DryRun Security, an AI-based company delivering application security (AppSec) for development and security teams, announced its $8.7 million seed funding round from lead investors LiveOak Ventures and Work-Bench and participation from Cannage Capital.
The company also introduced Natural Language Code Policies (NLCP), which frees AppSec teams from the painstaking work of building and maintaining scripted policy rules. And by enabling them to define their security policy intuitively and domain-focused, NLCP cuts the overhead of custom rule writing and helps teams get coverage across all of their code bases without worrying about the language or framework.
Every company is now managing more code than before, and AppSec professionals are challenged to identify the needle in the haystack of code changes that deserve further review. And security issues backlogs are growing while developers fumble through confusing results from code scanning tools that can’t support new technologies fast enough. All of this is setting up a system where developers often bypass or ignore security reviews, and the security team is left to retrofit old tools by writing new rules that aren’t easy to maintain and result in growing technical debt.
DryRun Security goes beyond AI and LLM’s early automation capabilities to build what it calls Contextual Security Analysis (CSA). And this approach both identifies security risks and integrates mitigation into developers’ workflows. CSA layers static context, changes context and application context to make contextually aware assertions in near real-time, and is ideal for distributed modern applications and teams.
This fits naturally in an organization practicing DevOps, prioritizing reducing security tool pressure on developers and making it easy for developers to reason about security.
The DryRun Security CSA approach helps AppSec professionals execute GitHub native security analysis in seconds to gain awareness across both development and security teams. And the company is also introducing its Natural Language Code Policies Feature Set, a groundbreaking tool that enables development teams to define and enforce security policies using plain, conversational language. This helps teams understand which code changes are the riskiest, a task often so overwhelming it’s skipped altogether.
The Natural Language Code Policies transform the traditionally complex process of creating code policies and integrate seamlessly into developers’ workflows, allowing for real-time security policy enforcement and compliance monitoring. And this reduces vulnerabilities earlier in the software development lifecycle, saving teams time and resources while delivering more secure applications.
DryRun Security was founded in 2023 by two application security luminaries, James Wickett and Ken Johnson. Having worked in the AppSec space for years, the company founders shared a vision for empowering development teams to build secure software without disrupting their workflows. And with this new funding and product launch, the company is prepared to change how teams approach application security. DryRun Security will also use the investment to increase its engineering hires and grow its Go To Market (GTM) function.
KEY QUOTES:
“DryRun Security is a true leap forward in application security, enabling application security teams to identify code risk in a way that previously wasn’t possible. The current generation of pattern-matching tools strictly looks at the literal syntax of code. DryRun Security is built from the ground up to leverage the latest in AI technology. This not only eliminates the need to write complicated pattern-matching rules but also goes beyond the literal syntax to understand risk based on code context and behavior. For the first time, DryRun Security enables the left hand of application security to know the security implications from what the right hand of development is doing, even if there’s not technically an insecure line of code.”
– Creighton Hicks, Partner at LiveOak Ventures
“We know how frustrating it is when risky code slips in unnoticed—especially for AppSec teams who want to stay on top of every critical change. That’s why we built DryRun to find the ‘needle in the haystack’ of code changes, so teams can spot unknown risks before they start—without slowing developers down. Our early customers are already seeing tangible, day-one improvements in their security posture, validating that modern, AI-native application security tools can finally keep up with the code velocity of today’s software development teams.”
– James Wickett, co-founder and CEO of DryRun Security
“With DryRun Security, we’ve transformed how we manage application security across our global development team. The GitHub integration ensures that our developers get precise and instant feedback directly in their workflow, enabling them to fix security issues without skipping a beat. The tool has not only helped us catch risks like hardcoded credentials early but has also fostered a culture of security among our developers. DryRun Security is an indispensable part of our AppSec toolkit.”
– Gary Gonzalez, CTO at PlanetArt
“DryRun Security is a step function in application security for the enterprise. They enable organizations to weave security seamlessly into the SDLC process with modern AI-driven solutions, and we’re excited to support their vision of transforming how enterprises address security at scale.”
– Kelley Mak, General Partner at Work-Bench
