Kovr.ai develops an AI-native cybersecurity compliance automation platform that helps organizations automate regulatory frameworks like FedRAMP and CMMC by generating documentation, mapping security controls, and monitoring compliance in real time. Pulse 2.0 interviewed Kovr.ai co-founder and CEO Andrew Black to learn more.
Andrew Black’s Background
Could you tell me more about your background and how the idea for the company came together? Black said:
“My co-founder, Sri Iyer, and I – both former AWS executives – recognized that compliance had become a growing pain point for regulated industries and organizations aiming to work with the government, draining valuable time and resources from their core mission. While leading the emerging tech business at AWS, overseeing AI, quantum and high-performance computing, I saw firsthand how traditional compliance processes consume significant time and resources. But why do months of work when it could be done in minutes? This sparked the idea to develop an automated solution that reinvents cyber compliance and eliminates these headaches – now known as Kovr.ai.”
Favorite Memory
What has been your favorite memory working for the company so far? Black shared:
“My favorite memory has to be the first time we took a new customer from a full cold start to Authority to Operate (ATO) ready in just about 2 weeks, a process that traditionally takes months of work. We knew the platform was a breakthrough for automated compliance, but it was total validation and encouragement that the technology was genuinely making a difference for customers.”
Core Products
What are the company’s core products and features? Black explained:
“Kovr.ai offers the only AI-native platform designed for cloud and hybrid systems to meet the demands of organizations in highly regulated industries, from public-sector tech companies, banks and energy firms to government and defense agencies. It’s fully interoperable with existing DevOps tools like GitHub, Splunk, and Snyk, and purpose built to help users manage compliance documentation at the security control level, eliminating the need for manual processes that slow teams down and increase costs. Our compliance solution provides a modern alternative to traditional consultancies, which are often costly and rely on outdated, unstable tools designed for the lighter security demands of the past. Always able to adapt to ever-changing and evolving guidelines, the platform uses real-time, code-driven intelligence to automate the most complex frameworks like FedRAMP and CMMC.”
“It’s a true compliance copilot, offering a holistic view into compliance status and risks and remediation progress within a centralized hub. The platform also delivers real-time monitoring, an automated SSP generator, an AI assistant and audit-ready documentation, enabling users to understand compliance risk in real time, as well as automate, process and query data holdings through an intuitive interface.”
Challenges Faced
Have you faced any challenges in your sector of work recently? Black acknowledged:
“When we got started, we anticipated skepticism around using AI for core cyber assessment work. Over the years, Sri and I have led AI-focused businesses, and consistently encountered hesitation from policy, regulatory, and technical professionals, particularly due to concerns about AI operating as a “black box.” We’ve seen this firsthand through our involvement in expert sessions with Congressional committees, the White House, and leading industry groups. However, we have been pleasantly surprised that customers are ready for AI to help them prepare, manage, and assess their cyber compliance. The amount of work needed to defend against cyber risks is overwhelming, and enterprises see that a responsibly developed AI platform can empower their cyber professionals as a copilot to scale their work to defend the enterprise.”
Evolution Of The Company’s Technology
How has the company’s technology evolved since launching? Black noted:
“At the beginning of our journey, we were focused on figuring out whether Large Language Models (LLMs) can generate System Security Plans (SSPs) for FedRAMP, a government program that standardizes the approach to security assessment for cloud services used by federal agencies. Since then, we’ve expanded our solution massively and it is now a fully vertical AI platform that also covers CMMC, DOD SRG, and GovRAMP. Our team has built out a lot of functionality to be a full-suite compliance platform.”
Customer Success Stories
Can you share any specific customer success stories or significant milestones? Black highlighted:
“We’ve been thrilled to see great traction in terms of our industry partnerships and success from our customers. In May 2025, we announced a partnership with Second Front (2F), a public-benefit software company focused on delivering mission-critical government solutions, to deliver a joint solution to accelerate the accreditation and deployment of secure software to government agencies and their technology partners – the first-of-its-kind. The partnership combines our advanced AI-native compliance automation with the 2F Suite – Second Front’s platform for building, securing, and deploying software in government environments. The joint solution has dramatically reduced the time, cost, and complexity of achieving and maintaining software accreditation across the public sector for customers.”
“An integration with Amazon Web Services (AWS) Marketplace, has also allowed us to further help organizations to seamlessly purchase and deploy Kovr.ai’s solution within their AWS environments, streamlining the path to compliance.”
“When we set our core customer metrics for Q2 2025, they almost felt outrageous, but we met them all; we’re thrilled to continue growing the business. We also have a lot of exciting new partnerships coming down the pipeline as well, so stay tuned!”
Funding/Revenue
Are you able to discuss funding and/or revenue metrics? Black revealed:
“Our platform has seen significant traction and investment over the past year – most notably with our launch from stealth and seed funding in May, $3.6 million led by IronGate and Xfund with participation from Hack Factory, OODA Ventures, and McLean Capital. These funds we’ve used to accelerate growth by expanding our go-to-market, AI engineering and product development teams.”
Total Addressable Market (TAM)
What total addressable market (TAM) size is the company pursuing? Black assessed:
“We are targeting a total addressable market of approximately $13 billion globally by 2030, a figure based on the growing demand in the automated compliance space.”
Future Company Goals
What are some of the company’s future goals? Black concluded:
“Our enterprise customers see the tremendous value Kovr has been able to provide, so we’re pushing to add even more standards as well as continuous monitoring and automated evidence collection to keep up with demand and continue expanding our capabilities. We’re excited to be looking down a very fruitful path moving forward for both Kovr and our customers.”
