Enclave Raises $6M to Find the Security Flaws Hiding in AI-Generated Code

When 60% of a startup’s code is written by AI, who’s checking it for vulnerabilities?

Enclave, a new application security startup, just launched from stealth with $6 million in seed funding at a $33 million valuation to answer that question. The round was led by 8VC, with an investor roster that reads like a who’s-who of tech: Stripe cofounder Patrick Collison, Salesforce CEO Marc Benioff, Box CEO Aaron Levie, and Yelp CEO Jeremy Stoppelman.

The thesis is straightforward and urgent: AI coding tools are optimizing for speed, not security — and the resulting vulnerability debt is accumulating faster than any existing tool can catch it.

The Scale of the Problem

The numbers tell the story:

• Microsoft CEO Satya Nadella said last year that up to 30% of the company’s code is written by AI
• Boris Cherny, founder of Claude Code, said this year that “pretty much 100% of our code is written by Claude Code + Opus 4.5” and he hadn’t written a single line of code in two months
• Enclave CEO Tal Hoffman estimates that up to 60% of code across all startups is now AI-generated, projecting 90% within three years

This isn’t a future problem. It’s a current one. AI makes coding dramatically faster — Hoffman says features that would take two weeks can be done in two hours — but that velocity comes with a cost. “Current solutions are optimizing for quantity, not for quality,” he told Business Insider.

Why Last-Gen Tools Don’t Cut It

8VC’s perspective is shaped by a unique vantage point. The firm invested in Cognition, the company behind AI coding agent Devin, giving it a front-row seat to how quickly AI-generated software is spreading through enterprises.

“As a result of that, we’ve seen a lot of AI code generation both in our companies and in large enterprises,” said 8VC’s Vivek Gopalan. “The last-gen tools are not going to cut it.”

The existing application security market — anchored by companies like Snyk, Checkmarx, and Semgrep — is built around scanning for known vulnerability patterns. These tools work by matching code against databases of previously identified issues.

The problem with AI-generated code is different. AI doesn’t just introduce known vulnerability patterns; it creates novel, contextually embedded flaws that require understanding how entire systems behave, not just what individual lines of code look like.

Enclave’s approach is to build “deep knowledge into how your systems behave” so it can identify where vulnerabilities are likely to emerge, rather than just scanning for signatures.

Unit 8200 DNA

Enclave was founded by CEO Tal Hoffman, CTO Dvir Segev, and CPO Yanir Tsarimi, who previously worked together in application security. Hoffman and Tsarimi met while serving in Israel’s Unit 8200, the military intelligence unit that has produced founders of Check Point, Palo Alto Networks, CyberArk, and Wiz (the same Wiz that Google Cloud acquired for $32 billion).

The Unit 8200 pipeline continues to shape the cybersecurity industry. These founders bring offensive security mindsets — thinking about how systems break, not just how they’re built — which is exactly the perspective needed when AI is generating code at inhuman speed.

The Broader AI Code Security Wave

Enclave’s launch fits into a larger pattern we’ve been tracking:

• DryRun Security found that 87% of AI-agent PRs had security bugs — a wake-up call for any team running automated coding agents
• Amazon ordered a 90-day code safety reset after AI-assisted coding caused millions in lost orders
• OWASP published its Top 10 for Agentic Applications, creating a standardized framework for understanding agent security risks
• The “Agentic Defender Stack” saw $250 million across five funding rounds in a single week (March 17–20), including Xbow ($120M), RunSybil ($40M), Surf AI ($57M), Corridor ($25M), and Manifold ($8M)

The investment community has clearly concluded that the security toolchain for AI-generated code needs to be rebuilt from scratch, not incrementally upgraded.

What This Means for OpenClaw Users

If you’re using OpenClaw to orchestrate coding agents — whether Claude Code, Codex, or any other — Enclave’s thesis should resonate:

Your agent writes code fast. Who reviews it for security? Most OpenClaw users running coding agents focus on functionality: does it work, does it pass tests. But AI-generated code introduces vulnerability patterns that traditional linters and CI checks won’t catch. Consider adding security-focused review steps to your agent workflows.

The approval flow matters. OpenClaw’s approval mechanisms — requiring human sign-off before executing commands or committing code — are more important than ever. Speed without review is speed toward technical debt.

Diversify your security toolchain. Don’t rely on a single scanner. Tools like Snyk catch known patterns; emerging tools like Enclave aim to catch the novel ones. Layer them.

Track what your agents wrote. As code authorship shifts from human to AI, maintaining attribution becomes a security practice, not just a project management one. Know which code was AI-generated so you can prioritize it for deeper review.

The $33 Million Question

At a $33 million valuation for a pre-revenue stealth startup, Enclave’s seed round reflects both the urgency of the problem and the strength of the founding team. The investor roster — Collison, Benioff, Levie, Stoppelman — aren’t passive check-writers. These are operators who see AI-generated code proliferating across their own companies and platforms.

The question isn’t whether AI code security needs new tools. It’s whether Enclave can build the systems-level understanding of code behavior fast enough to stay ahead of AI’s accelerating output.

With 90% AI-generated code projected within three years, the window for building these defenses is narrowing fast.