Every engineering team on the planet is racing to write code faster with AI. Almost none of them have figured out how to keep that code from quietly becoming a security liability. A Malmö startup just raised four and a half million euros to sit in that gap, and the timing is hard to argue with.

Oplane, an agentic security platform built specifically for teams using AI coding tools, has closed a EUR 4.5 million seed round led by Seed Capital, with participation from existing investor Icebreaker.vc and a roster of notable angels. The company automates threat modeling, the discipline of figuring out how a system could be attacked, and delivers fixes directly into the developer's workflow. The funding will go toward European commercial expansion, deeper integrations with tools like Claude Code, Cursor, and GitHub Copilot, and hiring across engineering, security, and go-to-market.

The angel list alone tells you the thesis resonates with people who know security. Among the backers is Emil Eifrem, the founder of the graph database company Neo4j, alongside Robert Lagerström and Joakim Nydrén. When the person who built one of Europe's best-known database companies puts money into your security startup, it is worth understanding why.

Here is the problem Oplane exists to solve. AI coding assistants have made developers dramatically more productive, but they generate code at a speed and volume that human security review cannot keep up with. A developer using Cursor or GitHub Copilot can ship in an afternoon what used to take a week, and the security team finds out about the architectural decisions later, if at all.

Threat modeling has always been the answer to this in principle. You map out how an attacker could get in before you ship, not after. The trouble is that proper threat modeling is slow, expert-heavy work that most teams skip because they do not have the time or the senior security people to do it. In a world where AI is accelerating the pace of building, the gap between how fast code ships and how fast it gets secured is widening fast.

Oplane's pitch is to automate the expensive part. The platform maps a codebase's architecture, identifies system-level security requirements, and delivers contextual remediations straight into the developer's environment. Minutes instead of weeks, to borrow the company's own framing. The bet is that security has to move at the speed of AI-assisted development, or it becomes irrelevant.

Plenty of tools scan code for known vulnerabilities. Oplane is reaching for something harder. Threat modeling is about understanding the system as a whole, how its components fit together and where the architectural weak points lie, rather than spotting an individual bad line. As the company describes it, it uses expert-level threat modeling to automatically map codebase architecture and surface the system-level requirements that line-by-line scanners miss entirely.

That distinction matters because the most dangerous security failures are usually architectural, not syntactic. A perfectly written function can still create a catastrophic vulnerability if it sits in the wrong place in the system. Catching that has traditionally required a human expert who understands the whole picture, which is exactly the kind of scarce, expensive talent most teams cannot hire enough of.

If Oplane can genuinely automate that level of reasoning, it is addressing a bottleneck that gets more acute every month. The supply of senior security architects is not growing. The volume of AI-generated code very much is. Something has to give, and Oplane is betting it will be the manual nature of the analysis rather than the security itself.

Oplane was founded in 2022 by Emil Kvarnhammar, Oscar Andersson, and Anders Söderling, and is headquartered in Malmö. Kvarnhammar's background is in security consulting, the kind of work where you spend years manually finding the holes in other companies' systems. That experience is the foundation of the product. The team is essentially trying to encode decades of practical security expertise into software.

That origin is a meaningful signal. Security tooling built by people who have actually done the hands-on threat modeling tends to be more credible than tooling built by generalists who read about it. The founders know precisely which parts of the job are tedious and automatable and which parts genuinely require judgment, which shapes a sharper product than a from-scratch attempt would.

The customer profile fits the moment. Oplane says it works with some of the fastest-moving companies in AI, the teams adopting coding assistants most aggressively and therefore feeling the security gap most acutely. It slots neatly into the wave of Nordic startups building the infrastructure layer for the AI economy, from cloud plumbing to sovereign development tooling.

The cap table is itself a small story about how Nordic venture works now. The round was led by Seed Capital, one of Denmark's most active early-stage funds, into a Swedish company headquartered in Malmo, with continued backing from Finland's Icebreaker.vc. Malmo sits a short train ride across the bridge from Copenhagen, and deals like this one show how thoroughly the Oresund region has collapsed the old borders between Danish and Swedish startup capital.

Icebreaker doubling down as an existing investor is the more telling detail. Follow-on capital from a fund that has watched the company up close since an earlier round is a stronger vote of confidence than any new logo on the cap table. It means the people with the most information decided to put in more, which is the signal sophisticated co-investors look for before they commit.

The angels round it out with credibility rather than just cash. Emil Eifrem built Neo4j into a globally recognized database company and understands developer tooling and enterprise sales at a level few angels can match. Robert Lagerstrom brings academic and practical security depth, and Joakim Nydren adds operating experience. For a seed-stage security startup, that mix of distribution savvy and domain expertise is worth more than the four and a half million on its own.

Oplane is moving at a moment when the problem it solves is newly urgent and the market has not yet settled on a winner. AI coding adoption went from experiment to default in barely two years, and most security teams are still scrambling to adapt their processes. That lag is the opportunity. The company that becomes the obvious answer for securing AI-generated code before the category consolidates will own a durable position.

The clock matters because the incumbents are not asleep. Established application security vendors and the AI coding platforms themselves both have obvious incentives to address this, and some will. Oplane's task over the next year is to convert its head start and its founder expertise into enterprise contracts that are hard to rip out, and to make its automated threat modeling demonstrably better than the bolt-on alternatives. The funding buys the runway to try. Execution decides whether the early lead becomes a lasting one.

The competitive picture is not empty. AI code security is a hot category, and bigger players are circling the same problem from the scanning and observability angles. Oplane's defensibility rests on whether its automated threat modeling is genuinely better than what incumbents can bolt on, and whether it can sign enterprise customers before the giants ship a good-enough version. Four and a half million euros buys runway, not invincibility.

But the wind is at its back. The adoption of AI coding tools is not slowing, the security gap they create is widening, and the supply of human experts to close it is flat. Oplane is selling speed and expertise in a market that is short on both, backed by investors who understand exactly how acute the need is.

The companies shipping AI-written code the fastest are the ones with the most to lose when it goes wrong. Oplane is betting they will pay to find out where the holes are before someone else does. In the current build-everything-with-AI moment, that is a very reasonable bet.