DryRun Security is a technology company.
DryRun Security has raised $9.0M across 1 funding round.
DryRun Security has raised $9.0M in total across 1 funding round.
DryRun Security is an AI-native application security (AppSec) startup that builds Contextual Security Analysis (CSA) tools to automate security reviews in developer workflows, particularly during code changes and pull requests.[1][2][3] It serves development and security teams at organizations like Gusto, BrightHR, and Tines, solving the problem of detecting complex code risks—such as business logic flaws and behavioral vulnerabilities—beyond basic static patterns, while reducing false positives and bridging the gap between devs and security pros.[1][2][3] The company raised $8.7 million in seed funding to expand go-to-market and engineering, launched Natural Language Code Policies (NLCP) for plain-language policy enforcement, and achieved early traction including BlackHat Startup Spotlight 2024 finalist status and GitHub Marketplace availability, enabling real-time analysis across thousands of daily code changes.[1][2][3][4]
DryRun Security was co-founded by James Wickett (CEO) and Ken Johnson (CTO), both AppSec veterans with deep industry experience.[1][2][5] Wickett launched the company driven by the belief that developers prioritize security but lack effective tools, while Johnson recently led security code reviews and developer training at GitHub.[5] The idea emerged to automate security analysis in code reviews before deployment, addressing pain points the founders encountered firsthand; early milestones include raising $8.7M seed funding, securing customers like Gusto and BrightHR, and launching key features like NLCP and GitHub integrations.[1][2][3]
DryRun rides the AI-native AppSec trend, where LLMs and agents transform static analysis into dynamic, context-aware security that fits DevOps speed, amid rising software supply chain attacks and compliance demands.[1][2][3] Timing aligns with explosive growth in AI-dev tools and GitHub ecosystems, enabling seamless integration as code volume surges; market forces like talent shortages in AppSec and shift-left security favor its approach, reducing standoffs between teams.[2][3] It influences the ecosystem by pioneering agentic analysis, open-source contributions, and resources like the CSA Guide, helping organizations scale secure releases and setting standards for human-centric, frictionless security.[3][4]
DryRun is poised to expand with its $8.7M funding fueling engineering hires, GitHub Marketplace growth, and NLCP enhancements, targeting broader adoption amid AI security agent proliferation.[1][4] Trends like multimodal AI analysis and zero-trust DevSecOps will amplify its edge, potentially evolving it into a full-stack AppSec platform influencing standards via community and enterprise wins. As AI bridges dev-security divides, DryRun exemplifies how targeted automation turns security from bottleneck to accelerator, securing the next wave of software innovation.[2][3]
DryRun Security has raised $9.0M in total across 1 funding round.
DryRun Security's investors include Celesta, LiveOak Venture Partners, NextView Ventures, Redline Capital, Work-Bench, Shay Banon.
DryRun Security has raised $9.0M across 1 funding round. Most recently, it raised $9.0M Seed in January 2025.
| Date | Round | Lead Investors | Other Investors |
|---|---|---|---|
| Jan 1, 2025 | $9.0M Seed | Celesta, LiveOak Venture Partners, NextView Ventures, Redline Capital, Work-Bench, Shay Banon |