“I'm Francesco, co-founder and CEO of Almanax. I'm originally from Italy, and lived in San Francisco for roughly five years. And I've been in New York for two. We’re Almanax. We're building an AI security engineer that detects and patches vulnerabilities in code.”

“Before this, I was the Head of Product at a startup in San Francisco, where I specialized in building products to investigate exploits, specifically crypto exploits. And in those four years, we did a lot of work with law enforcement agencies, regulators, and a lot of companies that had been hacked.

Sometimes the same hack kept happening. Companies were mostly using dated security tools that were not capturing 80% of the exploitable bugs and vulnerabilities. Or, they were outsourcing security to penetration testers and auditors who were just checking things once a year. At the same time, LLMs were starting to become very promising at the task of security. And we wanted to bring human capabilities via API to security teams as well.”

“So one… there's this Netflix documentary. From last year, I believe, called ‘Biggest Heist Ever’ or something. I know two of the people who worked on that case pretty well. They ended up recovering around $4 billion from a hack that happened in 2016!”

“Yeah, it was relatively easier than usual… this VC firm in the Bay reached out [to me on LinkedIn] and they said, ‘Hey, we really want to invest in security. Specifically, we think there's white space in blockchain security. Are you thinking of starting anything of your own?’ And you know, I was at that stage where I was thinking about it. I had a few ideas, and I was gonna pull the trigger soon. 

And then, we had multiple conversations over the span of several months, and we met in person. We eventually decided that we wanted to work together. And so they basically [told me they would back me] when I was still at my previous company, which is generally an easier way to get started.”

“Yeah, so at the very, very early days, it was my cofounder and I in this very tiny WeWork office. We had a few ideas of things that we wanted to do, like using AI agents. Well, no one was really calling them ‘agents’ at the time… we were using LLMs to detect security vulnerabilities. 

We started with one of the pieces of software that has historically led to big exploits. And we already knew the blockchain space was a big target for hackers because an exploit steals money directly. It’s literally like robbing a bank. 

So we started with smart contracts, which are pieces of code that live on the blockchain and encapsulate the logic of an application, and also have a lot of money going through it. We tried to model our product based on the experiences of how companies were doing security for smart contracts, which was very manual.”

“A lot of them were customers or connections I had from my previous company. So I knew it was a pain point already. We were building products for the investigation post-exploits.

So I went to them and said, ‘Hey, I know you guys don't want to get exploited. Here's how you don't get exploited.’

A lot of the early validation for us was basically, ‘Hey, we found this vulnerability, look at it.’ Then people were like ‘Oh yeah, you’re right.’

And so we got a lot of attention last year in November because we found a vulnerability in one of Vitalik’s smart contracts. Then he publicly paid us a bounty for it. So then people started flocking to the product.

And we even made a funny meme about it.” 

“I knew building a brand was the hardest thing you have to do as a startup. Like, why, as a big enterprise, would I buy your product, the product of this small startup that I've never heard of?

But I think the biggest learning is that security people are very no bullsh*t type people. And so we would use this ‘Show me, don't tell me’ type of approach in our sales motion that worked very well, where we’d scan the codebase of our target customers and find them issues.

Historically, if I find a vulnerability, you pay a bounty. I’m like, ‘Look, I don’t even want a bounty, just acknowledge that our product is something useful! And if it is, like you should integrate it in your processes.”

“You know, as founders, you’re never really ‘off.’ I know this is probably very unhealthy, but I check my emails and Slack first thing in the morning, and last thing before going to bed. It’s very hard to really unplug. But the only thing that puts me completely ‘off’ and makes me focus on something completely different is sports. So I play in a few soccer leagues, and it’s literally the only moment in the week where I’m not thinking about work. The only thing I’m thinking about is running after the ball in front of me. It really brings back the kid in me. It brings me a lot of joy, and honestly, sanity.”

“I used to be a competitive swimmer back in the day. It was very fun, but a lot of hard work. Training, three hours every day, sometimes more, sometimes twice a day. And some of the people that I used to compete against ended up at the Olympics.

Being a competitive swimmer definitely taught me the value of hard work. You can be the most skilled individual out there, have all the technique, be the best programmer in the world, but if you’re not actually putting the work in and being very consistent in your practice, you’re never going to be the best.”

“I saw this amazing espresso machine that’s the most beautiful piece of hardware I’ve ever seen. 

Funny thing, we’re redoing the design of our website inspired by the design and colors of this espresso machine.”

“NYC is closer to home. My family is all in Italy. And it feels much more European. 

Also, a lot of our customers are here. Like I was telling you, we started with smart contracts, but we actually expanded beyond that. Now we scan any type of code and work with clients beyond crypto as well. 

And I just love the energy of the city. It’s unmatched. I grew up in the middle of nowhere in a small town and there’s nothing like New York. I wake up, look up at the skyline, and I feel energetic every morning.”

“We're full steam ahead right now on go to market ahead of our next round. We grew a ton in the past few months. So if anyone knows people in security that they think could be interesting for us to talk to, I’d love to talk to them. Our ICP right now are security teams, specifically application security teams at companies from Series B and beyond. Also, we’ll be hiring engineers in the next few months, so if you know any great engineers that want to join a fast-paced startup, send them my way.”

If this sounds like you or someone you know, reach out at [email protected] or via LinkedIn.

Francesco Piccoli is the co-founder and CEO of Almanax, a startup that’s building an AI-powered security engineer to automatically detect and patch vulnerabilities in code. He’s been working in the crypto space since 2019, and formally launched Almanax about a year and a half ago. He has been a member of NYC Founders Club since our launch last year.