Pi: Building Zero Recurrence Code Security for the AI CodeGen Era

Cybersecurity no longer has a vulnerability discovery problem. It has a code vulnerability recurrence problem.

For the better part of two decades, the security industry has focused on finding more vulnerabilities, i.e. vulnerability discovery. We built scanners, bug bounty programs, penetration testing firms, attack path analysis platforms, and vulnerability management products. Thanks to AI, security teams now have more findings, more alerts, and more visibility than ever before.

However, at the same time, software development is undergoing its largest transformation ever. Claude, Cursor, and GitHub Copilot are enabling developers to write, review, and ship code faster than ever. Meanwhile, Mythos-class foundation models have increased the speed, scale, and scope of vulnerability discovery across modern applications, as well. The result is both software creation and engineering productivity reaching all-time highs – but also new vulnerability creation, discovery, and exploitation happening at all-time agentic speeds.

This creates a dangerous gap in security as Mythos grants hobbyist hackers the ability to chain together otherwise benign or low-level code vulns into full attack chains.

Ultimately, we believe the next generation of application security platforms must help engineers move faster, not slower. Security cannot continue to be the barrier to progress.  But the solution is also not for security teams to hire more product security engineers than ever before to manually triage, investigate, and remediate.  The solution is to enable developers and AI coding agents to become security experts – without them even noticing.

That requires context and a new class of Zero Recurrence Code Security tools that unlock institutional security memory enforceable across the entire SDLC.  We believe it requires Pi Security.

From Vulnerability Discovery to Vulnerability Recurrence

What attracted us initially to Pi in early 2025 was not simply another approach to ApplicationSecurity. We were attracted to Pi building an entirely different way of thinking about this problem-space.

TraditionalAppSec tooling focuses on detection. SAST, DAST, ASPM, vulnerability management platforms, bug bounty programs, and pentesting all generate findings. Their output is typically another alert, another ticket, or another report requiring manual investigation and remediation.

Pi starts where those systems stop.  They are defining the new “Zero Recurrence Code Security” category: a platform designed to learn how an organization builds, breaks, fixes, and secures software, then turn this institutional security knowledge into preventative-but-supportive guardrails across the software development lifecycle – so engineers can push code faster, not slower.

Pi operates at the intersection of Application Security, Secure-by-Design, and AgenticSecurity Automation – ingesting security knowledge from prior incidents, tickets, pull requests, repositories, architecture decisions, wikis, and developer workflows. It then transforms that information into rich context for their models to drive deep root cause analysis, variant discovery, contextual remediation guidance, ownership mapping, and preventative controls at design time, IDE time, and pull request time – not post-production.

Pi’s key insight is that security is inherently contextual. Every organization has different architecture decisions, ownership models, accepted risks, historical incidents, remediation patterns, and engineering workflows. Generic scanners and AI models do not understand these nuances at-scale. Pi’s goal is to become an organization’s institutional memory, context, and living security intelligence layer—that developers, AI coding agents, and security teams use while software is being designed, written, reviewed, and deployed. Rather than simply identifying vulnerabilities, Pi helps organizations understand why vulnerabilities occur, discover variants across their environment, generate contextual remediation guidance, and prevent entire classes of security issuesfrom recurring.

This is the vision that first attracted us to Pi – not simply fixing one vulnerability but eliminate entire classes of vulnerability that continue re-emerging in enterprise codebases – most principled, driving towards zero recurrence.

A Pedigreed Team Approaching the Right Problem from Multiple Angles

Pi was founded by Guy Arazi and Yonatan Ramon, two founders who arrived at this same security problem from very different perspectives.

Guy spent years on the offensive side hacking his first aerospace company at 14, becoming a CISO at 24, and later working at Palo Alto Networks, Microsoft Azure Research, and theMicrosoft Security Response Center.  

Yoni built and scaled safety-critical systems at Tesla, where software quality and reliability directly impacted vehicles, robotics, and manufacturing operations with real-life consequences and physical-world outcomes. Despite their different backgrounds, they reached the same conclusion: modern organizations do not struggle to find vulnerabilities anymore given Mythos. They struggle to ensure fixes are applied correctly, propagated broadly, and prevented from recurring without slowing down engineering teams.

What has consistently impressed us about Guy is not only his technical depth, but his willingness to challenge accepted assumptions about how application security should work.

Meanwhile, Yoni’s product instincts, engineering rigor, and deep understanding of how software gets built inside modern organizations have been instrumental in shaping Pi’s developer-centric approach.

Why We Are Excited

Overall, we are incredibly grateful to Guy, Yoni, and the entire Pi Security team for allowing Brightmind to be part of this journey from the earliest days. Brightmind lead Pi’s Seed round in early 2025.  Now, we are excited to continue supporting them through their $35M Series A, alongside Third PointVentures, George Kurtz, Yevgeny Dibrov, Nadir Izrael, and many key angel and strategic investors.

We believe many companies will emerge to address this generation’s software-security challenge in the AI era.  But we also believe that the winner will be those who help organizations operationalize security knowledge, eliminate recurring vuln. patterns, and make secure software development scalable in a world where both humans and AI systems are generating code continuously.

Pi is pursuing exactly that vision.

‍