Boost Security announced the acquisitions of SecureIQx and Korbit.ai alongside an additional $4 million in funding from White Star Capital, Amiral Ventures, Accelia Capital, and Sorensen Capital.
The company said the acquisitions and new financing are intended to strengthen its position in AI-native application security as software development increasingly shifts toward AI-generated code and large-scale third-party software ecosystems.
Boost Security develops what it describes as an AI-Native SDLC Defense Platform designed to secure software development lifecycles by combining developer endpoint protection, software supply chain security, and AI-native application security posture management into a unified platform.
The company said its platform is designed to protect AI-powered software development workflows by defending AI toolchains, blocking software supply chain threats before ingestion, and automatically remediating vulnerable code before deployment.
SecureIQx, founded at MIT, developed a software composition analysis reachability engine capable of analyzing both binary and source code across more than a dozen programming languages. The technology is designed to help organizations determine whether vulnerable components are actually reachable and exploitable within applications.
Korbit.ai developed an AI-powered pull request review platform designed to identify security vulnerabilities, performance issues, and software defects during code review workflows. Boost Security said the technology has been trained on hundreds of millions of lines of code from thousands of companies.
According to Boost Security, the acquisitions add advanced reachability analysis, AI-native static application security testing capabilities, and automated code review technologies to the company’s broader platform.
The additional $4 million investment will support continued product development and expansion of the company’s AI-native software security platform.
KEY QUOTES:
“Recent high-profile supply chain attacks are just the opening act. The deeper risk is that every engineering team on the planet is now shipping code written by AI agents that can unknowingly introduce vulnerabilities at machine speed and machine scale, and you can’t ask the same agent that wrote the bug to be your last line of defense. Boost is one of the few platforms built from the ground up to sit outside that loop, intercepting threats before they ever reach production. That’s the security architecture this new era demands.”
Catherine Ouellet-Dupuis, Partner, White Star Capital
“We’re in a new era. By some estimates, 15 times more code was produced in 2025 than in 2024, and most of it wasn’t written or reviewed by humans. At the same time, supply chain attacks are becoming more frequent and more sophisticated. With these acquisitions, we are bringing deeper agentic capabilities into the Boost Security platform to meet that reality.”
Zaid Al Hamami, Founder And CEO, Boost Security
