Hex Security

Hex Security

Agentic Offensive Security at Scale

Winter 2026ActiveB2BSecurityReinforcement LearningCybersecuritySan Francisco, CA, USA
Company
https://hex.co
Hex Security builds AI agents that run continuous penetration tests against your apps and infrastructure. Instead of a once-a-year penetration test, Hex Security's agents works 24/7 to find and verify critical vulnerabilities so you can prevent them before attackers.

Verdict

High Signal
Market Opportunity
Continuous automated pentesting is a massive B2B security market — the penetration testing market alone is $1.7B+ and growing fast, with compliance mandates (SOC2, PCI-DSS, HIPAA) driving demand across finance, healthcare, and tech. The shift from annual manual pentests to continuous AI-driven testing is a clear secular trend. ICP is well-defined: security teams at companies that need continuous assurance rather than point-in-time audits.
Medium Signal
Founder Signal
Huzaifa Ahmad (UC Berkeley CS 2025 grad) had internships at AWS and a full-time role at PlayAI (acquired by Meta), plus side projects with real scale like Talently. Ahmad Khan is still enrolled at Waterloo (graduating 2027), making him essentially a current undergrad, though he had a notable OpenAI internship and robotics work at OpenMind. Prama Yudhistira is also a current Georgia Tech student (graduating May 2026) with solid internships at AMD and Codegen (acquired by ClickUp). Team is young with limited senior experience but all three are technical and have shipped real software.
Low Signal
Competition
The automated pentesting space is crowded: Synack, Cobalt, Pentera, NodeZero (Horizon3.ai), and Detectify all offer automated or hybrid pentest platforms with significant market presence and funding. Larger players like CrowdStrike and Palo Alto Networks are also pushing into continuous security validation. Hex needs a strong technical differentiator beyond 'AI agents' to stand out, which isn't evident yet from available data.
Low Signal
Product
Website is essentially a landing page with only a tagline and 'Book a call' CTA — no demo, no pricing, no API docs, no named customer logos. The LinkedIn post claims $3B in prevented damages and $250K+ in bug bounties, which is a compelling narrative but unverified and not substantiated on the website or in any press coverage.
OverallC Tier

Hex Security is attacking a real, large market with a credible thesis — continuous AI-driven pentesting is genuinely needed and compliance-driven demand is strong. However, the team is very young (two founders still in undergrad, one fresh grad), the website is pure vaporware with no visible product, and the competitive landscape is brutal with well-funded incumbents like Pentera and NodeZero already doing autonomous pentesting. The $250K bug bounty claim is interesting traction if real, but it's unverified and not customer revenue. They need to close paying enterprise customers and show differentiation against Pentera/NodeZero fast to be credible.

Active Founders

Huzaifa Ahmad
Huzaifa Ahmad
Founder

Co-Founder, Hex Security. Previously, I built software at companies like PlayAI, AWS, and Capital One. On the side, I built consumer apps that reached millions of downloads. But I've always loved breaking things just as much as building them. In college, I reverse engineered every major ATS platform and built Talently, a tool that sent over 200K job applications. Now we build AI that hacks before attackers do.

Ahmad Khan
Ahmad Khan
Founder

Co-Founder, Hex Security. Previously, I was building robots that learned from each other by sharing skills on-chain, and researching World Models that give robots complete environmental understanding. Our robot became the first in history to ring the NASDAQ bell. I studied Math at University of Waterloo.

Prama Yudhistira
Prama Yudhistira
Founder

Co-Founder @ Hex Security At Codegen, I built asynchronous coding agents that improved the workflow of developers, and even got non-developers writing production software. At AMD, I built infrastructure for MI300 GPU firmware testing. I competed internationally in piano, winning multiple competitions and performing with orchestras like the Qatar Philharmonic Orchestra.

Hex Security
Hex Security
TierC Tier
BatchWinter 2026
Team Size3
StatusActive
LocationSan Francisco, CA, USA