensive resilience.By using AI to understand the complexity of modern software environments, Nullify aims to give defenders the context they need to gain an edge over attackers in this arms race.

A recent study by Morgan Stanley Research on the cybersecurity market estimated the potential Total Addressable Market (TAM) opportunity for generative AI-enabled cybersecurity to be >USD$30B. The global cyber personnel spend was estimated at ~374Bin 2022, as insights from interviews with over 20 senior cybersecurity executives reveal that20% to 40% of security analysts' workload consists of automatable tasks, indicating a significant automation opportunity that Nullify is positioned to capture.

The round also sees participation from Silicon Valley powerhouse Sarah Guo’s Conviction Partners, with Nullify taking part in her fund’s inaugural accelerator for AI start-ups “Embed”last year in San Francisco. Prominent angel investors such as Ely Kahn (VP of Product at SentinelOne, former Deputy Chief of Staff at U.S. Dept Homeland Security), Pascal Boilatt (former CIO at Commonwealth Bank and Deutsche Bank), and Sajeeb Lohani (Technical Information Security Officer at Bugcrowd) also joined the funding round, complemented by follow-on investment from Australian pre-seed investor Black Nova VC.

Nullify is slated for a U.S launch in New York City during NY Tech Week in June.

The Nullify team at their office in Sydney.

Get started

Rollout Nullify's AI security engineers in minutes, not months.