DryRun Security, the AI-native company delivering application security (AppSec) for development and security teams, has announced its $8.7 million seed funding round from lead investors LiveOak Ventures and Work-Bench as well as participation from Cannage Capital. The company will use the investment to increase its engineering hires and grow its Go To Market (GTM) function.

The company is also introducing Natural Language Code Policies (NLCP), a game-changing feature that frees AppSec teams from the painstaking work of building and maintaining scripted policy rules. By allowing them to define their security policy in an intuitive, domain-focused way, NLCP cuts the overhead of custom rule writing and helps teams get coverage across all of their code bases without worrying about the language or framework.”

DryRun Security is going beyond AI and LLM’s early automation capabilities to build what it calls Contextual Security Analysis (CSA). This approach both identifies security risks and seamlessly integrates mitigation into developers’ workflows. CSA layers static context, change context and application context to make contextually aware assertions in near real-time and is ideal for distributed, modern applications and teams. It fits naturally in an organization practicing DevOps, prioritizes reducing security tool pressure on developers and makes it easy for developers to reason about security.

The DryRun Security CSA approach enables AppSec professionals to execute GitHub native security analysis in seconds to gain awareness across both development and security teams. The company is also introducing with today’s announcement its Natural Language Code Policies Feature Set, a groundbreaking tool that enables development teams to define and enforce security policies using plain, conversational language. It helps teams understand which code changes are the riskiest, a task that is often so overwhelming it’s skipped all together. The Natural Language Code Policies transform the traditionally complex process of creating code policies and integrate seamlessly into developers’ workflows, allowing for real-time security policy enforcement and compliance monitoring. This reduces vulnerabilities earlier in the software development lifecycle, saving teams time and resources while delivering more secure applications.

“We know how frustrating it is when risky code slips in unnoticed—especially for AppSec teams who want to stay on top of every critical change,” said James Wickett, co-founder and CEO of DryRun Security. “That’s why we built DryRun to find the ‘needle in the haystack’ of code changes, so teams can spot unknown risks before they start—without slowing developers down. Our early customers are already seeing tangible, day-one improvements in their security posture, validating that modern, AI-native application security tools can finally keep up with the code velocity of today’s software development teams.”
“With DryRun Security, we’ve transformed how we manage application security across our global development team. The GitHub integration ensures that our developers get precise and instant feedback directly in their workflow, enabling them to fix security issues without skipping a beat. The tool has not only helped us catch risks like hardcoded credentials early but has also fostered a culture of security among our developers. DryRun Security is an indispensable part of our AppSec toolkit,” said Gary Gonzalez, CTO at PlanetArt.