p0 uses LLMs to save enterprises from code catastrophes
Startup p0 is named after catastrophic events that can cause a platform to crash, leading to potential security breaches and loss of customer trust in businesses. Those are the problems that p0 was created to solve, using large language models (LLMs) to help developers catch serious issues in code before it is shipped. The startup announced today it has raised $6.5 million from Lightspeed Venture Partners, with participation from Alchemy Ventures.
p0 uses LLMs to identify safety and security issues in software before it is run in a production environment, and it does not need user configuration. Software issues it addresses include data integrity, validation failures, speed and timeouts. Developers use it by connecting their Git code repositories to p0. One of p0’s main customers is a large food service company with millions of live users on its system. They use p0 to find issues that can compromise the security and reliability of their platform. For example, p0 showed them that their sign-up sheets could’t handle emojis.
The startup was founded in 2022 by Prakash Sanker, who previously worked at companies like Palantir, and Kunal Agarwal, a founder of SoftBank-funded working capital startup C2FO. The company was started to “fundamentally change the manner in which code quality assurance is done,” Sanker told TechCrunch.
“While building software at our previous companies, we always felt that getting something into production was painful, typically involving a really boring and time-consuming bug bash process,” he says. “Our developers were always balancing the demands of shipping product or spending time writing tests.”
Sanker and Agarwal decided to build a one-click tool that could identify p0s before they affect customers, while shortening software delivery cycles. Sanker says the quality assurance tools currently used by developers, which typically focus on static analysis, security analysis, test writing or test execution, are less precise and require a lot of engagement and ingenuity to discover p0s.
p0’s founders say it is able to be part of the development process without slowing it down because it revolves around LLMs.
Agarwal explains that enterprises traditionally do security testing with a black box approach, which means external white hat hackers or security systems try to attack their systems without a deep knowledge of the system. Or internal developers who are very familiar with the system try to attack it. “Typically, it’s been very hard to know the internals of systems just by looking at code externally,” he said.
p0 uses LLMs to understand its customer’s codebases and create contextual challenges that have the potential to exploit vulnerabilities. For example, it can detect an API vulnerability that might give away private information when hit with a specific data payload.
“Without LLMs, it would be impossible to create a contextually relevant challenge,” Agarwal said. “This is critical because understanding context powers the system with intelligence and mounting a relevant challenge enables us to reduce noise.”
The company’s engine is currently powered by open source LLMs, including Llama and Mistral. p0 extracts the relevant parts of a customer’s codebase and embeds it with the right context and query for its LLM engine to respond to, Agarwal explained. Then it examines those responses and makes them readable by humans. As p0 develops, it plans to refine its model weights. For enterprise customers, LLMs are hosted within their environment for information security reasons.
Agarwal says hallucinations aren’t a challenge for the startup, because it doesn’t write code. Instead, it mounts challenges and it can detect challenges created by hallucinations.
p0 has launched from stealth and is revenue generating thanks to its first customer (the global food service provider). Sanker says it has 50 customers in its pipeline who will be onboarded in 2024 and monetizes through a SaaS model. In the future, it wants to include staging environments as an offering.
Other plans include expanding p0’s capability for finding different types of critical issues and supporting more languages. The founders also want to get rid of the need for a customer-hosted staging environment and turn p0 into an end-to-end solution.
In an investor statement, Lightspeed partner Hemant Mohapatra said, “p0’s cutting-edge approach to code and API security is unique and amongst the first ever truly LLM-native ways of solving this age-old and ever-evolving problem. We are excited to have incubated and backed them from when this was just an idea on paper.”