Nullify Secures $12.5 Million to Boost Product Security in RegTech
San Francisco startup promises autonomous fixes for software vulnerabilities daily.
Nullify, an AI-powered product security platform, today announced it has closed a $12.5 million seed funding round, bringing the company’s total capital raised to $16.9 million. The round was led by SYN Ventures, with participation from existing backer Black Nova Venture Capital. SYN Ventures Operating Partner Glenn Chisholm has joined Nullify’s board of directors.
The funding addresses a widening security talent gap as enterprises face increasingly sophisticated AI-enabled attacks. Software engineers outnumber security engineers by a ratio of 100 to 1 in most enterprises, according to Nullify CEO and co-founder Shan Kulkarni. “For organizations facing significantly greater speed and sophistication of AI-enabled attackers, holding the line with legacy dashboards, scanners, and ticket routing is a losing game,” Kulkarni said in a statement. “Whether organizations have a mature program or zero product security headcount, Nullify AI employees replace tool sprawl and the human hours it consumes.”
The company’s platform functions as an autonomous workforce that handles vulnerability detection, triage, validation, and remediation. Rather than simply flagging security issues, Nullify ingests code, cloud configurations, and business context to autonomously generate and validate exploits, score real business impact, and ship merge-ready fixes to developers. The platform differentiates itself through a component called Vault, which serves as long-term memory for organizational security knowledge. Vault continuously updates an organizational ontology, allowing Nullify to learn, reason, and adapt with every action it takes. The company said early adopters have replaced fragmented legacy tools and manual security work with the platform, reporting rapid risk reduction and improved control over vulnerability management processes.
Kulkarni founded Nullify in December 2022 alongside CTO Tim Thacker and COO Tony Mao, whom he met while studying computer science and software engineering at the University of New South Wales in Sydney. Before launching the startup, Kulkarni worked as a cloud security engineer at CMD Solutions Australia and as a lecturer teaching DevSecOps and cloud security at UNSW. The founding team identified a persistent gap between engineering and security teams during their academic and consulting work, where security teams struggled to understand how software teams operated while developers lacked training in building secure software.
Chisholm co-founded Obsidian Security and served as its chief executive officer. He previously held the role of chief technology officer at Cylance, where he led product, engineering, and research teams ahead of its $1.4 billion acquisition by BlackBerry. He also served as chief information security officer at Telstra. “The security labor gap is the defining challenge for defenders today,” Chisholm said. “Nullify’s first-of-its-kind AI workforce doesn’t just summarize alerts. It autonomously makes decisions and takes action, delivering outcomes that once required entire teams.”
The company raised $1.1 million in a pre-seed round in mid-2023, led by OIF Ventures. In March 2024, Nullify secured a $5.2 million seed round co-led by Two Sigma Ventures and Root Ventures, ahead of its launch in the United States. The latest $12.5 million injection represents the company’s third institutional funding round in less than two years. Nullify participated in the inaugural Embed accelerator program, developed by Conviction Partners in San Francisco, which focuses specifically on AI startups.
Nullify’s investor roster now includes SYN Ventures, Two Sigma Ventures, Root Ventures, Black Nova Venture Capital, and OIF Ventures. Two Sigma Ventures, based in New York City, operates as the venture capital arm of quantitative hedge fund Two Sigma Investments and typically invests in early-stage companies leveraging data science and machine learning.
The company said the new capital will be deployed across three primary areas: scaling go-to-market operations, expanding engineering and research teams, and accelerating global growth. Nullify maintains offices in San Francisco and Sydney, Australia. The company targets mid-market enterprises and software-as-a-service companies seeking to streamline security operations amid talent shortages. The platform integrates with codebases, cloud environments, ticketing systems, and documentation to absorb contextual data across an organization’s technology stack.
Nullify operates in a competitive landscape where companies increasingly turn to AI to address security challenges. The convergence of machine learning and cybersecurity has attracted significant venture capital attention, particularly for startups promising to automate traditionally manual processes.
Kulkarni emphasized that Nullify aims to move beyond the “copilot” model prevalent in many AI applications. Instead, the company trains its system to operate as an instantiated human resource unit within an organization’s security team. “Processes like detecting, prioritizing, fixing, and explaining security vulnerabilities in software have long been manual and inefficient,” Kulkarni said in an earlier interview. “Today we can adapt self-consistent agentic AI architectures that can contextualize complex security data to automate these processes.”
The funding announcement comes as enterprises face regulatory pressure to demonstrate robust security practices. Data breaches continue to generate substantial financial and reputational costs, with recent high-profile incidents often traced to inadequate management of software supply chain risks. With the latest funding secured and experienced board governance in place, Nullify positions itself to capture market share in an industry grappling with the dual challenges of talent scarcity and accelerating threat sophistication.
