RevEng.AI raises $15M to secure AI-generated software

RevEng.AI, a cybersecurity company
focused on software supply chain verification, has raised $15 million in a
Series A funding round led by NATO Innovation Fund, with participation from
Sands Capital, In-Q-Tel, IQ Capital, and Episode One.

The company is building a
binary-native verification layer for the software supply chain, helping organisations analyse compiled software to determine what is actually inside
executables, firmware, and third-party applications without requiring access to
source code.

Software supply chain attacks are
becoming a growing risk as organisations increasingly rely on third-party
software, open-source components, and vendor updates. At the same time,
AI-generated code is making it harder for security teams to verify that deployed
software is secure and free from hidden vulnerabilities or malicious
functionality.

RevEng.AI aims to address this
challenge through its foundational AI model, BinNet, which analyses software
directly at the binary level. Trained alongside government cyber units and
commercial security teams, the system is designed to automatically identify
hidden vulnerabilities, backdoors, suspicious functionality, and abnormal
changes in released software before it is deployed or purchased.

According to James Patrick-Evans, PhD,
Founder and CEO of RevEng.AI, as AI takes on a growing role in software
development, executable binaries are becoming the most reliable way to verify
what software actually does once it runs on machines.

RevEng gives organisations an
independent way to verify software at the binary level before it is released,
bought, or deployed. This is critical because much of the software being built
today is never reviewed or seen by a human, making it untrustworthy. It needs
to be automated, and that’s exactly what RevEng delivers.

Unlike traditional application
security tools that primarily focus on source code and repositories, RevEng
works directly on compiled executables, including closed-source and third-party
software. The platform is designed to help organisations identify hidden or
undeclared components, detect vulnerabilities and malicious behaviour, compare
releases against trusted versions, and verify software before deployment or
procurement decisions are made.

David Ordonez, Senior Associate at
NATO Innovation Fund, said modern economies and critical national
infrastructure increasingly depend on software across sectors such as energy,
transportation, healthcare, finance, and defence.

RevEng.AI gives organisations the
ability to understand what is actually inside the software they rely on, even
when that software is closed-source or delivered by third parties. That closes
a critical gap in software supply chain security and strengthens the resilience
of the systems our societies depend on.

The company says it is already seeing
early demand from enterprise and defence customers, while continuing to
integrate its technology into existing security and software delivery workflows
to support more proactive software verification processes.

The funding will be used to support
the growth and deployment of RevEng.AI’s binary-level software verification
platform as demand increases from enterprise and defence organisations.