We analyzed 1,140 devtools funding rounds—here's who's writing checks and why
In other places, founder dreams might include sports cars or fancy watches, but here in San Francisco, every devtools founder wants one thing: to be on a bus. Specifically, their logo painted on a Muni line crossing Market Street. If you’re on a Muni, you’ve made it, like Modal, Blacksmith, Posthog, Hex. Another way to announce you’ve arrived: raising a Series B and throwing a party in a penthouse suite downtown. (Are there more parties lately? It seems so.) But fundraising isn’t getting easier, and slapping “AI” on everything is no silver bullet. I analyzed 1,140 deals to find out what actually is.
To help our clients and the broader community, we analyzed 1,140 early-stage funding rounds (after filtering out ~60 non-developer-facing companies from the raw Crunchbase export of 1,206) in developer tools, cybersecurity, and infrastructure from January 2025 through March 2026 using Crunchbase data.
Then we went beyond the numbers and we researched what these companies actually did to grow: the specific product decisions, GTM tactics, and founder moves that got them funded.
We also compiled a list of the most active VCs and investors by category, with specific partner name, so you know exactly who to reach out to based on what you’re building.
This is the second annual Evil Martians developer tools funding report. Last year’s report is here.
Disclaimer: Crunchbase data is incomplete by nature. Some rounds are not reported, some are reported late. Use as directional guidance.
In this report:
- How the funded companies actually grew
- The agentic flywheel: why every layer of the stack is growing at once
- Who should you talk to? The investor map by category
The numbers: $13.5B in 15 months
Category breakdown: 52% of deals involve AI. 50% involve cybersecurity. 22% are both. ~20% are neither—but even the “neither” category is growing because of AI (more on that below).
AI companies raise bigger rounds at every stage after pre-seed:
| Stage | AI (median) | Cybersec-only | Neither |
|---|---|---|---|
| Seed | $5.0M | $4.0M | $3.5M |
| Series A | $16.0M | $13.0M | $12.0M |
| Series B | $60.0M | $30.0M | $35.0M |
How the funded companies actually grew
We researched ~130 companies’ growth stories from founder interviews, podcast appearances, and press coverage. Here’s what we found.
Pattern 1: The viral creation loop
The three fastest-growing companies in the dataset—Lovable ($200M+ ARR), Bolt.new ($40M ARR in 5 months), and Emergent ($50M ARR)—all built AI-powered app creation tools with the same viral mechanic: users create something → share it → viewers become users.
Lovable deferred login until after you’ve already built something (boosting time to first value). Every app displays a “Made with Lovable” button. No sales team until $100M ARR. $1.7M ARR per employee vs. the $275K industry benchmark. Elena Verna (Head of Growth) reframed LLM inference costs as marketing costs rather than margin drains; the free tier IS the growth engine.
Bolt.new launched with a single tweet, no paid marketing. WebContainer technology (7 years in development) runs Node.js in the browser, so users’ own devices provide compute—that’s how the free tier works without killing margins.
A pricing pivot from flat $9/month to token-based tiers led to ~50% of paid users upgrading to higher plans. 67% of users turned out to be non-developers, which is a market they didn’t target but that found them. (Evil Martians built the backend and WebSocket infrastructure that scaled this growth!)
Emergent ran 100-200 pre-launch experiments and produced 500 AI-generated influencer videos per day on TikTok/Instagram and reached $100M ARR in 8 months. 40% of users are small businesses replacing workflows previously managed in spreadsheets and email, saving $50K-$250K of software agency costs. Seed → Series A → Series B (Khosla + SoftBank) in 165 days.
Pattern 2: Open source as sales force
The most reliable path to Series A without elite VC connections: build a genuinely useful open source project, let developers adopt it bottom-up, then monetize enterprise features.
CodeRabbit ($60M Series B, no YC, no top-tier VC): Harjot Gill, a former Nutanix director from Walnut Creek, made one bet: free unlimited AI code reviews for every public repo on GitHub. 100,000+ open source projects became an unpaid distribution army. Developers tried it on OSS, brought it to work. Result: most-installed AI app on GitHub, $15M+ ARR, 8,000 paying customers. Bootstrapped to $3M before taking VC. The timing mattered: as vibe coding tools flood the market with AI-generated code, CodeRabbit positioned as the quality gate.
