Gitar Emerges From Stealth With $9M to Use AI Agents to Secure AI-Generated Code

Security startup Gitar has emerged from stealth with $9 million in funding to address what the company is characterizing as a structural security risk created by the widespread adoption of AI code generation: the code that AI tools produce at scale is being reviewed and deployed faster than human security engineers can audit it, creating an expanding attack surface that traditional security tooling was not designed to handle.

The Problem Gitar Is Solving

AI code generation tools including GitHub Copilot, Cursor, and Claude Code have dramatically accelerated the rate at which developers produce and commit code. Security research has documented a consistent pattern in this acceleration: AI-generated code frequently introduces security vulnerabilities at higher rates than experienced human developers writing the same functionality from scratch, and it tends to reproduce vulnerability patterns at scale — the same mistake appearing across thousands of files because the model consistently produces it in that context. Human security review processes, which were calibrated for human-pace code production, have not scaled commensurately. Gitar's thesis is that the appropriate solution is AI-powered security review that can operate at the same velocity as AI-powered code generation.

How the Product Works

Gitar deploys agents that integrate into CI/CD pipelines and operate on the code diff produced by each commit, specifically looking for vulnerability patterns that are characteristic of AI-generated code rather than the broader vulnerability taxonomy that traditional SAST tools target. The company's approach involves training on large datasets of AI-generated vulnerable code to develop detection models that are specifically calibrated to the failure modes of the major code generation systems — a form of counter-intelligence applied to AI output. The agents produce actionable remediation suggestions alongside their vulnerability reports, designed to be applied without requiring deep security expertise from the developer receiving the feedback.

The Market Opportunity

The $9 million seed round, details of which TechCrunch did not fully disclose, suggests investors see Gitar as an early entrant in what could become a significant security subcategory. The underlying dynamic driving demand — AI tools generating code faster than humans can audit it — is not going to reverse. Every organization that is using AI coding tools is accumulating AI-generated code debt, and the security implications of that accumulation are only beginning to be understood at the enterprise level. Gitar's challenge will be proving that its AI-specific vulnerability detection is materially better than the general-purpose security scanning tools (Snyk, Semgrep, Veracode) that are already embedded in enterprise development workflows, and doing so before those incumbents train their own models on AI-generated vulnerability patterns.