Companies’ rapid embrace of artificial intelligence tools to write software is driving demand for systems to ensure the code these tools produce is not riddled with bugs and security flaws.
Start-up Antithesis on Wednesday announced a $105mn funding round led by trading firm Jane Street, the latest in a series of software testing and security groups to raise capital this year.
Will Wilson, Antithesis’ co-founder and chief executive, said “everybody adopting AI coding tools . . . will produce a huge volume of software . . . and put current approaches to software testing and software validation under enormous strain”.
Jane Street’s investment highlights how users of “vibe coding” tools — which write software with little to no human oversight — are increasingly concerned about costly errors that could be lurking in the AI-generated code.
“It’s not a coincidence that Jane Street is a massive user of AI coding,” Wilson added.
The quantitative trading firm uses custom software to make lucrative bets across financial markets. It is among Antithesis’ largest customers and requested to lead the round, according to the companies.
Jane Street also holds stakes in AI groups Anthropic and Thinking Machines Lab. Doug Patti, a software engineer at the firm, said Antithesis’ technology “has helped [Jane Street] uncover issues that no other testing method could find”.
Tech groups from Microsoft, Google and Nvidia to Coinbase and Klarna have led adoption of AI tools such as Anthropic’s Claude Code, Anysphere’s Cursor and Lovable over the past year, claiming they have supercharged their developers’ productivity.
A recent Gartner survey of software engineers found that almost two-thirds of organisations were using AI coding assistants in some form.
AI coding start-ups have raised billions of dollars as investors back them as a leading practical application of AI for businesses. Anysphere’s valuation has shot up from $2.5bn at the start of 2025 to $29bn last month, making it one of the fastest-growing start-ups of all time.
Start-ups such as Antithesis, which promise to vet this AI-generated software, are now attracting investment too.
In May, New York-based OX Security raised $60mn from investors including Microsoft and IBM Ventures to scale up its “VibeSec” security testing system. Palo Alto-based Endor Labs raised $93mn in April after releasing a tool used by companies — including OpenAI — to test for bugs and suggest or make fixes.
Antithesis tests software by creating a simulation of a company’s IT system and exposing the new code to automated user behaviour that would take months to test in the real world.
Gartner predicts that the US application security testing market will grow to $5.1bn this year, up from $3.4bn in 2023, as some studies show code written by AI systems is prone to errors.
“The problems with vibe coding stem from the sheer volume of code they produce,” said Michael Fertik, an early investor in Anysphere who also runs Modelcode.ai, a start-up that uses generative AI to rewrite ageing applications. “AI produces 10,000 times more code than any given human per year, so the risks are amplified and multiplied.”
That challenge is greater when AI coding is used in the labyrinthine IT systems upon which many large companies rely, where small changes can trigger an unforeseen cascade of problems.
Testing of dozens of advanced AI models across 80 coding tasks by Veracode, which makes application security tools, found that almost half of AI-generated software contained security flaws.
Another study published in the journal Empirical Software Engineering in December 2024 found vulnerabilities in at least half of programmes generated by the AI models from OpenAI, Google and Meta available at that time.
“While [large language models] can be useful for automating simple tasks . . . directly including such codes in production software without oversight from experienced software engineers is irresponsible and should be avoided,” researchers wrote in the paper.
AI programming systems continue to improve, but even early advocates have begun to sound the alarm over the reliability of these systems.
Andrej Karpathy, the influential former OpenAI and Tesla AI researcher who coined the term “vibe coding” in February, said he believed these AI-based systems were underdelivering on their creators’ promises.
“I kind of feel like the industry is making too big of a jump and is trying to pretend like this is amazing and it’s not. It’s slop,” Karpathy said, using a pejorative term for unhelpful or low-value AI-generated material.
“We’re at this intermediate stage,” he told the Dwarkesh Podcast in October. “The models are amazing [but] they still need a lot of work.”
Antithesis’ Wilson compared the AI coding boom to the offshore outsourcing trend of the 1990s and early 2000s, when early enthusiasm for shifting software development to locations with lower salaries was undermined by “the cost of telling whether the software that you received does exactly what you wanted it to do.”
Josh Albrecht, co-founder of Imbue, which offers a tool that coordinates coding assistants, said that if used correctly AI systems could “write much more robust code than in the past”.
“The problem comes where someone doing this doesn’t really understand software engineering. That’s where you get the security vulnerabilities,” he said.
AI coding providers are starting to tackle the problem themselves. Anthropic in August added automated security reviews to Claude Code.
Some in the industry see much of the revenue from securing AI-generated software ultimately flowing back to companies such as Anthropic, OpenAI and Google that develop the foundation models upon which vibe-coding tools are built.
“Vulnerabilities are happening faster thanks to AI, and we are selling software to squash those vulnerabilities faster thanks to AI,” said Dipto Chakravarty, chief product and technology officer at Black Duck, an application security company.