Unleash ($35M Series B, Oslo, Norway): Ivar and Egil built feature flags as an internal tool at Finn.no and open-sourced it in 2015—running it as an unpaid side project until forming a company in 2020. By the time they monetized, they were already the most popular open source feature flagging solution. NRR 140%, 500+ paying customers, 2x ARR for 3 consecutive years. Being in Oslo became a selling point: EU banks and governments worried about US data sovereignty chose Unleash specifically because it’s European and self-hostable.
SpecterOps ($75M Series B): 1.5M BloodHound Community Edition downloads created the sales pipeline. Pen testers use the free tool to map identity attack paths → they demonstrate the risk to CISOs → CISOs buy BloodHound Enterprise to fix it. The open source tool doesn’t compete with the commercial product—it creates the demand. FedRAMP High authorization and DHS/CISA endorsement closed the government market.
LangChain ($125M Series B): Harrison Chase built the first version in 9 days. Twitter and Discord were the primary channels. Each new LLM/database integration brought that tool’s community to LangChain, an integration flywheel where partners do your distribution. 90M monthly downloads, 110K GitHub stars, 35% of Fortune 500.
The same pattern at smaller scale: Cline (hackathon project → 5M VS Code installs → $32M raise in 18 months where founder Saoud Rizwan had zero VC experience), Better Auth (self-taught Ethiopian developer, built in his bedroom: 25K GitHub stars, 600K weekly npm downloads, third Ethiopian startup ever in YC), SurrealDB (31K stars, grew through 308 SEO comparison blog posts: “vs. Postgres”, “vs. MongoDB”), Trigger.dev (30K developers, pivoted positioning from “background jobs” to “AI agent infrastructure” to unlock Series A), Firecrawl (43K stars, built from the team’s own pain at Mendable), Digger (open source Terraform CI/CD, 4.5K stars and angels include CEOs of Datadog, Sentry, WorkOS, and Resend), Depot (100M builds, documentation as primary acquisition; 95% of users read docs before signup).
Pattern 3: The channel multiplier
Instead of selling to end customers one by one, sell through platforms that give you access to thousands at once.
BlackWall ($49M Series B, Tallinn, Estonia, 65 people): Instead of selling bot protection to individual websites, they embedded a zero-config reverse proxy into hosting providers’ infrastructure. One hosting partnership = thousands of protected sites. That’s how a 65-person Estonian team reached 2.3 million protected websites. The architectural decision: their GateKeeper blocks ~80% of malicious traffic by default with no per-site configuration, so hosting providers offer it as a zero-support value-add.
Cynomi ($37M Series B, Herzliya): 100% channel sales through MSPs, zero direct. The product is a white-labeled vCISO platform that lets a $50/hour MSP technician deliver $300/hour CISO-level services—MSPs are incentivized because it creates a new revenue stream. The clever move: Cynomi’s educational content (vCISO Academy, industry reports) taught MSPs that the vCISO service category existed before selling them the tool. Share of MSPs offering vCISO services tripled from 21% to 67% YoY.
Aikido Security ($60M Series B, Ghent, Belgium): Willem Delbare’s previous company was acquired by Visma, a Nordic conglomerate of dozens of software companies. He converted that acquirer’s network into his distribution channel; 55% of Visma’s portfolio became Aikido launch customers. Then: consolidating 5+ security tools into one with aggressive false-positive filtering gave developers a reason to adopt bottom-up while CISOs signed the PO.
Pattern 4: The “aha moment” demo
In cybersecurity, the sales cycle is notoriously slow. These companies shortened it with demos that create instant urgency.
Adaptive Security ($136M total, Bain Capital): During sales calls, they deepfake the prospect’s own executives, showing a convincing fake video of the CEO requesting a wire transfer. That demo converts. NPS of 94 across 500+ enterprise customers.
Endor Labs ($93M Series B, DFJ Growth): Most AppSec scanners flag every known vulnerability in your dependencies—thousands of alerts, most irrelevant. Endor Labs traces whether the vulnerable code is actually reachable by your application: if your app never calls the vulnerable function, it’s not a real risk. This “reachability analysis” eliminates 80% of alerts in the first POC. That’s the moment the deal closes. 166% NRR, 30x ARR growth in 18 months.
