Announcing our $100M valuation Series A
We're excited to announce our $100M valuation Series A led by Standard Capital with participation of FundersClub (FCVC), Y Combinator, and Rebel Fund. This brings our total fundraised capital to $17M. We want to thank our early believers that helped us get here, including Filip Sebesta, Milo Spirig, Michael Zhao, Phil Chan, Colin Hauck, Uzair Khan, Marc Mengler, Bilal Farooqui, Ev Kontsevoy, Tanachart Kujareevanich, Stephen Cobbe, Bill Fine, Rohan Sharma, Amit Patel, Twenty Two Ventures, Jake Mintz, Christopher Price, Pioneer Fund, Matt Auerbach, Robin Choy, Yotam Rosenbaum, Amritansh Raghav, Adam Seligman, Tomer London, Mohit Srivastava, Metsu Capital, Hassan Lantry, Alex Mittal, Liquid 2 Ventures, and last but certainly not least: pg.

Attackers are evolving faster than defenders can keep up, while companies are shipping more code than ever. The only sustainable defense is continuous offense: finding and fixing vulnerabilities before they can be exploited. Casco is the tool I wish I’d had at Stripe.
Our mission is to make all software effortlessly secure. Today software is not secure. Security is not effortless. The time it takes for bad actors to weaponize a vulnerability is shrinking from months to days. Soon it'll be minutes.
Clearly the existing security paradigms are broken. Casco already found critical vulnerabilities in 300+ companies despite them using the popular code security tools and human pentesters.
Legacy code security tools with LLM sprinkled on top are calling themselves "agentic" or "AI-native". However, they're just noisy security slop. They choose noise over accuracy, so they can cover their bases. These legacy tools do not run the actual code, so they have no way to accurately determine the code's expected behavior. You cannot validate a software's security while being completely detached from its runtime reality. This creates massive alert fatigue. When security tools cry wolf every single hour, humans simply stop paying attention to them.
83 percent of security professionals feel completely burnt out by their workload. If you ask any security engineer at any company if they have full security coverage over their entire attack surface area, they will say no. They simply do not have the hours in the day. To compensate, companies rely heavily on human pentest contractors. However, human pentesters are cost-prohibitively expensive and often miss things. An annual check cannot keep up with continuous software development and the exponential increase in AI-produced code.
Casco is the agentic security engineer that offers solutions, not problems. Helping teams expand their security testing coverage, relentlessly focus on clear signals over noise, and find what even expert pentesters miss.
We're just getting started. Internally, we're thinking of ourselves as a $0.0001T company. While other players might think of us as an "AI pentesting company", our customers are thinking of us as their last line of defense for their application security.
You can become part of the next paradigm shift in security; join us! We're hiring engineers, security, technical account executives, and growth roles. https://casco.com/careers.