Startup Gitar Exits Stealth with $9M: AI Agents Secure Code Written by Other AI

Gitar startup has emerged from stealth and announced $9 million in funding. The company is developing an AI-agent-based security platform that checks code—especially code written by other AI systems. The problem Gitar solves emerged as a direct consequence of the AI code generation boom.

Tools like GitHub Copilot, Cursor, and other AI assistants have gone from experiment to standard practice in most engineering teams over the past two years. According to GitHub estimates, by mid-2025 over half of all code on the platform is created with the help of AI assistants. This radically changes development speed, but simultaneously creates a new category of risks: AI systems reproduce unsafe patterns from their training data, introduce logical vulnerabilities, and generate code that looks correct but contains hidden security holes.

And they do this quickly—faster than any reviewer can check. Traditional code protection tools—SAST scanners, linters, static analyzers—were built for a different era. They work by rules: looking for known vulnerability patterns, issuing warnings.

At a moderate development pace this worked reasonably well. Today the volume of code that needs to be checked has grown by an order of magnitude, and the speed of its appearance has long exceeded the capacity of both manual review and classical scanners. Security teams found themselves in a situation where tools physically can't keep up with the pipeline, and false positives force developers to simply ignore warnings.

Gitar proposes a fundamentally different approach: AI agents that check code in real time, embedded in the CI/CD pipeline. The key idea is to use AI against AI. Agents analyze not just individual lines by templates, but understand context: how data is passed between modules, where user input comes from, how authorization is structured, whether there are unsafe dependencies in the call chain.

This approach makes it possible to detect vulnerabilities invisible to static analyzers—those that only manifest in the combination of several components. At the same time, agents don't just signal a problem but offer a fix, reducing the burden on developers. A $9 million round at stealth exit is a significant signal for the DevSecOps market.

First, investors are betting that AI code security is becoming a standalone fast-growing market. Second, a closed round of this size in 2026 almost always means real customers and proven demand exist—during stealth Gitar managed not only to develop the product but also get initial market confirmations. Third, it's a direct challenge to established players—Snyk, Semgrep, Veracode—who built their products before the AI code generation era and are adapting their architecture to new realities more slowly than the market requires.

Gitar's emergence is part of a broader wave of startups building security infrastructure specifically for a world where AI writes most of the code. Companies that bet on code generation for speed now need tools that don't slow down that speed but close vulnerabilities before they reach production. If Gitar can prove that the agent approach produces fewer false positives and requires less manual configuration, the company has all the chances to occupy a significant niche in this fast-growing market.