7AI ($130M Series A, Index Ventures): One-week proof-of-value, days-long deployment. The product autonomously investigates security alerts end-to-end; most SOCs take hours per alert, 7AI resolves them in minutes while eliminating 95-99% of false positives. They proved the technology with Fortune 500 design partners (Blackstone, DXC) before building a sales team.
Impart Security ($19.7M total): All three founders came from Signal Sciences (acquired by Fastly for $775M). Their “LLM Firewall” demo: security rules that used to take 18 days to deploy now take 45 minutes. When your founding team built and sold a $775M company in the same space, the POC writes itself.
Reco ($85M total, Zeev Ventures): Deploys in minutes, integrates new SaaS apps in 3-5 days vs. months for competitors. “Shadow AI discovery”—finding unauthorized AI tools in the enterprise—became the urgent board-level hook for CISOs.
Pattern 5: Founder credibility as distribution
When you don’t have YC or a16z, your own background becomes the trust signal.
Oxide Computer Company ($100M Series B): Bryan Cantrill (DTrace creator, former Sun/Joyent CTO) used his podcast (“Oxide and Friends”) as a literal enterprise sales pipeline. Hardware buyers listened for months and arrived pre-sold. He published internal engineering decision documents (RFDs) publicly on GitHub and enterprise buyers used these to evaluate engineering rigor, replacing the trust gap that normally kills hardware startup sales.
RegScale ($30M Series B, SYN Ventures): Travis Howerton held senior IT leadership roles at the National Nuclear Security Administration, where he managed classified systems modernization. In federal procurement, that clearance-level credibility is worth more than any VC brand. Microsoft published a case study on RegScale, and his annual “State of Continuous Controls Monitoring” report defined the category terminology that buyers now use.
Kosli ($10M Series A, Heavybit + Deutsche Bank CVC): Deutsche Bank’s engineering team started as a customer, then their CVC led the Series A—when your lead investor is also your customer, that’s the strongest trust signal possible. “Evidence, Not Screenshots”—three words that every compliance officer instantly understands.
Descope ($88M total seed): The ex-Demisto team (acquired by Palo Alto Networks for $560M) raised the largest seed in the dataset. 1,000+ orgs in production, hundreds of millions of identities managed. Oren Yunger at Notable Capital bet on the team that already built and sold a $560M company in the same space.
Arcjet ($12.1M, a16z seed + Plural Platform Series A): David Mytton ran Console.dev (developer tools newsletter) for 5 years before building a developer security product. He spent half a decade building trust with exactly the audience he’d later sell to. Audience-first, product-second.
Dream Security ($100M Series B): Sebastian Kurz (former Austrian Chancellor) co-founded it. His personal relationships with European heads of state bypass normal government procurement. $130M in year-one contracts. Not replicable—but instructive about what “unfair advantage” actually looks like at the extreme.
Pattern 6: One architectural bet
Some companies raised on a single technical decision that made the product 10-100x better.
Depot ($10M Series A, Beaverton, Oregon, 3 people): Every CI provider uses ephemeral machines that lose the Docker layer cache between builds. Depot uses persistent NVMe SSD caching on native hardware. Builds go from 45 minutes to 2 minutes. $1M ARR with 3 people — no sales team, no marketing team. Series A closed on Hacker News organic traffic and measurable performance claims developers could verify themselves.
GrowthBook ($23M Series A): Identified the architectural flaw in LaunchDarkly: it forces you to send all your data to their platform. GrowthBook connects to your existing BigQuery/Snowflake/Databricks—warehouse-native. Their 9kb JavaScript SDK processes 100B+ feature flag lookups per day with zero network requests. Feature flags work even when GrowthBook’s servers are down. For regulated industries, this is the difference between usable and unusable.
Runware ($66M total, Dawn Capital): A Romanian duo built a consumer prototype (PicFinder) that generated AI images in under 1 second when competitors took 30+ seconds. 100M images in 3 months. The insight: sub-second generation doesn’t just make existing use cases faster — it unlocks use cases impossible at 30 seconds (real-time editing, live previews, interactive tools). Custom hardware (“Sonic Inference Engine”), now processing 10B+ images. Growth required zero enterprise sales — 30-40% faster and 5-10x cheaper meant developers switched on benchmarks alone.
