$120 million raised in less than three months. That’s Depthfirst’s blistering pace since their Series A in mid-January, capping off with an $80 million Series B led by Meritech Capital.
San Francisco’s newest AI security contender—founded in 2024 by ex-DeepMind, Databricks, and Faire engineers—isn’t messing around. They’re not building another generic LLM. No, Depthfirst is laser-focused on software security’s soft underbelly: vulnerabilities in infrastructure layers, starting with cryptocurrency smart contracts.
Here’s the hook. Alongside the funding news, they dropped Dfs-mini1, their first homegrown security model. Trained on open-source foundations but hardened in security-specific environments, it generalizes beyond just smart contracts. That’s the claim, anyway.
The Model That Thinks Like a Hacker
Dfs-mini1 isn’t some off-the-shelf fine-tune. Depthfirst built it for workflows that actually matter in security ops—detecting exploits, auditing code, predicting attack vectors. Smart contracts? They’re a nightmare: immutable once deployed, riddled with reentrancy bugs, overflow errors. Billions lost in hacks like Ronin or Poly Network prove it.
But why start here? Crypto’s a pressure cooker—high stakes, constant audits, public codebases. Perfect training ground for a model that needs to spot subtle logic flaws. And if it works, the architecture transfers: think supply chain attacks, kernel exploits, cloud configs.
Co-founder and CEO Qasim Mithani nailed it:
“To win in security, companies will need to deploy security-specific models in products optimized for real security workflows. To build these models, you need specialized data, domain-specific evaluation, and deep expertise in post-training. Our team is one of the few in security able to do that.”
Spot on. Generalist models like GPT-4 hallucinate vulnerabilities or miss edge cases. Depthfirst’s bet: narrow, deep intelligence beats broad shallows.
Why the Funding Frenzy?
Meritech led, with Forerunner Ventures, The House Fund, and holdovers like Accel piling in. Investors smell blood—software supply chain attacks up 742% last year, per Sonatype. But Depthfirst’s speed? Founded this year, $120M already. That’s not normal.
Look closer. Their founders’ pedigrees scream credibility: DeepMind for AI scaling, Databricks for data infra, Faire for e-comm ops. They’re not theorizing; they’ve shipped at hyperscalers. The cash? It’ll balloon the AI research team, train models for new domains (web apps? IoT firmware?), and chase enterprise deals.
Yet—here’s my take, the one you won’t find in the press release—this reeks of a 2010s pivot. Remember when Palantir went from sketchy CIA contracts to enterprise darling? Depthfirst’s crypto entry is the trojan horse. Public ledgers mean verifiable datasets for training, no NDAs blocking progress. Once proven, they flip to Fortune 500, securing AWS lambdas or SAP modules. Bold prediction: by 2026, Dfs-mini1 derivatives will audit 20% of DeFi protocols.
Is Dfs-mini1 Really Generalizable?
The big question readers are Googling. Depthfirst says yes—the training transfers across domains. How? Specialized data pipelines: synthetic exploits, real-world breach corpora, red-team simulations. Post-training? Reinforcement learning from adversarial feedback, not just RLHF fluff.
Skeptical? Me too, a bit. Open-source base helps reproducibility, but security eval is brutal. Benchmarks like SWE-bench exist for code, but vulns? No standard yet. If Dfs-mini1 crushes Juliet test suite or finds zero-days in live contracts, game over for manual auditors.
Short para for punch: It better.
Deeper dive—security AI’s architecture shift. We’re moving from signature-based tools (think antivirus 1.0) to probabilistic reasoning engines. Depthfirst embodies that: models that don’t just flag, but explain why code’s risky, with fix suggestions. Why now? GPU abundance + breach fatigue. Enterprises can’t hire enough pentesters; AI fills the gap.
But hype alert. Crypto focus feels narrow—smart contracts are 0.1% of attack surface. Still, nailing it builds moat.
Why Does This Matter for Enterprises?
Developers, SecOps teams: pay attention. Depthfirst isn’t selling a chat interface. It’s embedding models into CI/CD pipelines, GitHub Copilots on steroids but for defense. Imagine PRs auto-rejected if vulns detected pre-merge.
Historical parallel—and my unique angle—no one’s touching: this mirrors the RDBMS boom in the ’80s. Oracle didn’t start with banks; they hacked together for labs, then scaled. Depthfirst’s smart contract play? Same. Crypto’s chaos forges tools that tame enterprise sprawl.
Funds mean hires: 50+ researchers by year-end? They’ll tackle Rust supply chains, Kubernetes misconfigs. Competition? Allure Security ($17M for brand protection), Raven ($20M stealth)—but none with this founder firepower or model-first approach.
One-sentence warning: If Dfs-mini1 flops on false positives, trust evaporates fast.
Scaling adoption’s the rub. Enterprises move slow—compliance hurdles, SOC2 audits. Depthfirst’s play: open-source the base model, monetize the platform. Smart.
**
🧬 Related Insights
- Read more: Infiniti Stealer: macOS’s Sneaky New Thief via Fake CAPTCHA and Terminal Tricks
- Read more: 100+ Tax Scams Flood Inboxes in Early 2026 – Criminals Get Sneakier
Frequently Asked Questions**
What is Depthfirst’s Dfs-mini1 model?
Dfs-mini1 is Depthfirst’s first security-specific AI model, trained for smart contract auditing but designed to generalize to other software security domains like web apps and infrastructure.
How much has Depthfirst raised total?
$120 million, with $80 million in Series B announced recently, following Series A in January 2024.
Will Depthfirst’s AI replace security engineers?
Not fully—models like Dfs-mini1 augment workflows, handling scale, but humans needed for context, ethics, zero-days.
