Tesla hacker Yoni Ramon brings Pi out of stealth with $35M for AI security

Why it matters

Pi is part of a broader shift from AI that detects security issues to AI that tries to prioritize and fix them. The hard part is not the model demo, but earning access to the code, tickets and incident history that make the agent useful.

Yoni Ramon and Guy Arazi launched Pi from stealth Wednesday with $35 million in funding for an AI security agent that reads a customer's code, policies, incidents and internal communications to decide which vulnerabilities deserve attention first, Forbes reported.

Pi is valued at $100 million as it comes out of stealth, according to Forbes. The round was led by Brightmind Partners and Third Point Ventures, with individual backing from CrowdStrike CEO George Kurtz and Armis cofounders Yevgeny Dibrov (@yevgeny) and Nadir Izrael. Forbes said ServiceNow acquired Armis in 2025 for $7.75 billion.

The investor list is part of the signal. Pi is not selling a generic AI wrapper for security alerts. Ramon spent six years leading Tesla's in-house hacking team, where Forbes said he broke into vehicles, robots and solar products to find flaws before attackers did. Elon Musk later brought Ramon in to secure X data during Musk's acquisition of Twitter, according to Forbes. Arazi, Pi's CEO, is an ex-Microsoft senior security researcher. That gives Pi a founder story security buyers understand: practitioners who have lived inside large engineering organizations, not outsiders pitching automation from the edge.

The product is a memory system for security teams

Pi calls its product a "security brain." The pitch is that Pi's agent ingests previous incidents, company security policies, code, tickets, Slack, email and other internal context, then uses that map to prioritize and propose fixes. Ramon told Forbes that Pi tries to understand "the ins and outs of your code, your infrastructure, and how you actually build software and products."

That matters because vulnerability management has long had a prioritization problem. Large engineering teams are not short of scanners. They are short of confidence about which finding is exploitable, which service owner should fix it, whether a proposed patch matches local engineering practice and whether the same mistake has already happened elsewhere in the organization.

Ramon claims Pi can process that customer context within a couple of hours, regardless of customer size. Treat that as Pi's performance claim, not an independently benchmarked number. The more verifiable customer evidence in the Forbes story comes from Mark Carter, chief information security officer at travel and expense platform Navan, who worked with Ramon at Tesla in the late 2010s. Carter told Forbes that Pi investigates and proposes fixes for 90% of bugs reported to his security team, and said some fixes can move from discovery to merge in minutes. He estimated Pi saves him "at least one or two full-time head counts."

That is the commercial wedge: not finding more problems, but converting security work into engineering throughput. Arazi framed it to Forbes as speed and institutional memory: "We help companies to secure their software as fast as they build it... The idea is not to make the same mistakes over and over."

xAI gives the launch its sharper edge

Forbes, citing people familiar with Pi's early customers, reported that Pi is working to secure xAI (@xai), Musk's AI company behind Grok and the Colossus compute cluster. The xAI customer relationship was reported through unnamed sources, not directly confirmed in the materials reviewed.

The xAI detail is still important because it explains why Pi is launching into a market already crowded with AI security claims. AI labs are compressing software release cycles, infrastructure buildouts and model integrations into shorter windows. The security bottleneck is no longer just whether a scanner can identify a bug. It is whether a security team can understand enough product, infrastructure and code context to decide what to fix before the next deployment.

Pi's bet is that an agent with deep internal memory can become the missing operator in that workflow. That is also the risk. To work, Pi needs access to exactly the sensitive material many security teams are reluctant to centralize inside a new vendor: code, incident history, policies and communications. The product's advantage and buyer hesitation come from the same place.

The AI security category is filling fast

Pi is entering a category where funding has already moved ahead of proof. Forbes compared Pi with Depthfirst, another AI cybersecurity company building models to find and patch vulnerabilities, which Forbes said has reached a $580 million valuation with $120 million in funding.

RuntimeWire reported in May that Ocean launched from stealth with $28 million to protect enterprises from AI-powered email attacks. Pi sits on the application and infrastructure side of the same broader move: security founders are using agentic AI to attack the parts of security operations that have remained labor-heavy, repetitive and dependent on scarce senior judgment.

The unanswered parts of Pi's launch are the ones buyers will care about after the demo: how Pi handles data isolation, how often its proposed fixes are safe to merge without human revision, what systems it connects to in production, and whether its Navan results hold across companies with messier code ownership and incident histories.

For now, the $35 million round buys Ramon and Arazi room to prove that Pi's context-heavy approach can do what most security automation has not: remove work from the queue without creating a new review burden somewhere else.