The agentic flywheel: why every layer of the stack is growing at once
Railway’s founder Jake Cooper tweeted in March 2026: 12K new users per day, up from 3K at the start of the year. When asked how many are fueled by agents, he said: “Fastest growing segment assuredly. If your experience isn’t agent first at this point…”
This isn’t just Railway. We found evidence of agent-driven growth across 17 companies in the dataset—from cloud platforms to CI providers to databases. The pattern is a flywheel where each layer creates demand for the next:
Coding agents generate more code → Claude Code, Cursor, Copilot, Bolt.new, and Lovable are producing code at unprecedented volumes. CodeRabbit reports that AI coding tools produce 2-3x more PRs per developer, but AI-written code has 1.7x more issues than human code. Senior engineers who reviewed 5-10 PRs a day now face 20-30.
More code needs faster CI → Depot saw 8x YoY build volume growth in 2025, 100M+ builds processed. Kyle Galbraith: “AI can help write your feature in 20 minutes. But if your CI pipeline also takes 20 minutes, you’ve just traded one bottleneck for another.” Blacksmith tripled revenue in 4 months—Google Ventures doubled down just 4 months after their seed.
More code needs somewhere to deploy → Railway: 12K new users/day. They released an MCP server so agents can deploy directly from code editors. Cooper: “When godly intelligence is on tap and can solve any problem in three seconds, the deployment machinery becomes the bottleneck.”
Deployed agents need sandboxes → Daytona hit $1M ARR in 60 days after pivoting from a cloud IDE ($300K ARR) to agent sandbox infrastructure. CEO Ivan Burazin walked away from Fortune 500 customers to rebuild for agents: “We’re no longer building tools to assist developers. Increasingly, agents are the developers.” Sandboxes spin up in ~27ms. E2B reports 88% of Fortune 100 have signed up for their agent sandboxes.
Agents need web access → Kernel ($22M, Accel) provides browser infrastructure for agents at under 325ms startup. Firecrawl (350K users, 43K GitHub stars) gives agents web data via MCP. Parallel ($100M Series A, $740M valuation) builds search that returns content optimized for agent context windows, not human clicks.
Agents need tool access → Composio ($29M, Lightspeed) connects agents to 3,000+ SaaS applications. $2M ARR with 18 people. No agents or Composio—the company exists because agents need to call APIs.
Agents need memory → SurrealDB launched 3.0 as “the future of AI agent memory” — transactional state, long-term memory, context graphs, all in one Rust binary with sub-millisecond latency.
Agents need orchestration → Trigger.dev ($16M Series A) pivoted from “background jobs” to “agent infrastructure” and is now processing hundreds of millions of agent executions per month. Mastra ($13M pre-seed, YC)—built by the Gatsby co-founders—provides a TypeScript framework for building AI agents, already at 150K weekly npm downloads and 22K GitHub stars.
Agents need identity and auth → Descope ($88M total seed) now manages identities for AI agents alongside humans and partners. WorkOS (Series C, beyond our early-stage dataset) built MCP-native OAuth 2.1 auth and is becoming the default identity layer for agentic apps. SGNL ($30M, acquired by CrowdStrike) proved that when agents access enterprise data, static role-based access breaks—you need real-time, context-aware authorization.
MCP connects it all → Anthropic’s Model Context Protocol went from ~100K server downloads in November 2024 to 8M+ by April 2025. 97M+ monthly SDK downloads. Railway, Firecrawl, Kernel, and dozens more ship MCP servers. Donated to the Linux Foundation in December 2025.
Developer infrastructure is growing because agents are building software at 10-100x the rate humans did alone.
Who should you talk to? The investor map by category
If you’ve gotten this far, you probably want to know who to actually email. Fair enough. What follows is not a flat ranking—each fund has a specific personality, and matching matters more than prestige.
