BlueFlag Security, an identity-centric software development lifecycle (SDLC) security platform, has announced a significant milestone, revealing it has raised $28m to date alongside posting 300% year-on-year revenue growth in 2025.
The company’s Series A financing round was led by Maverick Ventures and Ten Eleven Ventures, with the funds earmarked for accelerating platform development and broadening its footprint across the US and EMEA, particularly within regulated industries and technology organisations embracing AI-driven software development at scale.
Founded in 2024, BlueFlag Security targets a critical blind spot in modern software development: the risk posed not by vulnerable code, but by the compromised, manipulated, or malicious identities that have legitimate access to development environments. The company’s own analysis found that more than 75% of SDLC risk remains invisible to existing application security tooling. This challenge is underscored by broader industry data — the 2025 Verizon Data Breach Investigations Report found that 68% of breaches involve compromised credentials, while software supply chain failures entered the OWASP Top 10 2025 at number three, with half of all security experts citing supply chain risk as their primary concern.
The fresh capital will be used to drive continued platform development and support expansion into new markets, as BlueFlag looks to capitalise on growing enterprise demand. The company reported a fivefold increase in Fortune 500 enterprise customers over the past year, and has recently formed strategic partnerships with Obsidian Systems, catworkx, and knowmad mood.
BlueFlag’s latest platform release introduces two new capability areas. The first, Developer Behavioural Risk Analysis, enables the platform to detect risky behaviours — such as mass repository cloning outside normal working hours, unusual access patterns, and privilege escalation attempts — by correlating signals across developer identities and the tools they interact with. The second, AI Agent Governance, extends that same identity governance framework to both AI coding assistants, such as Copilot and Cursor, and fully autonomous AI agents that write, test, and deploy code without human oversight. The platform applies behavioural baselines, anomaly detection, overprivilege scoring, and full audit trails to both categories, while also detecting shadow AI usage and enforcing approval workflows.
BlueFlag Security founder and CEO Raj Mallempati said, “Attackers are not going after code – they are going after the identities and tools behind it. BlueFlag was built to close that gap and the traction we are seeing tells us the market is ready. The question is no longer whether AI agents are in your development environment. They already are. The question is whether you are governing them. Our mission is to secure every phase of the software development lifecycle by delivering identity intelligence that creates a trusted environment for innovation.”
Copyright © 2026 FinTech Global
