In 2024, more than 45,000 new software vulnerabilities were published – quadruple the number from just a decade ago. At the same time, threat actors, now equipped with generative AI, have cut the time between discovery and exploitation in half. For enterprise security teams, the math is brutal: more vulnerabilities, faster attacks, and the same limited capacity to respond.
Cogent Security, a San Francisco-based startup, launched publicly this week with $11 million in seed funding from Greylock Partners and a handful of strategic investors. The company thinks AI agents can close the widening gap in vulnerability management.
Building Proactive AI for Security
Cogent was founded by Vineet Edupuganti (CEO), Geng Sng (CTO), and Thanos Baskous (VP Engineering), all veterans of high-scale, security-sensitive environments like Coinbase, Blackstone, and Abnormal AI.
“The frameworks in use today still rely on human-driven processes: context gathering, coordination, risk scoring, that don’t scale to the modern threat landscape,” Edupuganti told Axios. “With AI, threat actors are moving faster than ever. Defenders need to do the same.”
Cogent’s answer is an “AI taskforce” of domain-specific agents that automate the full lifecycle of vulnerability management: from identifying and contextualizing risks to recommending remediations and triggering actions. The company says its platform can ingest petabytes of historical data from sources like system logs and vulnerability scanners to learn the structure and priorities of a given enterprise. From there, its agents operate autonomously to resolve issues, all while incorporating organizational context, such as uptime requirements or business sensitivity, into decision-making.
This shift from alert generation to autonomous action is part of Cogent’s broader AI-native design. Unlike legacy tools that bolt AI features onto existing workflows, Cogent’s architecture centers around proprietary language models trained on security-specific data and organizational telemetry. These models power reasoning engines that allow the system to simulate human judgment and act accordingly.
A Focus on Large, Complex Enterprises
Cogent says it is already deployed at Fortune 500 companies, public financial institutions, and major universities. While the company has not disclosed customer names or revenue figures, internal metrics suggest the platform has delivered measurable impact: faster resolution of critical vulnerabilities, reduced manual workload, and increased analyst efficiency. One customer, Alteryx CISO Lucas Moody, is quoted as saying Cogent’s system “understands our environment, makes informed decisions, and takes action,” describing it as “like having your top security and engineering talent on every issue, around the clock.”
These results are hard to independently verify, but they align with the pressures organizations face today. According to the latest Verizon Data Breach Investigations Report, vulnerability exploitation is now the fastest-growing cause of security breaches. As attack surfaces expand and internal teams struggle with scale, the promise of software that can autonomously remediate risk is an appealing one.
The startup’s GTM strategy appears focused on large enterprises with complex, distributed infrastructure: organizations where traditional vulnerability management tools often fall short. These same customers also tend to have fragmented security environments, making Cogent’s unified “AI Fabric” data architecture, a streaming-first pipeline that ingests and normalizes events in real-time, an attractive differentiator.
Funding, and Competition
Cogent was incubated through Greylock’s Edge program, which has also helped launch cybersecurity companies like Palo Alto Networks and Abnormal AI. Greylock led the $11 million round, joined by Lockstep and angel investors from OpenAI and other enterprise software firms. The funding will be used to expand engineering headcount and deepen investment in Cogent’s proprietary models and infrastructure.
Cogent is entering a crowded market, competing with legacy vendors like Tenable and Qualys, as well as newer AI-forward startups in security automation. But where many existing solutions focus on surfacing and ranking issues, Cogent is positioning itself around execution: using AI agents to complete the cycle from detection to resolution.
As of this month, the company is in early-stage deployment mode, and its ability to scale deployments and prove long-term ROI remains to be seen. But the idea: that human-led workflows can’t keep pace with machine-accelerated threats, is difficult to argue with. If Cogent’s agents continue to perform as claimed in real-world settings, it could signal a shift in how enterprises approach vulnerability management and broader security operations. “We’re just getting started,” Edupuganti said. “But the need is already here.”
