HomeCompaniesCodeAnt AI
CodeAnt AI
Y Combinator LogoWinter 2024
Active
Cybersecurity
San Francisco

Autonomous offensive and defensive security platform

CodeAnt AI attacks your systems the way a real adversary would, then it walks back into your code and helps you build the defenses exactly where the attack got through. Continuous attack. Continuous defense. One self-learning platform. Trigger a free pentest No engagement fee. Pay only if we find high or critical issues; low and medium issues are free.
Active Founders
Amartya Jha
Amartya Jha
 
Founder
Amartya Jha, Co-Founder and CEO, CodeAnt AI, ships zero-days for fun. CVE-2026-29000, CVSS 10.0, full auth bypass in pac4j-jwt. CVE-2026-28292, CVSS 9.8, RCE in simple-git. Two of 87 zero-days he dropped across packages downloaded 1.85 billion times a month. Now, building offensive and defensive security in one self-learning system at CodeAnt AI.
Chinmay Bharti
Chinmay Bharti
Twitter account
 
Founder
Chinmay Bharti, Co-Founder and CTO, CodeAnt AI, architected the engine behind the 100+ CVEs CodeAnt AI disclosed. Previously worked in HFTs. IIT Bombay, Electrical Engineering. Now building offensive and defensive security in one self-learning system at CodeAnt AI.
Latest News
Company Launches
CodeAnt AI - Autonomous offensive and defensive security
See original launch post

What we do

CodeAnt AI attacks your systems the way a real adversary would, then it walks back into your code and helps you build the defenses exactly where the attack got through.

Continuous attack. Continuous defense. One self-learning platform.

uploaded image



Trigger a free pentest No engagement fee. Pay only if we find high or critical issues; low and medium issues are free.

Why us

We've run pentests for 200+ companies. Almost everyone had exposed PII, PHI, payment records, patient files, or critical data leaks.

We've also disclosed 100+ zero-day CVEs, affecting 1.85B+ monthly downloads, including pac4j-jwt auth bypass at CVSS 10.0 and simple-git RCE at CVSS 9.8.

Why now

90% of modern software is embarrassingly easy to breach.

Attackers got AI. A human pentester gets 2 weeks and a scope doc. An AI adversary gets unlimited patience and parallelism, and it'll chain a forgotten subdomain to a leaked credential to a misconfigured auth API until the data is out.

Your defenses? Still fighting the last war.

SAST & SCA tools surface 10,000 findings. The 50 that matter are buried. Pentest firms show up once a year. File a PDF and leave. You fly blind the other 363 days.

uploaded image

How do we close it

CodeAnt lives at every layer where code is written: CLI, IDE, PR, CI/CD. Then it takes what it learned and attacks.

What you get

  • Blackbox 500+ exploit agents (BOLA, IDOR, SSRF, auth bypass, etc)
  • Whitebox AI SAST, SCA, SBOMs, malware, business logics, etc.
  • Graybox Black-box + white-box fused, the full kill chain.
  • Evidence SOC 2, HIPAA, ISO compliant reports

Start your free pentest here or schedule a scoping call

Previous Launches

CodeAnt AI - Engineering metrics that show real developer impact. Deeper insights than LinearB.

Get full visibility into what every developer builds, fixes, and improves.

CodeAnt AI: AI Code Reviewer

Helping engineering teams cut code review time and bugs by over 50%.
YC Photos
Jobs at CodeAnt AI
View all jobs
Founding Business Development Representative
San Francisco, CA, US
$120K - $220K
1+ years
Apply Now ›
Founding Account Executive (Full-Cycle GTM)
San Francisco, CA, US
$145K - $200K
0.25% - 0.75%
1+ years
Apply Now ›
CodeAnt AI
CodeAnt AI
Founded:2023
Batch:Winter 2024
Team Size:25
Status:
Active
Location:San Francisco
Primary Partner:Tom Blomfield
 
X (Twitter) logo