DryRun Security Builds Momentum With Breakthroughs in AI-Native Code Security Intelligence

DryRun Security, the industry’s first AI-native, code security intelligence company, has completed its first year out of stealth with strong corporate momentum. Over the past twelve months, the company delivered major product innovations, industry-leading vulnerability research and laid the groundwork for securing autonomous software development in the age of agentic AI.

“Modern software development has evolved dramatically, with autonomous agents and vibe coding quickly taking shape across the industry,” said James Wickett, CEO and co-founder, DryRun Security. “The momentum we achieved in our first year out of stealth is a reflection of the broader shift in how software is built. As AI agents take on more responsibility in coding workflows, security must become contextual, proactive and embedded directly into the development process. DryRun Security has built the foundation for that future.”

Early last year, DryRun Security closed an $8.7 million seed funding round, accelerating investment in product development, go-to-market expansion, and customer success. Enterprise and mid-market adoption is accelerating, with customers running more than 250,000 code reviews every month with DryRun Security, more than any other AI-native code security intelligence provider.

Product Innovation Built for Agentic Development

Over the last twelve months, DryRun Security doubled down on product innovation to address a growing gap in traditional application security tools. The company’s AI-native Contextual Security Analysis (CSA) engine was purpose-built to support agentic code security intelligence, delivering security that understands code behavior, execution context and autonomous decision-making across both human-driven and AI-driven workflows.

Powered by this core technology, DryRun Security introduced the following innovations:

• Natural Language Code Policies (NLCPs): allows security teams to define secure coding requirements in plain English. These policies remove the complexity of rule-based configuration and enable faster alignment between security intent and real-world development practices, an essential capability for governing autonomous coding agents. Policies are no longer ignored in an old share site, but live in every pull request.
• Custom Policy Agent: enforces natural language policies directly within developer workflows, scanning every pull request and providing inline, actionable feedback. Acting as an autonomous security guardrail, the agent helps ensure that both human developers and AI coding agents operate within approved security boundaries.
• Code Insights MCP: securely connects DryRun’s Code Insights to MCP-compatible AI assistants, enabling natural language search, summaries, and trend reporting across pull requests and repositories. This gives security and engineering leaders fast visibility into high-risk changes, emerging patterns, and audit-ready evidence, without living in yet another dashboard.
  
  

Industry-Leading SAST Accuracy Validates Contextual Security Approach

DryRun Security’s contextual analysis approach delivers measurable accuracy gains. In the 2025 SAST Accuracy Report, DryRun detected 88% of seeded vulnerabilities out of the box, outperforming five leading static analysis tools, particularly on complex logic and authorization flaws. These results further validate why DryRun’s AI-native approach is essential as applications grow more complex and less deterministic, especially in AI-rich environments.

LLM & Agentic Applications Expose AppSec Blind Spots

The implications of these findings are even more pronounced in LLM-powered and agentic applications. In its research report, “Building Secure AI Applications,” DryRun Security found that more than 80% of vulnerabilities in LLM-enabled applications go undetected by traditional static analysis tools.

As execution paths become dynamic and code is increasingly generated or modified by autonomous agents, the shortcomings of legacy AppSec approaches are amplified, creating new classes of risk that demand a fundamentally different security model.

“As we lean harder into AI-generated code and highly customized delivery environments for our customers, we need more than a traditional code scanner. DryRun Security lets us continuously understand and explain the security posture of what we’re building, internally and for Fortune 50 clients, in a way that actually maps to how modern engineering teams work,” said Patrick McKinney, Vice President Security, Invisible Technologies. “The combination of real-time, context-aware analysis and MCP capabilities gives us a path to turn raw findings into customer-ready artifacts and ongoing assurance. For us, DryRun Security is less ‘AI code review’ and more a core piece of how we’re building an AI-first security program going into 2026 and beyond.”

About DryRun Security
DryRun Security is the industry’s first AI-native, agentic code security intelligence solution. Powered by its proprietary Contextual Security Analysis engine, DryRun Security helps security and developer teams reduce noise, surface real risk, and secure modern software built by both humans and autonomous agents. DryRun Security saves organizations thousands of hours otherwise spent on false positives, manual triage, and reactive reviews, while enabling security to scale with the speed and complexity of AI-driven development. For more information, please visit: https://www.dryrun.security/.