Code security startup raises $6 million backed by 8VC and top tech leaders
Artificial intelligence is writing code at a pace few could have imagined just a few years ago. Microsoft CEO Satya Nadella said last year that up to 30% of the company’s code is already written by AI. Boris Cherny, founder and leader of Claude Code, went even further by stating that virtually 100% of the project’s code is AI-generated, and that he himself hadn’t written a single line of code in two months.
Today, major companies already have a significant share of their code produced by AI tools, and the numbers keep climbing. Tal Hoffman, CEO of Enclave, estimates that up to 60% of all startup code is already written by artificial intelligence. And his forecast goes further: within three years, that number should surpass 90%. Sounds incredible, right? But there’s a catch nobody likes to face head-on: along with all that speed come hidden vulnerabilities in the code, often invisible to traditional security tools.
That’s exactly where startup Enclave comes in. The company just emerged from stealth mode with a $6 million seed round, valued at $33 million, led by venture capital firm 8VC. The goal is clear: find and fix the most dangerous flaws hiding inside AI-generated code. And with investors like Patrick Collison, co-founder of Stripe, Marc Benioff, CEO of Salesforce, Aaron Levie, CEO of Box, and Jeremy Stoppelman, CEO of Yelp, on board, it’s safe to say the market is taking this very seriously. 🚀
Who’s behind Enclave
Enclave was founded by three professionals with deep experience in application security: CEO Tal Hoffman, CTO Dvir Segev, and CPO Yanir Tsarimi. Hoffman and Tsarimi met while serving in Israel’s Unit 8200, a military intelligence unit widely recognized as a breeding ground for cybersecurity and artificial intelligence talent. Unit 8200 has spawned a string of prominent tech companies, including names like Check Point, Palo Alto Networks, CyberArk, and Wiz.
Hoffman, who started programming at age 12, brings a very practical perspective on the problem Enclave wants to solve. He shared that on a recent workday, the team built a feature that would normally take two weeks, and AI completed the task in just two hours. That impressive speed is exactly what makes the security problem so urgent: code is being produced far faster than it can be safely reviewed.
The problem nobody wants to admit in the world of AI-powered development
When you ask an artificial intelligence tool to generate code, it delivers something functional most of the time. But functional doesn’t mean secure. The language model producing that code was trained on billions of lines of text from the internet, including legacy code, outdated practices, and patterns that have already been flagged as problematic. The result is that AI-generated code can carry structural vulnerabilities that slip through superficial reviews and only surface when someone with bad intentions decides to go looking for them.
As Hoffman put it bluntly: current solutions are optimizing for quantity, not quality. That sentence sums up the dilemma pretty well. AI code generation tools prioritize speed and productivity, but without a careful eye on what can go wrong in the process.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
The picture gets even more concerning when you consider the scale of the problem. Companies of all sizes have publicly admitted that a huge portion of their current codebase was generated or heavily assisted by AI. And with this mass adoption, traditional security teams simply can’t keep up. Static code analysis tools, which worked great for decades, weren’t designed to handle the unique patterns that emerge from code produced by generative models. It’s like trying to use an old map to navigate a city that’s been completely rebuilt.
And there’s another detail that complicates everything: AI-generated code tends to be harder to audit than human-written code. It follows statistical patterns, not logical ones, which means it can look perfectly coherent to a human reviewer and still hide deep flaws in its structure. The vulnerabilities aren’t on the surface. They lurk in the corners, in the interactions between components, in the dependencies that no conventional tool tracks deeply enough. That’s the specific gap Enclave wants to close.
8VC’s vision and the connection to the Devin agent
8VC‘s bet on Enclave didn’t happen by chance. The investment firm had already backed Cognition, the company behind Devin, one of the most talked-about coding agents on the market. That front-row seat gave 8VC a firsthand look at the breakneck pace at which AI-generated software is spreading across the corporate world.
Vivek Gopalan of 8VC explained in an interview that, as a result of their investment in Cognition, the firm closely tracked the explosive growth of AI code generation both across their portfolio companies and at large corporations. The takeaway was straightforward: last-generation security tools simply aren’t going to cut it. The volume, speed, and nature of AI-produced code demand a new approach, and that’s exactly what Enclave is building.
What Enclave is building with this funding
The startup’s pitch goes beyond simply scanning code for known bugs. Enclave is entering an application security market that already includes established players like Snyk, Checkmarx, and Semgrep. The differentiator, according to Hoffman, is that Enclave focuses less on scanning for known issues and more on understanding systems holistically.
