Code Intelligence, an automated application security testing platform based in Bonn, Germany, that focuses on fuzzing, announced today that it has raised a $12 million Series A funding round led by Tola Capital. Existing investors LBBW, OCCIDENT, Verve Ventures, HTGF and Thomas Dohmke, the CEO of GitHub, also participated in this round, which brings the company’s total funding to about $15.7 million.

The company was co-founded in 2018 by Sergej Dechand, Khaled Yakdan and their former professor at the University of Bonn, Matthew Smith.

Image Credits: Code Intelligence

“Back then, we noticed that fuzzing and some other techniques are super powerful, but outside of the security research community, no one actually used it,” Dechand told me. “We started to collaborate from the university with a few larger enterprise companies to try things out and we had really, really good results. So even though we didn’t want to found a company in the beginning, somehow we had a prototype of a product.” Encouraged by Smith, the team decided to give it a shot and founded a company to develop and commercialize its prototype system. At first, the co-founders continued to work at the university, but in 2019, they decided to work on the service full-time. Now, a few years later, Code Intelligence counts the likes of Bosch, Continental and Deutsche Telekom among its users.

Dechand argued that while there are plenty of open source fuzzing tools, it still takes a very knowledgeable security team to actually implement and use them. With the security teams as the bottlenecks to implementing these tools, Code Intelligence put its focus on bringing its tools directly to the developers. “In the end, they are the ones who are fixing it and know best what kind of error is critical,” said Dechand.

Image Credits: Code Intelligence

Since developers don’t want to look at yet another tool in their development pipeline, Code Intelligence integrates with services like Jenkins, GitHub and GitLab. Thanks to this, developers will not only see how well their code is covered, but Code Intelligence also adds additional pipeline in the continuous integration system that automatically fuzzes the code as a new pull or merge request comes in.

Currently, Code Intelligence offers support for Go, C++, Java and Kotlin, with support for Node.js, JavaScript, .NET and Python coming soon.

Image Credits: Code Intelligence

As of now, Code Intelligence is in closed beta and the company is still working closely with its enterprise customers to onboard new teams. Over time, though, the plan is to automate all of this and launch a self-service platform.

“Code Intelligence is the most advanced automated fuzz testing solution for applications and APIs and is incredibly easy for developers to use in their existing workflows,” said Will Coggins, vice president at Tola Capital. “The potential for this technology to improve how development teams build secure software is enormous.”