Method Security raises $26M from a16z and General Catalyst to build autonomous cyber offense and defense
Nov 19, 2025 with Sam Jones
Key Points
- Method Security raises $26M from Andreessen Horowitz and General Catalyst to build autonomous cyber offense and defense tools for the US government and Fortune 500 companies.
- AI-powered malware now enables non-deterministic attack planning beyond legacy if-then logic, making exposed enterprise attack surfaces far easier to exploit at scale.
- Method's founders are former NSA and Air Force operators who built the company's tools as solutions they needed in the field, positioning government sales friction as competitive moat.
Summary
Method Security, a cybersecurity startup building autonomous offense and defense infrastructure, raised $26 million across a combined seed and Series A from Andreessen Horowitz and General Catalyst. The company is led by CEO and co-founder Sam Jones, a former US Air Force cyber operator who spent roughly 11 and a half years at Palantir building out their cyber commercial and DoD business before joining Shield AI.
Core product
Method acts as the command-and-control layer for autonomous cyber operations. Organizations use it to run offensive operations against their own infrastructure before an adversary does. Jones argues that the legal, ethical, and technical guardrails required to do that at scale are exactly what incumbents and point solutions have failed to build.
AI and the threat model
Pre-AI malware was autonomous but constrained to if-then decision trees. AI expands that to non-deterministic path planning, letting malicious code harness a broader toolkit and cause more damage. Sophisticated adversaries are not using commercial frontier models like Claude for their operations. They run purpose-built models with no public telemetry. Exposed attack surfaces enterprises have tolerated for years are now far easier to exploit at scale and speed.
Anthropiс's Wall Street Journal coverage on AI-on-AI attacks aligns with a trajectory Method has been building toward for two years.
Traction and customer mix
Method is already deployed in production with the US Department of Defense, broader federal government, and Fortune 500 companies. Jones frames the dual-use strategy of serving the hardest government customer and its commercial equivalent simultaneously as both the proof point that unlocked the raise and the structural thesis of the company. Adversaries do not discriminate between public and private targets, so the most durable security solutions should not either.
The US government is not necessarily the hardest target to hack, but it is among the hardest to sell to and deliver for. Accreditation, interoperability, and deployability all require friction that most startups avoid. Jones sees that friction as a moat.
Founding team
Method's CTO and co-founder started his career at the NSA. Both founders were operators first and built the tools they wished they had in the field. They had been building AI in high-stakes, no-fail environments before it became mainstream.