RunSybil Raises $40M in Series A to Expand Continuous Offensive Security Platform

In security, the lights are still on, dashboards are green, and everyone in the room is just confident enough to be dangerous. That quiet right before something breaks is where RunSybil decided to live. Not after the breach. Not during the audit theater. Right there, inside the system, asking one simple question on repeat… what if the attacker never logs off?

RunSybil, out of San Francisco with roots stretching into New York, just pulled in $40M in Series A funding, led by Khosla Ventures with S32, Anthropic’s Anthology Fund, Menlo Ventures, Conviction, and Elad Gil in the mix. Then you glance at the angels and it reads like a security and infrastructure all star table. Nikesh Arora. Amit Agarwal. Jeff Dean. That is not a casual check write. That is conviction with teeth.

Ari Herbert-Voss, CEO and cofounder, is not new to the game. First security research hire at OpenAI, worked on GPT-3 and Codex, then walked away from the lab when it became obvious the economics of offense were about to change. Vlad Ionescu, CTO and cofounder, brings the other half of the equation. Mandiant, NCC Group, Meta red teams, the kind of background where you do not theorize about attacks, you simulate them until something gives. Together they built Sybil, an AI agent that does not wait for permission or a quarterly pentest window. It just keeps going.

And that is the part people should sit with. Sybil is not scanning code in a safe little sandbox. It is operating against live systems, chaining vulnerabilities, pushing past authentication edges, documenting what actually breaks. Not hypotheticals. Not “could be exploited.” Real paths to sensitive data, found the way a determined adversary would find them. Cursor, Turbopuffer, Notion, Baseten, Thinking Machines Lab, plus unnamed financial institutions and Fortune 500 companies are already seeing things their existing tools missed.

There is a business lesson sitting right under the surface. The team did not pitch fear. They demonstrated inevitability. If AI lowers the cost of attack, then defense has to scale at the same rate or faster. That framing does not just win capital, it aligns buyers, regulators, and operators around the same uncomfortable truth. You cannot secure modern software with yesterday’s cadence.

The $40M is fuel, sure. But more importantly, it is a signal that continuous offensive pressure is becoming table stakes. Not because it sounds good in a boardroom, but because the alternative is pretending the system is safe while nobody is actively trying to break it.

RunSybil is not selling peace of mind. They are selling a persistent headache for anything that should not be there. And in this market, that might be the most honest product strategy on the board.