Always on.
Never in the way.
It’s time to move beyond reactive vulnerability-chasing.
Today, we’re excited to launch Clover Security with $36 million to redefine product security for the AI era.
Let’s be honest: it’s become completely impossible to keep up with the progress of AI and how it transforms software development. Every time we think we have a handle on what’s going on, OpenAI or Anthropic releases another model, capability, or way of building apps.
What started with basic code-completion capabilities has now evolved into autonomous agents that act on behalf of developers, generating code and features at an unimaginable speed. But architecture itself is also getting more complex. New AI patterns like RAG, agents, and MCPs are being pushed into existing products before security guardrails and policies are even set. And if that’s not enough, HR and Marketing teams are now spinning up entire products in hours. Everyone has become a builder, and that reality is here to stay.
What this means for security
This new era brings extraordinary innovation but also unprecedented risk. Engineering capacity is multiplying through AI while security capacity has remained largely fixed, and the gap is only widening. When AI agents can generate entire features in seconds, the old reactive security model simply can’t keep pace.
For the past decade, we tried to solve software security by looking for better ways to do reactive scanning. Scanning more, scanning earlier, scanning smarter... “Focus on what matters most”, they said. In theory, it sounded like progress. In practice, we’ve been incrementally optimizing a flawed approach. SAST, SCA, DAST, secret scanners, ASPMs, CSPMs, runtime scanners, reachability, prioritization, and remediation, AI-powered AppSec, agentic AppSec. Different names, different roles - all different flavors of the same reactive pattern. All focused on detecting issues after implementation had been completed and developers had moved on to the next task. We’ve been adding smarter fire alarms to a straw house that keeps catching fire instead of rebuilding with fire-resistant materials.
With AI, it’s even clearer that reactive security is flawed at its core. AI models are continuously improving to the point where they will eventually stop introducing known vulnerabilities altogether. At the same time, AI gradually distances builders from code syntax, intricate implementation details, and focuses their attention on high-level design, specification, and outcome.
In this new world, reactive scanners are simply not enough. Security has to be design-led. It must understand intent, architecture, and system behavior before code exists. Teams don’t need another scanner or a faster workflow. They need a way to eliminate entire classes of issues by addressing them where they start, inside the design process. That’s how security moves at the speed of development, embedded where products begin instead of where they break.
A new design-led mindset
Design-led product security is about making security a natural part of the building process, guiding and collaborating with builders long before implementation begins. Every architectural decision is a potential security decision. Every integration, every data flow, every dependency carries consequences that no tool can “patch out” later. These decisions are being made by developers, product managers, architects, and AI agents - while security teams are not in the room, more often than they are.
Clover was built to live in that creative moment: the earliest conversations, the messy drafts, the evolving diagrams. It was built to bring the security guidance that helps teams reason about security, privacy, and compliance - and influence decision making before those ideas translate into code.
Similar to onboarding a new security team member, Clover’s AI agents start with learning the organization’s context, digging into existing documents and code bases, observing how teams build, and continuously learning from feedback. Finally, they can naturally extend the security team and help them scale manual activities like design reviews, architecture reviews, threat modeling, and more - in ways that were simply not possible before.
Scaling product security with context
We believe security should scale at the speed of innovation. That means:
Starting with context. Understanding architecture, intent, and system behavior before anything is built, so security becomes part of the design conversation, not the post-mortem.
Meeting builders where they are. Inside the tools where ideas are captured, designs evolve, and code takes shape, including Confluence, Jira, GitHub, Cursor, and Slack.
Designed for scale. Scaling secure design means operating in complex enterprise environments, with varying technologies, processes, and cultures.
These are the design principles that guide every feature and use case we build at Clover. They didn’t come out of creative brainstorming sessions, but from hard lessons our team learned over the past decade building application and cloud security solutions at places like Microsoft, Checkmarx, and Dazz (acquired by Wiz).
We learned through hard lessons that product security cannot be reactive. It must be proactive.
It’s become clear to us: good product security is when builders don’t feel you slow them down. Great product security is when builders want to pull you into the room, not because they have to, but because you make their product better.
Looking ahead
We’re proud to see Clover powering teams that are building some of the most advanced products in the world - across financial services, enterprise software, and consumer applications. Our mission is simple but transformative: make software products secure by nature.
As AI reshapes how software is built, we’re redefining how it is secured. Because in the AI era, the most powerful way to make products secure isn’t to react faster, it’s to design smarter.