hiretop

Veria Labs: Automating Security for High-Stakes Industries

Ksenia Yevtushenko -

Veria Labs is a cybersecurity startup founded in 2025 in San Francisco, emerging from the Fall 2025 batch of Y Combinator. With a team of three highly accomplished founders—Cayden Liao, Jayden Sarveshkumar, and Stephen Xu—the company is reshaping how organizations think about security testing.

The core of Veria Labs’ mission is deceptively simple but profoundly ambitious: build AI agents that hack better than the best human hackers. By creating automated penetration testing tools powered by large language models (LLMs) and advanced algorithms, the company is addressing one of the most persistent and costly problems in software development—keeping up with evolving security vulnerabilities.

In industries where failure is not an option—fintech, healthcare, crypto, and high-value SaaS applications—traditional pentesting approaches are simply too slow, too expensive, and too shallow. Veria Labs offers a new paradigm: continuous, automated, and intelligent security testing that scales at the pace of modern development.

Why is traditional penetration testing broken?

For decades, penetration testing has followed the same formula: bring in external consultants, scope a handful of application features, run tests for one to two weeks, and deliver a report. On paper, this satisfies compliance requirements. In practice, it leaves massive blind spots.

The challenges with traditional pentesting are structural:

  • Slow results: Reports often take weeks to finalize, and by the time companies receive them, the codebase has already changed dozens of times.
  • High cost: Engagements typically range from $15,000 to $30,000, making continuous testing impractical for most organizations.
  • Limited coverage: Human pentesters cannot exhaustively explore an entire system in two weeks. Background jobs, admin panels, and internal APIs are rarely tested.
  • Shallow depth: Even within the scope, human testers focus on obvious issues like SQL injections and XSS. Complex, multi-step vulnerabilities that require time and persistence often go undetected.

These inefficiencies are not hypothetical—they are real risks. One in five companies does not test their software for vulnerabilities at all, leaving themselves exposed to catastrophic breaches.

Veria Labs believes that modern development environments, where high-performing teams ship code multiple times per day, demand a security solution that is equally fast and continuous.

How does Veria Labs’ AI-native solution work?

Instead of relying on human consultants bound by time and cost constraints, Veria Labs deploys autonomous AI agents that continuously test a company’s codebase. The results are delivered regularly—every Monday morning, for example—ensuring that security is baked into the development cycle rather than treated as an afterthought.

Key differentiators include:

  1. Exhaustive exploration: Unlike human testers, AI agents are not constrained by hours or billing rates. They can explore every code path, edge case, and potential attack chain.
  2. Actionable findings: Instead of overwhelming developers with false positives, the AI agents exploit vulnerabilities to prove they are real and impactful.
  3. Business-logic awareness: The agents learn the unique architecture and data flows of a company’s codebase, enabling them to identify deep, logic-based flaws that static analysis tools cannot.
  4. Exploit chaining: While traditional tools might flag low-severity issues individually, Veria Labs’ agents can chain these findings into high-impact exploits, replicating the creativity of human hackers.

The result is a system that is not only faster and cheaper than human pentesters but also more accurate and thorough than existing static analysis tools like Semgrep or Snyk.

Who are the founders behind Veria Labs?

Veria Labs is led by three founders with remarkable backgrounds in competitive hacking and offensive security:

  • Cayden Liao: With deep experience in Web3 security, Cayden specialized in fuzzers for crypto and zero-knowledge protocols. He is also a recruited college swimmer and a member of the #1 Capture the Flag (CTF) hacking team in the United States.
  • Jayden Sarveshkumar: An expert in web exploitation and also a member of the #1 US CTF team, Jayden previously bootstrapped a side project to $8,000 MRR before co-founding Veria Labs.
  • Stephen Xu: Formerly in offensive security at TikTok, Stephen also contributed to computational physics research before focusing on cybersecurity. Like his co-founders, he has competitive hacking credentials at the highest level.

