Software security is solving the wrong problem.
For years, we've used security tools to find what's easy to find: patterns, signatures, quantitative issues. We equate scanning hard enough to catching what matters.
But the hardest problem in application security was never finding more bugs. It's knowing which ones matter.
The breaches that make headlines rarely start with something obvious. The risk is buried in the architecture; in how systems interact, and how assumptions compound over time.
Teams are drowning in noise while the risks that matter slip through.
With the red carpet rolled out for AI-generated code, software is being written (and rewritten) faster than ever. Entire features appear in minutes, and pull requests stack up faster than humans can reason about them. Surveys show that nearly a quarter of production code is AI-generated, and nearly half of that code contains security flaws; not because the models are bad at writing code, but because writing code that looks correct and writing code that's actually safe are two different problems. To compound that, 40% of alerts are never investigated at all, and 61% of teams admit to ignoring alerts that later turned out to be critical.
In every other high-stakes industry, there's a clear separation between creation and oversight: accountants don't audit their own books, and aviation engineers don't certify their own planes.
That separation is part of a new paradigm where the AI labs creating coding agents that generate vulnerabilities, shouldn't be the ones auditing them.
Existing security tools weren't designed to be independent reviewers. Enclave is.
Introducing Enclave
Enclave is launching from stealth with $6M, backed by 8VC and a group of angel investors including Stripe's Patrick Collison, Box's Aaron Levie, VMware and Google Cloud's Diane Greene, Paradigm's Matt Huang, Yelp's Jeremy Stoppelman, Salesforce's Marc Benioff, and others.
Enclave's founders have been circling this problem for years. Tal Hoffman (CEO) and Dvir Segev (CTO) spent their careers building AppSec tooling, having met at Enso Security, and developing a deep understanding of where the industry's approach to security fell short and where it needed to go.
Yanir Tsarimi (CPO), who met his co-founder Tal while both serving in the prestigious Unit 8200, saw the problem from the attacker's side. Programming since age 11, Yanir built a career finding vulnerabilities that most researchers weren't looking for; the kind embedded in how systems are designed rather than how code is written. He discovered the first documented cross-tenant vulnerability in AWS and published research demonstrating breaches across major cloud infrastructure, work that earned him recognition as one of Microsoft's Most Valuable Researchers from 2022 through 2025. With the industry obsessed over XSS vulnerabilities and outdated CVSS scores, Yanir was finding the flaws that actually mattered: architectural gaps, misconfigurations, and the unexpected ways interconnected systems break down.
A pattern became obvious.
How Enclave Works
Most security tools scan for known patterns and return a list. But the vulnerabilities behind major breaches are rarely patterns; they're architectural, emerging from how systems interact over time.
Enclave takes a comprehensive approach and reads a codebase as a system. It follows how data moves, where trust boundaries exist, and where compounding design decisions create exposure that no single line of code would reveal. The findings it surfaces are high-confidence and explained in plain language, with a clear path to fixing them. The goal isn't to find more issues; it's to find the ones that are critical to enterprises.
Systemic visibility is the key in this AI-powered era, and we can prove it. Our research team found several remote code execution vulnerabilities across heavily trafficked open-source repositories, which impacted hundreds of thousands of downstream codebases. These vulnerabilities allowed code execution across large systems, including major cloud services.
These systems hold incredible power and the blast radius for harm is large. When a flaw lives in a widely-used foundation, every system built on top inherits the risk. As AI accelerates how fast software is written and deployed on those foundations, the blast radius doesn't stay fixed. Instead, it compounds.
This is exactly the type of risk Enclave is built to find: the underlying architectural weaknesses that make them possible in the first place.
Why This Matters Now
It's time to be honest with ourselves. AI is here to stay, which means automated code generation will only get faster.
AI will write more software as we automate more systems, meaning the clock is ticking for reliable independent oversight. The organizations who can adopt this mindset will have the tools to move fast without breaking things that matter.
Security can't be a checklist. It can't be pattern matching. Safety comes from separation, scrutiny, and asking the uncomfortable questions before attackers do.
Enclave is the independent reviewer for the AI era of software.
If you believe security should focus on what matters, we'd love to talk.