Blog
by Lila Tretikov, Aaron Jacobson, Andrew Schoen and Ayush GoradiaJun 10, 2025
Unfortunately, 2024 was yet again another banner year for hackers, thanks to record ransomware attacks and data breaches. Cybersecurity has remained a challenging problem year after year because it is inherently asymmetric—the non-stop game of cat and mouse is massively imbalanced, as hackers are launching ~1,900 attacks per week [1] against a typical enterprise and only need one breakthrough to win, whereas an enterprise must defend against every single attack, every second, in every account, every platform, every hardware, and every app. Just one moment of weakness can lead to a multi-billion-dollar incident. This asymmetry is exacerbated by an ever-growing attack surface (on-prem, cloud, SaaS, IoT), a mountain of security alerts requiring investigation, and a shortage of industry talent. And if that wasn’t bad enough, the arrival of AI has ushered in an era of far more sophisticated and unceasing attacks. Despite this seemingly dark outlook, there is hope, as solving the scale, complexity, data and talent problems is a massive opportunity for defensive AI. To keep pace with hackers, security teams need a tireless sparring partner that continuously validates their defenses so they can find and fix any vulnerabilities before they are exploited.
That’s exactly what Horizon3.ai strives to deliver. The company’s exceptional product and unique timing are the reason we are excited to announce our lead investment in Horizon3.ai’s Series D financing and partner with this industry-leading team to define the future of AI in continuous and autonomous security. Horizon3.ai’s platform, NodeZero®, is an autonomous penetration testing engine that performs real-world attacks inside production environments—no manual work, no custom runbooks, no waiting [2]. NodeZero identifies attack paths by chaining misconfigurations, compromised credentials, and vulnerable assets to prove what’s actually exploitable, not just theoretically risky. These are the same techniques attackers use—but run safely, without breaks, at AI speed. Unlike scanners that flood teams with alerts or consultants who take weeks to deliver a report, NodeZero shows you exactly how attackers will break in—today, tomorrow, and every day after. To see for yourself, schedule a demo here.
This is a classic data flywheel at work: every NodeZero test contributes to the world’s largest corpus of real-world pentest telemetry. With over 130,000 production-safe tests across 3,000 organizations, NodeZero has become smarter, faster, and more precise over time—automatically adapting to new attack techniques, environments, and configurations [3].
Autonomous pentesting offers a truly scalable, cost-effective option to help enterprises identify weaknesses in their security controls continuously and at scale. The alternative—waiting for a breach to determine where misconfigurations occurred and releasing a post-mortem—is simply unacceptable. And relying only on human tests is insufficient. In the AI era, cyberattacks are no longer handcrafted—they’re autonomous, persistent, and adaptive. This demands an equal shift in defense. Horizon3.ai isn’t just building a tool—it’s building a defensive AI agent that continuously reasons about your environment, finds weaknesses, and helps you fix them before attackers exploit them. Additionally, AI is changing the nature of software from a system of record to a system of actions, and Horizon3.ai’s product is one of the most mission-critical examples of this evolution.
Horizon3.ai was founded by a group of former U.S. Special Ops cyber operators, startup engineers, public company security executives, and cybersecurity practitioners. This team is well positioned to solve autonomous security with laser-sharp product focus and a deep AI lens. Founder & CEO, Snehal Antani, was the former CTO of Splunk and CTO of JSOC, where he led the creation of the Global Analytics Platform (GAP), which was an early initiative to operationalize AI within Special Operations Forces. While at JSOC, the team lived and breathed the daunting challenge of protecting sensitive mission networks against sophisticated adversaries. And the team realized the only way to build a comprehensive, end-to-end platform to drive precision defense at scale was to start with a model that could mimic an attacker and surface the most meaningful vulnerabilities for enterprises to prioritize and remediate
NEA has a long history of partnering with mission-driven founders to build category-defining cybersecurity companies such as Cloudflare, Elastic, and Sourcefire. We are inspired by Horizon3.ai’s mission to build the autonomous security platform for the AI era and we couldn’t be more proud to back Snehal and the entire Horizon3.ai team
To learn more, check out the team’s extensive content library. Interested in joining this vital mission? Horizon3.ai is hiring!
Sources:
https://blog.checkpoint.com/research/a-closer-look-at-q3-2024-75-surge-in-cyber-attacks-worldwide/
Horizon3.ai, June 2025
Disclaimer:
The information provided in this blog post is for educational and informational purposes only and is not intended to be investment advice, or recommendation, or as an offer to sell or a solicitation of an offer to buy an interest in any fund or investment vehicle managed by NEA or any other NEA entity. New Enterprise Associates (NEA) is a registered investment adviser with the Securities and Exchange Commission (SEC). However, nothing in this post should be interpreted to suggest that the SEC has endorsed or approved the contents of this post. NEA has no obligation to update, modify, or amend the contents of this post nor to notify readers in the event that any information, opinion, forecast or estimate changes or subsequently becomes inaccurate or outdated. In addition, certain information contained herein has been obtained from third-party sources and has not been independently verified by NEA. Any statements made by founders, investors, portfolio companies, or others in the post or on other third-party websites referencing this post are their own, and are not intended to be an endorsement of the investment advisory services offered by NEA.