RevEng.AI Secures $15 Million to Fortify Software

RevEng.AI, a cybersecurity company focused on software supply chain verification, has announced the completion of a $15 million Series A funding round. The operation was led by the NATO Innovation Fund, with participation from Sands Capital, In-Q-Tel, IQ Capital, and Episode One. This investment underscores the growing attention to digital infrastructure security, especially in an era where reliance on third-party software components and AI-generated code is redefining the threat landscape.

The current environment sees organizations increasingly exposed to risks related to software supply chain attacks. The complexity arising from the integration of open-source components, vendor updates, and, increasingly, code produced by Large Language Models (LLMs), makes it extremely difficult for security teams to verify the integrity and absence of hidden vulnerabilities or malicious functionality in released software. RevEng.AI aims to address this critical challenge by offering a solution that seeks to restore trust in the software powering our infrastructures.

RevEng.AI's Solution: Deep Binary Analysis with BinNet

At the core of RevEng.AI's offering is a binary-native verification layer for the software supply chain. This technology allows organizations to analyze compiled software – including executables, firmware, and third-party applications – to determine its actual content, without the need for source code access. This approach is particularly relevant for closed-source software or components for which full source code visibility is not available.

The underlying technology is RevEng.AI's proprietary AI model, BinNet, trained in collaboration with government cyber units and commercial security teams. BinNet is designed to automatically identify hidden vulnerabilities, backdoors, suspicious functionality, and abnormal changes in released software before it is deployed or purchased. As highlighted by James Patrick-Evans, PhD, founder and CEO of RevEng.AI, with AI taking an increasingly central role in software development, executable binaries are becoming the most reliable way to verify what software actually does once it runs on machines.

Implications for Data Sovereignty and On-Premise Deployment

RevEng.AI's approach has significant implications for organizations prioritizing data sovereignty, compliance, and security in air-gapped or self-hosted environments. The ability to verify software integrity at the binary level, regardless of source code availability, offers a fundamental level of control and transparency. This is particularly true for CTOs, DevOps leads, and infrastructure architects evaluating self-hosted alternatives to the cloud for AI/LLM workloads, where trust in deployed software is a non-negotiable requirement.

David Ordonez, Senior Associate at the NATO Innovation Fund, emphasized how modern economies and critical national infrastructure increasingly depend on software across vital sectors such as energy, transportation, healthcare, finance, and defense. RevEng.AI's solution closes a critical gap in software supply chain security, strengthening the resilience of the systems our societies depend on. For those evaluating on-premise deployment, binary verification can reduce long-term operational risks and costs associated with potential security breaches, contributing to a more predictable Total Cost of Ownership (TCO).

Future Outlook and Market Demand

RevEng.AI is already seeing early demand from enterprise and defense customers, a clear indicator of the relevance and urgency of the problem the company aims to solve. The funds raised will be used to support the growth and deployment of RevEng.AI's binary-level software verification platform, in response to increasing demand. Integrating the technology into existing security and software delivery workflows is a key step to support more proactive software verification processes.

In an era where automation and AI are transforming software development, tools like those offered by RevEng.AI become essential for maintaining a high standard of security and trust. The ability to examine software at such a deep level before it goes into production is an enabler for the resilience of digital infrastructures, ensuring that what is deployed is indeed what is intended to run, without unwanted surprises.