Together, the trio brings unmatched credibility. Their backgrounds prove not only their technical depth but also their ability to find critical vulnerabilities in real-world, high-stakes environments, from billion-dollar crypto exchanges to widely used AI platforms.

What problem does Veria Labs specifically solve for modern development teams?

The core issue is that most development teams treat security as a periodic checkbox exercise, while codebases evolve daily. In environments like fintech, healthcare, and crypto, this mismatch creates unacceptable levels of risk.

Compliance frameworks like PCI DSS, HIPAA, and SOC 2 mandate testing at certain intervals—annual, biannual, or before product launches. But these tests fail to account for the continuous evolution of code. Every new feature, every refactor, and every deployment introduces new potential vulnerabilities.

Veria Labs flips this model on its head. Instead of once-a-year assessments, companies get ongoing penetration testing as part of their development lifecycle. This enables:

  • Real-time security feedback: Developers no longer wait weeks for outdated results.
  • Cost efficiency: Automated systems dramatically reduce the expense of continuous testing.
  • Stronger defenses: Deeper, broader, and more frequent assessments mean fewer blind spots.

For teams deploying multiple times per day, continuous automated pentesting is not just an upgrade—it’s a necessity.

How does Veria Labs compare to existing security tools?

Security tools typically fall into two categories: human pentesting and static analysis. Both approaches have critical shortcomings.

  • Compared to human pentesters: Veria Labs is faster, more thorough, and significantly cheaper. While humans are constrained by time and cost, AI agents run continuously and can explore a codebase exhaustively.
  • Compared to SAST tools (like Semgrep or Snyk): Static analysis tools flag possible vulnerabilities but cannot prove exploitability. This leads to false positives and wasted developer time. Veria Labs’ AI agents, on the other hand, actively exploit vulnerabilities, adapt to business logic, and deliver results with high confidence.

The company positions itself as the best of both worlds: the thoroughness of human pentesters combined with the automation and scalability of static analysis tools, but without their limitations.

Why is Veria Labs uniquely positioned to succeed?

Several factors give Veria Labs a strong competitive edge:

  1. Founders with elite hacking credentials: As members of the #1 US CTF team, the founders bring firsthand expertise in finding vulnerabilities others miss.
  2. Proven track record: They have already discovered critical bugs in AI tools, operating systems, fintech apps, and crypto exchanges.
  3. AI-first approach: While other companies attempt to retrofit AI into existing tools, Veria Labs builds from the ground up with an AI-native model.
  4. Market demand: With increasing regulatory requirements and frequent high-profile breaches, the need for continuous, affordable, and effective security solutions is greater than ever.

What industries stand to benefit the most from Veria Labs?

While every modern software company can benefit from continuous pentesting, certain industries face especially high stakes:

  • Financial technology: Fintech apps deal with sensitive financial data, making them prime targets for attackers. Continuous testing helps safeguard customer trust.
  • Healthcare: HIPAA compliance requires regular assessments, but patient safety and data privacy demand more frequent and thorough security validation.
  • Cryptocurrency and Web3: With billions of dollars at stake in smart contracts and exchanges, even minor vulnerabilities can have devastating consequences.
  • AI and SaaS platforms: As businesses increasingly adopt AI tools, securing them against novel attack vectors becomes critical.

By addressing these industries directly, Veria Labs not only helps prevent financial and reputational losses but also positions itself at the center of markets where security is non-negotiable.

What is the vision for the future of Veria Labs?

Veria Labs envisions a world where security testing is no longer episodic but continuous, where vulnerabilities are caught before they are exploited, and where automated agents outperform human hackers in both speed and sophistication.

In this future, security becomes a proactive, ongoing discipline rather than a reactive checklist. By embedding continuous pentesting into development lifecycles, Veria Labs aims to make software safer for businesses and end-users alike.

The founders believe that as AI agents become more capable, they will surpass not only static analysis tools but also the best human hackers. By automating what was once the domain of elite specialists, Veria Labs democratizes access to world-class security.