Boost Security on Thursday announced a $4 million funding round to expand its software development lifecycle (SDLC) defense platform, bringing the Montreal-based startup’s total funding to $16 million since its 2022 founding. The round was led by White Star Capital, with participation from Amiral Ventures, Accelia Capital, and Sorensen Capital.
The company simultaneously announced two strategic acquisitions — SecureIQx and Korbit.ai — designed to enhance its AI-native security platform with advanced code analysis and review capabilities. According to SecurityWeek, the acquisitions add reachability analysis and static application security testing (SAST) to Boost’s existing vulnerability management suite.
Platform Addresses AI-Driven Code Production Surge
Boost Security’s platform targets a fundamental shift in software development: the exponential growth of AI-generated code. CEO Zaid Al Hamami told SecurityWeek that “15 times more code was produced in 2025 than in 2024, and most of it wasn’t written or reviewed by humans.”
The AI-native solution automatically addresses code vulnerabilities, secures AI development tools, and blocks supply chain threats before they integrate into production code. The platform leverages artificial intelligence to find and resolve software vulnerabilities throughout the entire development lifecycle, from initial coding through deployment.
Boost’s approach differs from traditional security tools by focusing on developer endpoints and the software supply chain simultaneously, creating what the company calls an integrated SDLC defense system.
Strategic Acquisitions Expand Technical Capabilities
The SecureIQx acquisition brings MIT-developed Software Composition Analysis (SCA) technology that performs reachability analysis across more than a dozen programming languages. This capability allows Boost’s platform to determine whether vulnerable code components are actually executable in production environments, reducing false positives in vulnerability assessments.
Korbit.ai, also based in Montreal, contributes a code review and engineering insights platform that identifies security flaws, performance issues, and code quality problems. The acquisition adds human-readable code analysis to complement Boost’s automated vulnerability detection.
According to SecurityWeek, these acquisitions enable “deeper agentic capabilities” within Boost’s platform, allowing for more autonomous security operations as development teams scale AI-assisted coding practices.
Market Context: Supply Chain Security Urgency
The funding comes as supply chain attacks increase in frequency and sophistication, creating pressure on enterprises to secure development processes rather than just deployed applications. Traditional security approaches often miss vulnerabilities introduced during the development phase, particularly when AI tools generate large volumes of code without human review.
Boost’s platform addresses this gap by monitoring developer endpoints where code is created and modified, rather than waiting for security scans during later deployment phases. The approach aligns with industry trends toward “shift-left” security, where vulnerability detection moves earlier in the development process.
The company’s AI-native architecture also positions it to handle security challenges specific to AI-generated code, including potential bias, hallucination-based vulnerabilities, and integration issues between human and machine-generated components.
Enterprise AI Infrastructure Challenges
The security platform launch occurs amid broader enterprise struggles with AI infrastructure utilization. Recent industry data shows average GPU utilization in enterprises remains at just 5%, despite organizations investing heavily in AI capabilities.
This utilization gap creates additional security concerns, as underused AI infrastructure often lacks proper monitoring and governance. Boost’s focus on securing AI development tools addresses one aspect of this challenge by ensuring that AI-assisted coding environments maintain security standards even as usage scales.
The timing also coincides with major technology partnerships around enterprise AI agents. NVIDIA and ServiceNow recently announced collaboration on autonomous AI agents for enterprise environments, highlighting industry momentum toward more sophisticated AI deployments that require corresponding security measures.
What This Means
Boost Security’s funding and acquisitions reflect a maturing market for AI-native security tools as enterprises grapple with AI-generated code volumes that exceed human review capacity. The company’s integrated approach — securing both developer endpoints and supply chains — addresses a gap in traditional security architectures that were designed for human-centric development workflows.
The $16 million total funding positions Boost to compete with larger security vendors while maintaining focus on the specific challenges of AI-assisted development. The acquisitions suggest a strategy of building comprehensive capabilities through targeted technology integration rather than developing all components internally.
For enterprises adopting AI development tools, Boost’s platform represents an attempt to maintain security standards without slowing development velocity — a balance that becomes more critical as AI-generated code percentages continue growing.
FAQ
What makes Boost Security’s platform different from traditional security tools?
Boost Security focuses specifically on AI-generated code and developer endpoints, using AI-native detection methods to identify vulnerabilities introduced during the development phase rather than waiting for deployment-time scans.
How do the SecureIQx and Korbit.ai acquisitions enhance Boost’s capabilities?
SecureIQx adds reachability analysis across 12+ programming languages to reduce false positives, while Korbit.ai contributes automated code review and engineering insights for security, performance, and quality issues.
Why is SDLC security becoming more important now?
The volume of AI-generated code increased 15x in 2025 compared to 2024, with most code not reviewed by humans, creating new vulnerability vectors that traditional security tools weren’t designed to handle.
Sources
- Boost Security Raises $4 Million for SDLC Defense Platform – SecurityWeek
