Boost Security, an AI-native software development lifecycle (SDLC) defence platform, has announced the acquisitions of SecureIQx and Korbit.ai, alongside $4m in new funding.
The additional capital was provided by White Star Capital, Amiral Ventures, Accelia Capital, and Sorensen Capital, and will be directed towards further development of the company’s platform.
The two acquisitions bring complementary capabilities to Boost Security’s existing offering. SecureIQx, a startup founded at MIT, created a Software Composition Analysis reachability engine able to examine both binary and source code across more than twelve programming languages, helping organisations assess whether vulnerable components within their applications are genuinely reachable and exploitable.
Korbit.ai, meanwhile, developed an AI-driven pull request review platform designed to catch security vulnerabilities, performance problems, and coding errors during the review stage. Its technology has been trained on hundreds of millions of lines of code drawn from thousands of companies. Taken together, the two acquisitions add advanced reachability analysis, AI-native static application security testing (SAST) capabilities, and code review technologies to the Boost Security platform.
The broader context for the deals is a rapidly shifting software development landscape, in which AI tools are producing ever-greater volumes of code and engineering teams are increasingly reliant on expansive ecosystems of third-party packages and libraries. Security teams face the challenge of assessing growing quantities of code whilst determining which vulnerabilities genuinely present a risk in live production systems.
Boost Security’s platform addresses this by combining Developer Endpoint Protection, Software Supply Chain Security, and AI-Native Application Security Posture Management (ASPM) into a single solution. The platform is designed to defend the AI toolchain, prevent supply chain threats from being ingested, and automatically remediate vulnerable code, enabling engineering teams to develop at speed without security becoming a bottleneck.
White Star Capital partner Catherine Ouellet-Dupuis said, “Recent high-profile supply chain attacks are just the opening act. The deeper risk is that every engineering team on the planet is now shipping code written by AI agents that can unknowingly introduce vulnerabilities at machine speed and machine scale, and you can’t ask the same agent that wrote the bug to be your last line of defense. Boost is one of the few platforms built from the ground up to sit outside that loop, intercepting threats before they ever reach production. That’s the security architecture this new era demands.”
Boost Security founder and CEO Zaid Al Hamami said, “We’re in a new era. By some estimates, 15 times more code was produced in 2025 than in 2024, and most of it wasn’t written or reviewed by humans. At the same time, supply chain attacks are becoming more frequent and more sophisticated. With these acquisitions, we are bringing deeper agentic capabilities into the Boost Security platform to meet that reality.”
Copyright © 2026 FinTech Global
