Hex Security builds AI agents that perform continuous, agentic offensive security against applications and infrastructure. Rather than relying on annual penetration tests, its agents operate 24/7 to identify and verify critical vulnerabilities before attackers can exploit them. The company says it has prevented an estimated $3B+ in potential damages through vulnerability discovery across dozens of companies. Hex Security is part of Y Combinator's Winter 2026 batch.
Hex Security
ActiveAgentic Offensive Security at Scale
Total raised
$500K
1 round
Stage
Seed
Jan 2026
Team
1-10
since 2026
Pricing
—
Founded
2026
San Francisco, United States
Agent-ready
—
AI agents for continuous, agentic offensive security
24/7 operation rather than periodic testing
Identification of critical vulnerabilities
Verification of vulnerabilities to reduce false positives
Coverage of both applications and infrastructure
Continuous discovery ahead of attacker exploitation
Scalable testing across many systems
12/100
Early
MCP server
Public API
Webhooks
OAuth 2.0
SDKs
No public agent surfaces detected yet.
Jan 2026 Seed $500K ● Y Combinator
Capital network
$500K raised ·1 backer·10 network links
- Backers1
- Shared portfoliocompanies these backers also fund
- Extended networkfunds that co-invest alongside them
Upwind
Runtime-first cloud security platform
AI for Cyber Defense
Noma Security
End-to-end security for agentic AI
AI InfrastructureAI for Cyber Defense
XBOW
Autonomous offensive security AI
AI for Cyber Defense
Snyk
The AI Security Fabric for securing code, models, and agents in the age of AI-driven development.
AI Developer ToolsAI for Cyber Defense
WitnessAI
AI safety and governance platform for the enterprise
AI SafetyAI Governance
Vega Security
AI-native security analytics mesh
AI for Cyber Defense
- How does Hex Security differ from a traditional pentest?
- Instead of relying on annual penetration tests, its AI agents perform continuous, agentic offensive security around the clock to find and verify vulnerabilities.
- What does 'agentic offensive security' mean?
- It means AI agents autonomously probe applications and infrastructure to identify and verify critical vulnerabilities, operating continuously rather than as a one-time engagement.
- Does it verify the vulnerabilities it finds?
- Yes. The agents identify and verify critical vulnerabilities, which helps reduce false positives compared with scanning alone.
- What impact does the company claim?
- Hex Security says it has prevented an estimated $3B+ in potential damages through vulnerability discovery across dozens of companies. This is a company estimate.
Discussion
Sign in to join the discussion.
Sign inExplore more around Hex Security
Contextual paths to related AI startups, deals and rankings.