Bella Garcia-Carmago, on behalf of Conviction

Application security isn't working. Engineers dread it: scanners spew false positives, reviews drag on, and deadlines slip away. Security teams chase developers through endless reviews, only to see the same vulnerabilities shipped again and again.

Today's reactive security posture doesn't scale to the speed of human developers. And as AI reshapes and accelerates software development, that problem is only getting worse.

We believe the future of software is Secure by Design -- where security properties like least privilege and safe defaults are enforced structurally, rather than patched in later. AI code generation tools are finally making that vision possible. As these tools take on more of the development workflow, they offer a practical path to integrate secure practices directly into how software is written, reviewed, and maintained.

That is Corridor's vision -- to build an AI security architect, capable of designing and securing code at the speed of development. Even before joining Conviction, Jack and Ashwin were at the top of my short list of folks that I'd hoped to get to work with.

Jack was already one of the world's top bug bounty hunters in high school, hacked key systems in the DoD, and hasn't paid for a flight in 8 years thanks to United's bug bounty program. But Jack isn't your typical hacker - after graduation, he joined Congress through TechCongress and wrote a bill on Open Source Security, then went on to become a senior technical advisor at CISA, where he got hundreds of tech companies to commit to improving their product security.

Ashwin is the epitome of “you can just do things”. While at Stanford, Ashwin began maintaining one of the biggest React form libraries in the world at the behest of Mozilla, then partnered with Schmidt Futures to launch an open source grant program. In his spare time, he graduated from Georgetown Law, ran for State Senate in Georgia, all while working at startups and publishing two AI research papers. Each of Ashwin's side-quests could be its own essay.

Coincidentally, it was a vulnerability that first brought Jack and Ashwin together. As a founder of Stanford's bug bounty program, Jack was called in to help decide whether Ashwin should be thanked or punished for accidentally hacking into Stanford's admissions system. They became fast friends and collaborators: from security research at Stanford, to creating CISA's first comprehensive attack surface management tool. Corridor is the next chapter in their years of tackling this ecosystem together.

Today, we're especially excited to welcome Alex Stamos to the Corridor team full time as Chief Security Officer. Alex is a titan of the security industry: he was formerly the Chief Security Officer of Yahoo, Facebook, and most recently SentinelOne, has served as an advisor to the White House, and built and sold two of the most sought after, dominant security consulting firms.

Alex is one of the world's preeminent thinkers about scale in the security industry -- from defending internet-scale products that hold everyone's data, to fighting nation-state attackers. The hardest and highest leverage “scaling” mission today is building security into software products, especially at the 99.9% of companies that don't have the security talent and resources of the internet giants. We believe it's possible, and even more so by teaming up with Alex.

Corridor is addressing the most interesting technical problem and exciting commercial opportunity in cybersecurity today. The team is moving quickly, and are live with early customers including Cursor, Mercury, and GreyNoise. Corridor is building the most talented team at the intersection of AI and Security - join us to shape the next era of software development.