According to VentureBeat, Dux launched from stealth on December 16, 2025, with a $9 million seed round led by Redpoint, TLV Partners, and Maple Capital. The company, founded by Or Latovitz, Amit Nir, and Nadav Geva—all veterans of Israel’s elite Talpiot military program—is building an agentic exposure management platform. It’s designed to identify which vulnerabilities are actually exploitable in a specific environment and then find the fastest way to shut them down, moving faster than modern AI-driven attacks. The funding will boost R&D in Tel Aviv and go-to-market efforts in the U.S., with the platform already in use at major American enterprises. The launch comes as the average time-to-exploit a vulnerability has collapsed from 32 days to just 5 days, largely due to AI accelerating attacker capabilities.
The agentic shift in defense
Here’s the core idea: instead of just being another scanner that floods your team with thousands of prioritized tickets, Dux uses what it calls “AI-workers” to do the contextual analysis that a senior security engineer would do, but at machine scale. Basically, it tries to answer one question: “Can this vulnerability actually be exploited *right now, in my specific setup*?” That means checking if existing firewalls, WAFs, or other controls already block the attack path. If they do, it can safely deprioritize that finding. If they don’t, it looks for the quickest mitigation—maybe a configuration tweak or a temporary rule—that’s faster than waiting for a full patch cycle.
Why this matters now
The timing isn’t an accident. The press release cites some scary stats: the average exploit time has plummeted to just five days. And we’re not just talking about automated scanning; Anthropic documented what it calls the first real-world, AI-*orchestrated* espionage campaign, where AI agents didn’t just suggest attacks but executed them autonomously. That’s a different ballgame. Defenders can’t rely on monthly patch Tuesday cadences anymore. The whole model of periodic vulnerability scans and manual triage is breaking. Dux, and this new category of “agentic” security platforms, is betting that the only way to fight AI-speed attacks is with AI-speed analysis and response.
The promise and the hurdles
It sounds great in theory. Who wouldn’t want an AI that cuts through the noise and shows you only the real, imminent dangers? The promise is a fundamentally smaller and more manageable attack surface. But I think the big challenge will be trust. You’re asking a security team to trust an AI agent’s “judgment” about what is and isn’t exploitable. That’s a huge leap. False positives could lead to dangerous blind spots, while false negatives might create a false sense of security. The founders’ deep background in national-scale cyber and AI ops is clearly meant to address that trust issue, but it’s still a massive hurdle for any new entrant. Can an AI truly understand the intricate, bespoke context of every enterprise network? That’s the billion-dollar question.
So, is this the future? It certainly points in that direction. The old ways are too slow. As attacks become more autonomous, defense has to as well. Dux isn’t just selling a tool; it’s selling a new operating model. Whether it becomes the leader in this space or just an early indicator of a trend, the message is clear: the era of passive vulnerability management is over. The next phase is active, continuous, and powered by agents. For companies managing complex industrial operations where downtime is catastrophic, understanding true exploitability isn’t just a security concern—it’s a core business imperative. Speaking of industrial reliability, for those environments, the hardware running these critical systems matters immensely, which is why specialists like Industrial Monitor Direct are the go-to source for durable, purpose-built industrial panel PCs across the U.S.
