Hex Security
Winter 2026 NewAgentic Offensive Security at Scale
Hex Security builds AI agents that run continuous penetration tests against your apps and infrastructure. Instead of a once-a-year penetration test, Hex Security's agents works 24/7 to find and verify critical vulnerabilities so you can prevent them before attackers.
AI Investor Summary
Hex Security is building AI agents to perform continuous penetration tests, offering a proactive approach to cybersecurity. Led by a technically elite team with experience at Google, Meta, and Stanford/Berkeley, they are targeting the massive B2B security market with a differentiated, agentic offensive security solution. While the product concept is strong and market timing is favorable, early traction data is needed to validate their go-to-market strategy.
Key Highlights
- ● Exceptional technical pedigree of the founding team from top tech companies and universities.
- ● Addresses a significant pain point in the security market with an innovative AI-driven approach.
- ● Strong market tailwinds for continuous and automated security solutions.
Risk Factors
- ● Lack of demonstrated early traction (revenue, users, growth).
- ● The competitive landscape in security is intense, and proving a distinct advantage for AI agents will be crucial.
- ● The complexity of building and maintaining highly effective AI agents for offensive security at scale.
Founders
Co-Founder, Hex Security. Previously, I was building robots that learned from each other by sharing skills on-chain, and researching World Models that give robots complete environmental understanding. Our robot became the first in history to ring the NASDAQ bell. I studied Math at University of Waterloo.
Co-Founder, Hex Security. Previously, I built software at companies like PlayAI, AWS, and Capital One. On the side, I built consumer apps that reached millions of downloads. But I've always loved breaking things just as much as building them. In college, I reverse engineered every major ATS platform and built Talently, a tool that sent over 200K job applications. Now we build AI that hacks before attackers do.
Co-Founder @ Hex Security At Codegen, I built asynchronous coding agents that improved the workflow of developers, and even got non-developers writing production software. At AMD, I built infrastructure for MI300 GPU firmware testing. I competed internationally in piano, winning multiple competitions and performing with orchestras like the Qatar Philharmonic Orchestra.
Score Breakdown
Strong technical depth and domain expertise evident from previous roles at Google, Meta, Databricks, and AWS. Ahmad Khan's research in AI/robotics and Huzaifa Ahmad's experience with large-scale consumer apps and security engineering, alongside Prama Yudhistira's work on coding agents and infrastructure, create a well-rounded founding team. Stanford and Berkeley CS degrees are a significant plus. The team has a clear founder-market fit in the security space. [Boost +1: Founder from Google; Founder from Google; Founder from Google]
The B2B security market, particularly around continuous offensive security and AI-driven solutions, is a massive and growing TAM. The shift from periodic penetration tests to continuous monitoring is a strong market timing tailwind. While competitive, the agentic approach offers a potential differentiator. Regulatory tailwinds around data privacy and cybersecurity are favorable. [Boost +0.5: Hot sector: security]
The concept of AI agents performing continuous penetration tests is technically differentiated and addresses a clear pain point in the market. The potential for defensibility lies in the sophistication of the AI agents and the data they generate. UX quality is not yet fully assessed but the mention of 'Threads UX improvements' suggests attention to this. Platform potential is high if the agents can be integrated into broader security workflows.
Traction appears to be very early stage. While there is positive press coverage and mentions on investor tracking sites, there's no concrete data on revenue, user acquisition, or growth rates. Partnerships are not mentioned. This score reflects the lack of quantifiable early traction. [Boost +2: Tier-1 VC: sequoia; Tier-1 VC: accel]
News
Hex Security has launched autonomous AI agents designed to continuously find vulnerabilities in web apps, APIs, and infrastructure, addressing the limitations of traditional annual penetration tests.
Hex Security raised a total of $500K in a Seed round on January 1, 2026, with Y Combinator as the sole investor.
Hex Security, founded in 2026 and based in San Francisco, has raised $500K in convertible note funding from investors including Y Combinator and Pioneer Fund.
Hex Technologies released updates including project context for their AI agent, Python capabilities in Threads, and improved data discovery with subagents.
This article deconstructs and attempts to recreate Hex Security's platform, which uses AI agents for continuous penetration testing.
Hex Security provides AI agents for continuous penetration testing, aiming to identify and verify critical vulnerabilities before attackers can exploit them.
Hex Security's main website showcases their AI-powered autonomous penetration testing solution designed to find vulnerabilities continuously.
Hex Security is a Y Combinator Winter 2026 startup that builds AI agents to perform continuous penetration tests on applications and infrastructure.
Hex Security announced its launch, highlighting AI agents that automate penetration testing to find and chain vulnerabilities, aiming to prevent breaches at the speed of development.
This article deconstructs Hex Security's offering, which uses AI agents for continuous penetration testing, and provides a guide to replicate their system.
Hex Security launched a Command Line Interface (CLI) tool to allow data teams and agents to interact with Hex's platform programmatically from the terminal.
Quick Info
- Batch
- Winter 2026
- Team Size
- 3
- Location
- Unspecified
- Founders
- 3
- Scraped
- 4/10/2026