XBOW Raises $35M as Offensive Security Moves Toward Continuous Testing

XBOW has raised an additional $35 million in Series C funding from strategic investors, including Accenture Ventures, DNX Ventures, Liberty Global Tech Ventures, NVentures, Samsung Ventures, and SentinelOne S Ventures. The new funding extends the company’s earlier $120 million Series C round and gives XBOW more capital to expand its go-to-market reach, partner ecosystem, and international presence.

The investment comes as more security teams rethink how they test their environments. Traditional penetration testing remains important, although it is typically conducted periodically. That model becomes harder to rely on when software changes quickly, and attackers can use AI to probe systems more often and at greater scale. XBOW’s pitch is built around continuous offensive security, using AI to find and validate vulnerabilities in applications more like an attacker would.

For MSSPs and security teams, the key issue is validation. Security tools can generate long lists of potential vulnerabilities, but not every finding is exploitable or urgent. XBOW says its platform can surface validated findings, reduce false positives, and confirm whether issues found by other tools can actually be exploited. Security teams and MSSPs are being pushed beyond annual or quarterly pentests. Customers need more frequent validation of exploitable risk, especially as AI changes the speed and scale of attacks. That creates a services opportunity around continuous testing, vulnerability prioritization, application security validation, and offensive security programs.

The channel angle is also worth watching. Samsung is a preferred reseller for XBOW in South Korea, and DNX Ventures brings regional reach across Asia Pacific. That gives XBOW a clearer path into global markets where enterprises are looking for more continuous security testing. For partners, the opportunity may be in helping customers move offensive security from a once-a-year exercise to a repeatable service tied to application security, vulnerability management, and risk reduction.