Cybersecurity specialists
| Fund | Deals | Lead rate | Check size | Key partners | Thesis |
|---|---|---|---|---|---|
| Ballistic Ventures | 14 | 43% | $8-40M | Jake Seid, Ted Schlein, Roger Thornton | Pure cybersec. Seed → Series A. Portfolio: Armadin, Noma, Hypernative, BreachRx |
| Team8 | 12 | 58% | $8-38M | Liran Grinberg, Amir Zilberstein | Israel-heavy (42%). Co-founds from within. Portfolio: Fig Security, Orchid, Koi, Clover, Charm |
| Ten Eleven Ventures | 12 | 50% | $12-40M | Mark Hatfield, Dave Palmer | Series A-B. Portfolio: Fig Security, VulnCheck, Fleet Device Mgmt, Saviynt ($700M) |
| SYN Ventures | 11 | 73% | $8-30M | Jay Leek, Patrick Heim | Always leads. Series A specialist. Portfolio: Crash Override, iCOUNTER, SquareX, Mitiga |
| Glilot Capital | 12 | 8% | follows | Kobi Samboursky, Arik Kleinstein | Israel-focused (75%). Follows into big rounds. Portfolio: Noma ($100M), Sweet ($75M), Guardz ($56M) |
| Evolution Equity | 5 | 60% | $75-125M | Richard Seewald | Big checks, Israel-heavy. Led Kai ($125M), Noma ($100M), Sweet ($75M) |
| Forgepoint Capital | 7 | 71% | $10-47M | Damien Henault, Alberto Yépez | Almost always leads. Portfolio: 1Kosmos ($47M), RAPIDFORT ($42M), Qevlar AI ($30M), GetReal ($18M) |
Generalists active in cybersec + devtools
| Fund | Deals | Key partners | Notable |
|---|---|---|---|
| Bessemer | 19 | Elliott Robinson (cloud security), Talia Goldberg (devtools), Amit Karp (Israel), Lindsey Li | $3.5M-$250M range. 47% lead rate. |
| Accel | 14 | Andrei Brasoveanu (Israeli cybersec), Ping Li, Daniel Levine (devtools), Christine Esserman, Ben Fletcher | Each partner has a clear lane. |
| a16z | 14 | Zane Lackey (cybersec), Jennifer Li (infra), Martin Casado (cloud/networking) | US-only. 50% Series B. Median deal $49M. |
| Bain Capital | 3 | Enrique Salem (ex-Symantec CEO) | Huge cybersec checks. Also backs Whop (EM client). |
AI infrastructure
| Fund | Deals | Key partners | Check size | Thesis |
|---|---|---|---|---|
| Lightspeed | 14 | Guru Chahal, Raviraj Jain, Tal Morgenstern, Arif Janmohamed | Median $50M | Infrastructure that becomes a platform. Big TAM. Agent infra (Composio) is a growing focus. |
| Greylock | 8 | Asheem Chandna, Jerry Chen, Mike Duboe, Saam Motamedi | Median $45M | Category-creating. US-only. |
| Index Ventures | 8 | Shardul Shah, Georgia Stevenson, Mike Volpi | Median $100M when leading | Massive TAM plays. Europe-active (38%). |
| Khosla | 7 | Vinod Khosla | Median $30M | 100% AI. Emergent ($70M), Parallel ($30M), Ravenna ($15M). |
| Benchmark | 5 | Chetan Puttagunta | Median $100M | Follows into the best AI deals. Led Reducto Series A. Highly selective. |
Developer tools / platforms
| Fund | Deals | Key partners | Check size | Thesis |
|---|---|---|---|---|
| Felicis | 14 | Aydin Senkut, Jake Storm, Viviana Faga, Nancy Wang | $5-30M | US-only. Series A focus. Good for early traction stories. |
| Google Ventures | 11 | Karim Faris, Erik Nordlander, Luna Schmid | $3.5-106M | 73% lead rate. Conviction investor. Co-led Bolt.new $106M with Emergence Capital (Joe Floyd). GV backs StackBlitz/Bolt.new, where EM is the engineering partner. |
| Insight Partners | 11 | Teddie Wardi (devtools), Thomas Krane (cybersec) | $8-75M | 73% lead rate. Always leads. |
| Redpoint | 9 | Erica Brescia (ex-GitHub COO), Jordan Segall, Meera Clark | Median $30M | Wants $2B+ revenue potential. Israel-active. |
| Heavybit | 6 | Joseph Ruscio, Jesse Robbins | $4-10M | Only pure-play devtools seed investor. Portfolio: Kosli, Milestone, Reo.Dev, Recce, Bronto, Duckbill. Broader: PagerDuty (IPO), LaunchDarkly, Snyk, Tailscale. First call for seed-stage devtools. |
Open source specialists
Heavybit, Google Ventures (Blacksmith), Insight (Testkube, E2B), a16z (LangChain $125M), Benchmark (Reducto), Felicis (Depot), One Peak (Unleash $35M). The pattern: OSS metrics (stars, downloads) get you to Series A. Enterprise conversion (NRR, Fortune 500) gets you to Series B. (Evil Martians maintains OSS tools used by thousands of teams—we help clients build the same conversion engine.)
