Get started p0 named after catastrophic events that can cause a platform to crash, leading to potential security breaches and loss of customer trust in businesses. These are the problems p0 was built to solve, using large language models to help developers spot serious problems in code before it ships. The startup announced today that it has raised $6.5 million from Lightspeed Venture Partners, with participation from Alchemy Ventures.
p0 uses large language models to detect security and safety issues in software before it is run in a production environment and requires no user configuration. The software issues it addresses include data integrity, validation failures, speed, and timeouts. Developers use it by linking their Git repositories to p0. One of p0’s main customers is a large food service company with millions of live users on their system. They use p0 to find issues that can compromise the security and reliability of their platform. For example, p0 showed them that their sign-up sheets couldn’t handle emojis.
p0 was founded in 2022 by Prakash Sanker, who previously worked at companies such as Palantir, and Kunal Agarwal, founder of Softbank-backed venture capital startup C2FO. p0 to “fundamentally change the way code quality assurance is done,” Sanker tells TechCrunch.
“When building software at our previous companies, we always felt that getting something into production was painful, usually involving a really tedious and time-consuming bug bash process,” he says. “Our developers were always balancing the demands of shipping products or spending time writing tests.”
Sanker and Agarwal set out to create a one-click tool that could identify p0s before they affect customers while shortening software delivery cycles. Sanker says that quality assurance tools currently used by developers, which typically focus on static analysis, security analysis, test writing, or test execution, are less expensive and require a lot of dedication and ingenuity to discover p0 .
p0’s founders say they are able to be part of the growth process without slowing it down because it revolves around LLMs.
Agarwal explains that businesses traditionally do security testing with a black-box approach, meaning external white-hat hackers or security systems try to attack their systems without deep system knowledge. Or internal programmers who are very familiar with the system try to attack it. “Usually, it was very difficult to know the internals of systems just by looking at the code from the outside,” he said.
p0 uses LLM to understand its customers’ codebases and create contextual challenges that have the potential to exploit vulnerabilities. For example, it can detect an API vulnerability that can give away personal information when hit with a specific data payload.
“Without LLMs it would be impossible to create a contextual challenge,” says Agarwal. “This is critical because understanding the context empowers the system with intelligence, and posing a relevant challenge allows us to reduce the noise.”
The company’s engine is currently powered by open source LLMs including Llama and Mistral. p0 extracts the relevant parts of a client’s codebase and integrates it with the right framework and query for their LLM engine to respond to,” explains Agarwal. It then examines these responses and makes them human-readable. As p0 develops, it plans to improve its model weights. For corporate clients, LLMs are hosted in their environment for information security purposes.
Agarwal says hallucinations aren’t a challenge for the startup because he doesn’t write code. Instead, it creates challenges and can detect challenges created by hallucinations.
p0 started from stealth and is monetizing thanks to its first customer (the global food service provider). Sanker says it has 50 customers that will sign up in 2024 and monetize through a SaaS model. In the future, he wants to include stage environments as an offering.
Other plans include expanding p0’s ability to find different types of critical issues and supporting more languages. The founders also want to get rid of the need for a client-hosted staging environment and turn p0 into an end-to-end solution.
In an investor statement, Lightspeed partner Hemant Mohapatra said: “p0’s cutting-edge approach to code and API security is unique and among the first to solve this age-old and ever-evolving problem. We are excited to have incubated and supported them since this was just an idea on paper.”
