$80M led by Meritech. Read about our Series B
Sign in Request demo

How Persona Increased Code-Security Coverage by 2x with depthfirst

Since adopting General Security Intelligence and introducing its context-aware code reviewer into our workflow, we’ve increased our code-security coverage by 2x. Its ability to learn from our patterns, understand application semantics, and continuously refine recommendations has been invaluable. To date, we have addressed more than 70% of agent recommendations which has significantly strengthened our overall security posture

Neal Harris

Neal Harris, Director of Security

Stronger security posture

depthfirst’s General Security Intelligence surfaced and helped Persona remediate hard-to-find vulnerabilities in weeks, directly improving the security of their software.

Lower load for security

With a dramatically better signal-to-noise ratio, Persona acted on more than 70% of recommendations, letting security engineers focus on real risks instead of triaging noise.

2x security coverage while speeding up development

One-click fixes for existing vulnerabilities across code, dependencies and containers 2x’d Persona’s security coverage while increasing development velocity with PR reviews

Persona: Humanizing Online Identity at Scale

Persona is a leader in the identity verification space with a mission to humanize online identity. They help companies like OpenAI, LinkedIn and Rippling verify that their users are who they say they are.

The Challenge: Securing a Rapidly Growing Code Base

Persona’s engineering team ships fast, and with safety at the core of their mission and product, they wanted to be proactive about securing a rapidly growing codebase. They knew that even the best teams have to face the risk of vulnerable code slipping through as they scale. When that happens, it disrupts the roadmap and slows product momentum because developers have to stop and fix issues in code they shipped weeks earlier.

At the same time, they knew that pull request security reviews can easily kill momentum if they are too heavy-handed. Traditional code scanners are not a great answer either, because they flood teams with false positives and only provide a superficial view of what is really going on in the code.

Persona also understood that this was not a unique problem with their team or stack, but a structural challenge for any organization that ships software quickly. Modern engineering teams are adopting micro-services, pulling in more dependencies and accelerating release cycles, while many traditional security tools were not designed for this pace. Persona needed a security solution that could match this pace and protect their expanding codebase without compromising development speed.

The First Instinct: Building an In-house Code Scanner with an Off-the-Shelf LLM

With recent advancements in AI, Persona’s first instinct was to build rather than buy. The team decided to experiment with an in-house pull request security scanner using an LLM, leveraging their own deep understanding of the product and codebase to create a security reviewer tailored to Persona.

Early results were encouraging and confirmed that AI could meaningfully augment their security program. However, turning a promising prototype into a reliable, high-fidelity security solution proved far more complex than expected. Over time, the internal tool struggled with:

  • High false positives that eroded developer confidence
  • Limited detection of complex, context-dependent vulnerabilities
  • Poor feedback loops that made it difficult to improve the quality of the solution over time

As Persona’s product and engineering organization grew, maintaining and evolving the in-house scanner became a significant resource drain. The engineering and security teams needed a comprehensive solution that could deliver the same level of contextual understanding they were aiming for, while balancing trust and shipping velocity without requiring dedicated in-house ownership.

The Evaluation: Testing the AI-Native Security Platform

When Persona compared their in-house scanner against depthfirst, the difference was clear. Having built and tested their own AI-powered scanner, the team had a clear view of what a context-aware security reviewer needed to do and where the hard problems were. That experience helped them recognize that depthfirst’s approach with General Security Intelligence could perform very well: an AI-native security platform focused on a deep understanding of a company’s code, business logic and infrastructure.

Trying depthfirst was an easy decision, especially because it was so simple to get started. Persona onboarded in minutes by installing depthfirst’s GitHub App and granting repository permissions across their libraries. With that in place, they could run General Security Intelligence side by side with their internal tool on real pull requests and production code.

In comparison, the Persona team saw:

  • Complex vulnerabilities flagged, including higher-complexity vulnerabilities that their internal scanner did not catch
  • Fewer false positives, which freed up security engineers’ time
  • Actionable recommendations to fix vulnerabilities, which helped engineers ship faster

This combination of broader detection and higher precision convinced Persona’s security leadership that depthfirst was the right partner to support their engineering teams.

The Solution: depthfirst’s General Security Intelligence

depthfirst’s General Security Intelligence is an AI security platform that analyzes a company’s entire codebase, infrastructure, and business logic to understand how it is supposed to operate. This deep context allows it to detect vulnerabilities across code, dependencies, secrets, and infrastructure that point solutions typically miss and recommend fixes that actually work.

At Persona, that context turns into meaningful, actionable insights embedded directly in existing development workflows. With General Security Intelligence reviewing code in pull requests, every engineer gets an always on, 24/7 security engineer that works with them inside the tools they already use instead of slowing them down from the outside.

Today, depthfirst’s General Security Intelligence is embedded directly into Persona’s development workflow:

  • Continuous analysis across application code, dependencies and containers, catching issues as the product evolves.
  • Pull request reviews that surface security and code-quality issues before merges.
  • Concrete remediation suggestions with ready-to-apply patches that developers can commit directly.
  • Adaptive detection, where General Security Intelligence learns from how Persona’s engineers respond to its findings and continuously refines future recommendations.

The Results: Stronger Security Without Slowing Down Development

By adopting General Security Intelligence, Persona strengthened its security posture without sacrificing the speed or agility of its engineering organization.

  • Stronger security posture with hard-to-find vulnerabilities resolved within weeks. depthfirst’s General Security Intelligence surfaced high-impact vulnerabilities that Persona’s team has accepted and remediated, directly improving the security of their applications.
  • Reduced security engineering team load with a 70% recommendation resolve rate. With a dramatically improved signal-to-noise ratio, Persona was able to quickly resolve depthfirst recommendations, enabling security engineers to shift their time toward true risks instead of triaging noise.
  • Doubled security coverage while speeding up development. General Security Intelligence’s continuous analysis across code, dependencies and containers has doubled Persona’s overall security coverage. Because it understands how the platform is built, it gives developers specific, high-confidence guidance to remediate existing vulnerabilities with far less back-and-forth with security. In pull requests, the same targeted recommendations help developers ship code faster and reduce Persona’s PR cycle time.

See what autonomous security looks like

Request demo