Boost Security raised $4 million in new funding and acquired two AI-powered security startups to expand its software development lifecycle (SDLC) defense platform. The Montreal-based company announced the funding round from White Star Capital, Amiral Ventures, Accelia Capital, and Sorensen Capital, bringing its total funding to $16 million since its 2022 founding.
According to SecurityWeek, the company simultaneously acquired MIT-founded SecureIQx and Montreal-based Korbit.ai to add advanced reachability analysis, SAST capabilities, and AI-powered code review to its platform.
Major Security Platform Expansions Drive Market Activity
The funding announcement comes alongside several other significant security platform developments. Herd Security raised $3 million from Aspiron Ventures and other investors for its agentic AI security training platform that delivers interactive microlessons through Slack, Teams, and learning management systems.
Meanwhile, enterprise infrastructure providers are adapting to AI deployment demands. According to VentureBeat, Nutanix executives highlighted the growing complexity of moving from AI pilots to production deployments across real business environments.
“It’s one thing to do an experiment, to do a prototype. It’s a different thing to take that prototype and deploy it for 10,000 employees,” Thomas Cornely, EVP of product management at Nutanix, told VentureBeat.
AI-Native Security Tools Address Code Vulnerability Surge
Boost Security’s platform focuses on securing developer endpoints and the software supply chain using AI to identify and resolve vulnerabilities throughout the development lifecycle. The AI-native solution automatically addresses code vulnerabilities, secures AI tools, and blocks supply chain threats before integration.
SecureIQx brings a Software Composition Analysis (SCA) reachability engine that analyzes code across more than a dozen programming languages. Korbit.ai adds code review and engineering insights capabilities that identify security, performance, and code flaws.
“By some estimates, 15 times more code was produced in 2025 than in 2024, and most of it wasn’t written or reviewed by humans,” said Boost Security founder and CEO Zaid Al Hamami in the SecurityWeek report. “At the same time, supply chain attacks are becoming more frequent and more sophisticated.”
Enterprise AI Agent Governance Emerges as Priority
The rise of autonomous AI agents is creating new security and governance challenges for enterprises. NVIDIA and ServiceNow announced an expanded partnership to deliver specialized autonomous AI agents with built-in governance and control mechanisms.
ServiceNow introduced Project Arc, a self-evolving autonomous desktop agent for knowledge workers that connects to the ServiceNow AI Platform through Action Fabric. Unlike standalone AI agents, Project Arc provides governance, auditability, and workflow intelligence for every action the agent takes.
Regulatory Pressure Builds on Cloud Infrastructure
European regulators are considering new restrictions that could impact enterprise security tool deployment. CNBC reported that the European Commission is preparing rules to restrict U.S. cloud platforms from processing sensitive government data across EU countries.
The Commission plans to present its “Tech Sovereignty Package” on May 27, responding to calls for Europe’s critical workloads to move away from U.S. cloud providers that currently dominate the European market. This regulatory shift could influence how security vendors architect and deploy their platforms globally.
Training Platforms Adapt to Dynamic Threat Landscape
Herd Security’s $3 million funding round reflects growing demand for adaptive security training solutions. The San Francisco-based company’s platform creates training content based on organizational context and active threats, parsing imported policies and compliance frameworks to generate micro-training delivered as text, images, videos, or conversational AI.
“Threats evolve daily, and organizations aren’t equipping security professionals with the tools to turn what they know into relevant programs that engage employees when it matters most,” Herd Security co-founder and CEO Brandon Min said in the SecurityWeek announcement.
The company plans to expand training categories across HR and AI, optimize video generation capabilities, and grow its partnership ecosystem with the new funding.
What This Means
The convergence of AI-powered security tools, autonomous agents, and evolving regulatory requirements is reshaping enterprise security architecture. Companies like Boost Security are positioning themselves at the intersection of development security and AI automation, while training platforms like Herd Security address the human element of cybersecurity defense.
The rapid increase in AI-generated code—estimated at 15 times higher in 2025 than 2024—creates both opportunities and challenges for security vendors. Traditional security approaches struggle with the scale and speed of modern development practices, making AI-native solutions increasingly essential.
Regulatory developments in Europe may accelerate demand for regionally-deployed security solutions, potentially benefiting vendors that can offer flexible deployment models across different jurisdictions.
FAQ
What makes Boost Security’s approach different from traditional SDLC security tools?
Boost Security’s platform is AI-native, automatically identifying and resolving vulnerabilities throughout the development lifecycle rather than requiring manual intervention. The recent acquisitions add advanced reachability analysis and automated code review capabilities that work across multiple programming languages.
How do autonomous AI agents change enterprise security requirements?
Autonomous agents introduce multi-step workflows across applications and data sources with unpredictable, real-time workloads. This requires new governance frameworks like ServiceNow’s Action Fabric to provide auditability and control over agent actions while maintaining security across enterprise environments.
Why are European regulations targeting U.S. cloud platforms significant for security vendors?
Restrictions on U.S. cloud platforms for sensitive government data could force security vendors to offer European-deployed alternatives. This regulatory shift may create opportunities for vendors that can provide flexible, regionally-compliant deployment options while maintaining the same security capabilities.
Related news
- ThreatBook launches AI security tools for SOCs & AI skills – SecurityBrief Asia – Google News – AI Security
- Herd Security raises $3m to fight AI-driven threats – FinTech Global – Google News – AI Security
Sources
- Boost Security Raises $4 Million for SDLC Defense Platform – SecurityWeek
- NVIDIA and ServiceNow Partner on New Autonomous AI Agents for Enterprises – NVIDIA AI Blog
- Herd Security Raises $3 Million for AI-Powered Training Platform – SecurityWeek
