Maze launched publicly in June 2025 to address a crisis in vulnerability management: the volume of published vulnerabilities is exploding, with tens of thousands disclosed each year, while the window between disclosure and active exploitation has collapsed to just days. Security teams are buried under scanner output they cannot triage fast enough, and most of that output turns out to be noise once examined in context. Maze's founders argue that rule-based scanning simply cannot keep up, and that the answer is AI agents that reason about risk rather than match static patterns.
The company was founded in 2024 by Harry Wetherald (CEO), Adrian Jozwik (CPO), and Santiago Castineira (CTO), who previously led product, design, and engineering teams at Tessian, Elastic, and Amazon. Maze deploys autonomous AI agents that operate more like human analysts: for each detected vulnerability, the agents investigate whether it is actually exploitable within the specific cloud environment, factoring in configuration, exposure, and reachability. Maze reports that around 90% of findings are false positives when investigated in context, so cutting that noise lets teams focus on the small set of issues that genuinely matter.
Beyond investigation and prioritization, Maze automates remediation. The platform can offer one-click fixes and intelligent actions such as automatically opening pull requests, deploying web application firewall policies, or generating engineering tickets, reducing the manual burden on overstretched security teams and shrinking the time vulnerabilities stay open.
Maze raised a $25 million Series A led by Theory Ventures, with participation from existing backers Cherry Ventures and Tapestry VC, bringing total funding to $31 million following an earlier $6 million seed led by Cherry Ventures. By combining agentic investigation, contextual prioritization, and automated remediation, Maze positions itself as a modern alternative to traditional vulnerability management, aimed at cloud-first organizations that need to resolve real risk faster than attackers can exploit it.