An AI-Native Security System: Our Series A Investment in Maze

Imagine you have a new home alarm system, and it alerts you that a back window is open. It’s no problem to go downstairs and lock it. But now you’re getting dozens of alerts an hour that every window, door, and vent is potentially open. What would you do?

Multiply that problem by a thousand and you’ll have a good sense of what it’s like to work in vulnerability management. An enterprise could have hundreds of thousands or even millions of software vulnerabilities open at a time. Any one of them could potentially be the way an attacker breaks into your system, causing a breach. But sifting through thousands of alerts to find the one that matters is extremely challenging, and the tools security teams have today – basic dashboards, enrichments, and rules-based scoring – only barely make a dent in the problem.

We need a fundamentally new approach: one that doesn’t just tweak existing workflows but is built from the ground up around intelligent AI systems. When we met the team at Maze, it was clear they shared our vision. We are excited to lead their $25 million Series A funding round, along with Cherry Ventures and Tapestry, to build the future of autonomous vulnerability management.

The Vulnerability Investigation Bottleneck

Every enterprise software platform is dangerously vulnerable – and it’s only getting worse. The number of software vulnerabilities increases by ~40% each year, and the average time that attackers take to exploit a new vulnerability has dropped from 63 days in 2018 to less than 5 today. It’s no wonder vulnerabilities keep executives up at night.

The core of the issue isn't finding vulnerabilities; it's the manual investigation that follows. Today’s vulnerability platforms aggregate and correlate data across sources, then apply rules-based scoring to try and prioritize them. But rules can only get you so far when every company is unique. A vulnerability that is “critical severity” and was found on a resource with customer data will always be flagged as a top priority – even if it’s entirely unexploitable because the machine is running the wrong operating system. Another that is “medium severity” might be ignored just because security teams don’t have the time to investigate it, even if it’s more of a real risk to the business.

The result is that highly skilled security engineers spend their days on tedious, repetitive investigations, discovering that up to 90% of alerts are ultimately not critical or actionable. It’s not just that they’re overwhelmed by the volume; they’re not spending time on the right issues in the first place.

From Rules to Reasoning: An AI-Native Approach

Maze is driving a paradigm shift in security that is built from the ground up for autonomous agents, versus layering AI on top of existing solutions. This is a truly AI-native security product, where every decision is made by AI agents, not static rules. Maze's agents replicate the investigative workflow of expert security engineers. They connect to existing security tools, perform research, simulate attack paths, and reason on the results. Instead of static prioritization scores, Maze delivers a short, validated list of the threats that demand immediate attention, along with human-readable justifications.

The results of this agent-first approach are mind-blowing. With our portfolio company Dropzone, we’ve seen that AI agents can be superhuman at resolving operational alerts, and at Maze, we see the same capabilities in managing vulnerabilities. As attackers move faster and faster enabled by AI tools, all companies must adopt an AI-first approach to transform security from reactive to proactive.

Building a Different Kind of Security Company

Despite the marketing hype, very few companies can successfully build AI-native products in complex environments like security. Doing so requires a deep understanding of AI and experimentation, data models and integrations, and product design for the new collaborative workflows emerging between humans and AI.

Maze founders Harry, Adrian, and Santiago bring together exactly these skillsets, with deep experience across AI, data infrastructure, product/design, and security at companies like Tessian, Elastic, Amazon, and Monad. When starting Maze, they were motivated by a frustration with the status quo of the security industry. Maze’s goal is to build a very different type of security company: one that doesn’t overhype its capabilities, that is product-first and cares about user experience, that is customer-first instead of sales-first, that doesn’t use an alphabet soup of acronyms (you’ll notice the only one in this blog post is “AI”).

We believe Maze will set a new standard not just for vulnerability management but for how security products are built and delivered. Their ambitions are huge: to be at the forefront of the generational shift that will see all security software become AI-native. We are incredibly excited to be on this journey with them.

To join their mission to end vulnerability backlogs for good, view the open roles at Maze here.