Cogent Security has raised a $42 million Series A just six months after launch. Their bet? That AI agents can finally fix one of cybersecurity’s most persistent bottlenecks: the grind between detecting software vulnerabilities and actually remediating them. The round, led by Bain Capital Ventures with Greylock and Definition participating, brings total funding to $53 million.
For Bain partner and former Symantec CEO Enrique Salem who led the round, this is the culmination of a several-year courtship of founder and CEO Vineet Edupuganti. “We’ve known him from pre‑founding the company,” Salem told Fortune. “This wasn’t necessarily his first starting idea, but they’ve proven an ability to deliver against what we’re working on.”
The problem is familiar—and stubborn. In 2025, more than 48,000 new common vulnerabilities and exposures in software were reported, a 162% jump from five years prior, even as attackers increasingly use AI to probe fresh bugs within minutes of disclosure. “There are more vulnerabilities than you’ll ever be able to remediate or imagine,” Salem says. “The Holy Grail is, how do you figure out what to remediate because you’ll never remediate everything.”
Greylock partner Saam Motamedi, who led Cogent’s $11 million seed, says the company has since built “one of the strongest AI teams in cybersecurity.” Both Edupuganti and fellow co-founder Geng Sng came from Abnormal Security, where Edupuganti led product strategy and Sng built the ML fraud detection system that protects half the Fortune 500. Cogent’s third co-founder, Thanos Baskous led infrastructure at Coinbase, where he was in charge of large-scale vulnerability remediation. The current Cogent team also includes hires from Google’s Gemini/DeepMind, Tesla, and Stripe, and already runs its platform in production “across large Fortune 500 enterprise environments.” That traction, Motamedi argues, is “incredibly rare” for a company at this stage.
Cogent doesn’t replace existing security tools—it sits on top of them. It connects to the scanners companies already use, to internal asset lists like those in ServiceNow, and to data from cloud and endpoint security tools.“We aggregate insights from all those signals, make sense of it, determine what to do, and then push action through the hands and the feet,” Edupuganti told Fortune, referring to integrations with ticketing and patching systems.
Finding these vulnerabilities isn’t the hard part, according to Edupuganti. Instead the issue lies in assigning ownership of solutions. Security teams, Edupuganti adds, are “drowning in coordination work—chasing down system owners, writing tickets, proving fixes happened. We built AI agents that handle that work end‑to‑end, so security teams can finally keep pace with attackers.”
Cogent says its customers are fixing their most serious security problems much faster—reducing the time those high‑risk bugs stay active by about 97% on average. Many start cautiously, letting Cogent automate investigation, prioritization, and routing while humans retain the final remediation step: “Given all the context of my environment, tell me exactly who needs to do what by when, and let that person go do the work,” Edupuganti says. Over time, some customers grant full autonomy in safer development environments, gradually expanding “slices of autonomy.”
Motamedi argues Cogent isn’t just slapping generic AI on security problems. Instead, it has built specialized AI that deeply understands one specific job—sorting through and acting on software vulnerabilities.. Security teams arrive each day to “thousands or millions of vulnerabilities” and a queue of tickets requiring judgment and execution, he says. Cogent ingests sensor data, builds a prioritized view based on business context, then uses models from Anthropic and OpenAI to help write the code that actually remediates issues.
That promise comes with a hard constraint: no black boxes. Cogent says it’s designed for big, regulated companies that need tight controls. In practice, that means every AI action can be tracked and replayed, and it only runs within clear, customizable approval rules set by the customers. “You have to really make it clear for every decision that an agent is making, why is it making that decision, what’s the impact,” Edupuganti says, adding that the product surfaces explanations and confidence levels so customers can “inspect it and then choose when they want to make the full plunge” into autonomy.
Motamedi describes the design target as a spectrum: in best‑case scenarios, Cogent “completely obviates the need for the human” on a specific vulnerability; in others, it makes a vulnerability engineer “10 times as productive” by pre‑triaging and doing the heavy lifting so they only handle the last 10 percent.
Cogent’s timing is keyed to moments like Log4j—a massive security flaw discovered in late 2021 in a very common piece of software used all over the internet—which Edupuganti calls a “watershed” that exposed how hard it was for enterprises even to locate their exposure, let alone fix it. “Most instances of Log4j are not remediated,” he says. “The biggest challenge that people have is they just don’t know where the thing was and who should fix it,” a gap he expects to widen as zero‑days (when hackers release malware to exploit software vulnerabilities before a software developer has patched a flaw) increase.
Since launching in July 2025, Cogent says it is already working with dozens of Fortune 1000 and Global 2000 enterprise customers, with a 10x increase targeted this year. With the new capital, the company plans to expand beyond vulnerability management to other security operations and IT automation workloads, while quadrupling its go‑to‑market team to push deeper into the enterprise.
For Salem, who estimates he sees 400–500 AI‑security decks a year, Cogent stood out because Edupuganti led with the problem, not the model. “What Vineet did is he said, let me explain the problem. What am I solving? And why does it matter?” he says. If the bet pays off, Salem already has his dream headline: “Software is now secure.”