In the CEO’s own words: by building deep knowledge of how your systems behave, it becomes much easier to know where to look for vulnerabilities. This approach combines artificial intelligence analysis with advanced threat modeling techniques to identify the most critical points of exposure within a codebase. The priority is what actually represents real risk to the business, not just what looks suspicious at first automated glance.
That’s a huge difference in practice, because most existing security tools generate such a massive volume of alerts that teams end up suffering from what the industry calls alert fatigue. When so many warnings pop up at the same time, the most important ones get lost in the noise.
With the $6 million seed round, the company plans to accelerate development of its core product and expand its engineering team focused on security research. The idea is to build a platform that can deeply understand the context of AI-generated code, mapping not only what’s wrong, but why it’s wrong and what the most efficient path is to fix it without breaking what works. That level of contextual intelligence is what sets Enclave apart from the more generic solutions on the market today.
Another central piece of the startup’s strategy is direct integration with companies’ existing workflows. Instead of asking development teams to ditch their current tools and adopt something completely new, Enclave wants to fit into the process without friction, delivering security insights at the right moment in the development cycle. This is critical for driving adoption and making sure fixes happen before code hits production, not after a problem has already caused real damage.
Why investors of Collison and Benioff’s caliber are betting on this idea
Patrick Collison and Marc Benioff aren’t names that show up on just any funding round. They pick their bets very carefully, and the fact that both are on Enclave’s cap table, alongside Aaron Levie and Jeremy Stoppelman, says a lot about what the market expects from this segment in the coming years. Security for AI-generated code is becoming one of the tech industry’s biggest concerns, and whoever manages to solve this problem at scale will hold a highly strategic position in the software development ecosystem.
Collison, as co-founder of Stripe, knows firsthand what it means to build critical infrastructure that needs to be absolutely reliable. Stripe processes trillions of dollars in transactions, and any vulnerability in its code can have serious consequences. So when he decides to put money into a company solving exactly this type of problem, it’s because he’s seen up close how real the pain is and how badly the market needs a serious solution. This isn’t a speculative bet — it’s a decision grounded in direct experience with the problem.
Benioff, for his part, leads Salesforce at a time when the company is going all in on artificial intelligence. The massive adoption of AI in software development is a reality he lives every day inside his own company, and understanding the risks that come with that adoption is an essential part of any responsible growth strategy. Investing in Enclave is also a way of signaling to the market that security and AI innovation can, and should, go hand in hand. 💡
The application security market in transformation
Enclave isn’t alone in this space. The application security market already has established players like Snyk, Checkmarx, and Semgrep, each with their own approaches and established customer bases. But the massive emergence of AI-generated code is creating an entirely new subcategory of needs, and that’s where the opportunity lies.
Traditional security tools were built for a world where humans wrote every line of code, with predictable patterns and detailed documentation. Code generated by language models follows a different logic. It can mix patterns from different languages, replicate source code snippets with known vulnerabilities, and create unexpected dependencies between modules that appear independent. To deal with this, a new generation of tools is needed — ones that understand how AI models think and produce, not just the end result they deliver.
That’s why Enclave’s holistic approach is getting so much attention. Instead of treating each code snippet as an isolated unit, the platform aims to understand how all the components of a system interact with each other, identifying the points where a localized flaw can turn into a systemic risk. This perspective is particularly valuable in environments where AI-generated code is being integrated into critical systems that existed long before the adoption of generative tools.
What this means for the future of software development security
Enclave’s trajectory reflects a mindset shift happening across the entire industry. For a long time, security was treated as a step that came after development — something the security teams handled when the product was nearly finished. That model was never ideal, but it worked reasonably well when the pace of code production was slower and more predictable. With artificial intelligence accelerating that pace exponentially, treating security as a separate phase has become unsustainable. Vulnerabilities need to be identified and resolved in the flow, not after it.
What startups like Enclave are proposing is a new category of tools — what some in the market are already calling next-gen AppSec — where security analysis is as integrated into the development process as version control itself. This requires sophisticated technology, but it also requires a deep understanding of how generative AI models produce code and what the most common vulnerability patterns are in this specific context. It’s an area still being mapped out, and whoever arrives first with a robust solution will define the industry standards.
With a $6 million seed round and a $33 million valuation right out of stealth mode, Enclave is already starting on solid ground to build that vision. The security market for AI-generated code is still in its early chapters, but the signals are clear: as software production becomes increasingly dependent on artificial intelligence tools, demand for solutions that can ensure that code is secure will grow at the same rate. And that’s an opportunity the world’s best investors have already decided not to pass up. 🔐
