reinventing code & API security with LLMs
Today we are excited to announce our seed investment in p0, a security company focused on eliminating data exploits by securing APIs as per standards adopted by best-in-class companies globally. Enterprise customers can think of p0 as a unified platform encompassing cataloging, access control and threat protection across all of the APIs within their systems. All of this with a no-config, one-click deployment across the enterprise. Our ultimate goal at p0 is to protect mission-critical data by making security testing inherent to the development process, thereby preempting exploits before they take place in production. P0 as a product would simply not exist without the advent of LLMs and our confidence in their mission is driven by the massive technology tailwind which enables an intelligent, contextual and noiseless intervention at the development stage allowing companies to bake in data security continuously in the systems they build.
Data Security and API testing are established, large but crowded markets. As per Gartner, API abuses are now the most frequent attack vector in enterprises with client inquiries related to API security rising 30% year-on-year. In fact, API security is the number one challenge for an enterprise’s API strategy. Typically, we have seen API security tooling operate in runtime environments as reconnaissance, for example Salt Security recently valued at $1.4B, or we have seen them adopt a DAST (dynamic application security testing) approach e.g. Stackhawk, Veracode etc. Both of these approaches have weaknesses since they cannot guarantee 100% coverage of your source code because they rely on an “outside to inside approach” whereby they gain insights into vulnerabilities by looking at production data or by attempting to hit the system’s entire surface area with tooling. The results can only be as good as the attacks that take place. Gaps will occur.
P0 attempts to better this by sitting along-side the developer as she builds her code-base out, analyzing the entire code-base for vulnerabilities and subsequently testing it with contextually generated payloads in an “inside to outside approach” — something which has been impossible till now without an LLM. The contextual coverage of the entire code-base powers p0’s intelligence and allows it to surface issues noiselessly. This is crucial. Developers hate noisy, static and rule-based output as it’s often useless.
With p0, if it raises an issue, you can be quite sure that it is, in fact, a p0
P0 is an investment which is strongly rooted in our ability to build and engage with a proprietary ecosystem of innovation and building. We have known the two founders, Prakash and Kunal, independently and closely over the years. Kunal is a second-time founder with Lightspeed. His previous business, Priority Vendor, was funded by us in 2016 and subsequently successfully acquired by Softbank-funded C2FO in 2019. Prakash has been someone we have kept a close eye on for many years. His exemplary educational background in computational sciences and math from Stanford along with his work experience at Splunk and Palantir made him one to watch. Our long relationship with Prakash and Kunal played a key role in our decision to lead the $6.5M seed investment into p0.
We feel p0 is uniquely placed in a technological paradigm shift. John Chambers, the erstwhile CEO of Cisco used to say, “There are two types of companies: those who have been hacked and those who don’t yet know they have been hacked”. P0 is tackling a TAM which is universal, with no legacy technology debt and the ability to build a solution which employs Gen-AI at its very core. Not as an enabler, but as the core engine itself.
We are off to a strong start with leading enterprises such as Domino’s in active usage and several younger venture-backed businesses in early-stages of adoption. You can give it a go at p0.inc.
Authors