Super-node angel investors
Beyond VCs, a handful of operators show up repeatedly across the dataset. Their names on a cap table signal to institutional VCs that practitioners believe in the product—and the data shows clustering effects: companies that attract multiple super-node angels raise faster.
| Angel | Deals | Background | Focus | Notable picks |
|---|---|---|---|---|
| Olivier Pomel | 10 | Datadog CEO | DevTools, AI, observability | Lovable, Qovery, Retab, DotBlocks, AISLE, Plakar |
| Guillermo Rauch | 8 | Vercel CEO | AI devtools, frontend infra | Outtake, Composio, Deep Infra, Rerun, Ravenna |
| Theo Browne | 7 | t3.gg creator | AI devtools | Daytona, Blacksmith, Supermemory, Archil |
| Paul Graham | 7 | YC co-founder | DevTools, cybersec | Kernel, Tesseral, ZeroPath, Luminal |
| David Cramer | 7 | Sentry CEO | DevTools, OSS | Blacksmith, MetalBear, Comp AI, Digger, Kernel |
| Thomas Wolf | 7 | Hugging Face CEO | AI infra, OSS | Dedalus Labs, Nozomio, AISLE, Lovable |
| Jeff Dean | 5 | Google Chief Scientist | AI infrastructure | Standard Kernel, Supermemory, AISLE, Belfort |
| Nikesh Arora | 4 | Palo Alto Networks CEO | AI, cybersec | Outtake, Factory, Pensero AI |
| Solomon Hykes | 3 | Docker co-founder | DevTools, infra | Recall.ai, Plakar, Kernel |
| Aaron Levie | 3 | Box CEO | AI devtools | Factory, Antimetal, Superblocks |
The clustering signal: Blacksmith attracted angels from Sentry, Cockroach Labs, t3.gg, and others, then GV led their Series A in 14 days. Supermemory attracted Jeff Dean, David Cramer, and Theo Browne simultaneously. AISLE got Olivier Pomel, Thomas Wolf, AND Jeff Dean. When multiple operator-angels converge on the same company, institutional VCs notice.
Accelerators
YC: 161 deals (14% of dataset). ~76% AI. Key partners: Diana Hu, Jared Friedman, Tom Blomfield. Pioneer Fund (30 deals) closely follows YC companies. Getting in means warm intros to Felicis, CRV, First Round.
Antler (22 deals): Best for European pre-seed. 500 Global (14 deals): Global at pre-seed/seed. Techstars (9 deals).
Corporate VCs
| CVC | Deals | Portfolio examples |
|---|---|---|
| Salesforce Ventures | 10 | Lovable, Together AI, Upwind, Endor Labs, Recall.ai |
| Cisco Investments | 7 | LangChain, NetFoundry, SGNL, SpecterOps |
| M12 (Microsoft) | 6 | Edera, Sola Security, RegScale, SGNL |
| NVentures (NVIDIA) | 4 | Quantinuum ($600M lead), Lovable, CodeRabbit |
Approach after your institutional round is anchored. The value is distribution and validation, not the capital.
One more thing
Fundraising gets all the attention, but it’s not the hard part. The hard part is what comes after: building something that developers actually use, and keep using.
If you’re building developer tools, cybersecurity platforms, AI infrastructure, or open source projects, Evil Martians works as an embedded engineering partner across Ruby on Rails, React, TypeScript, Go, Rust, Python, Kubernetes, WebSocket infra and agenting coding harnesses.
We helped Whop cut CI time in half with TestProf, built bolt.new’s infrastructure from zero to $40M ARR, worked with Tines through its 106x performance improvement to unicorn status, built agentic coding harnesses and MCP integrations, and shipped production code for companies in our dataset like Lingo.dev. 65% of our clients raise their next round within 1-3 years.
…if you need help building the thing that gets your logo on a Muni: reach out.
