There is a moment in every security conversation where the room goes quiet. Not because everyone agrees, but because everyone realizes the math is ugly. Too much software. Too few humans. Alerts stacking like unread emails from a job you already quit. That silence is where Nullify shows up, calmly, unapologetically, with receipts.
Nullify just closed a $12.5M seed round, bringing total funding to $16.9M. Led by SYN Ventures, with Black Nova Venture Capital doubling down, this is not capital chasing noise. This is capital recognizing pattern. Congratulations to Shan Kulkarni and Tim Thacker for building something investors do not need to squint to understand. Also worth noting Glenn Chisholm joining the board, because experience still matters when the stakes are real.
Nullify is not another dashboard screaming for attention. It is the first AI workforce for product security. Workforce, not tool. That word choice matters. These agents do the work security teams are buried under: detecting vulnerabilities, triaging them, validating them, fixing them, and delivering merge ready pull requests that engineers actually want to ship. No theater. No busywork. Just outcomes.
The numbers tell the story without trying too hard. Over 48,000 hours of manual work eliminated. More than 450 vulnerabilities resolved autonomously. Nearly a 90% merge ready rate on fixes. That is not automation cosplay. That is execution at scale, across real codebases, inside real companies that do not have time for science experiments.
What makes this interesting is not just the AI. It is the restraint. Nullify analyzes code, cloud configurations, and business context, then reasons about impact before acting. The Vault continuously learns, closes loops, and gets sharper with every decision. This is product security that understands the business it is protecting, not just the syntax it is scanning.
There is a lesson here for founders watching from the sidelines. Capital followed clarity. This team did not sell a future vision alone. They shipped, measured, and proved that replacing repetitive human toil with accountable machines is not reckless, it is respectful. Respectful of engineers’ time. Respectful of security teams drowning in alerts. Respectful of businesses that want fewer headlines for the wrong reasons.
Nullify operates out of San Francisco and Sydney, but the problem it addresses is global. Software scales infinitely. Security teams do not. An AI workforce does not get tired, does not miss context, and does not ask for headcount approval in Q4.
