Boost Security has announced the dual acquisition of SecureIQx and Korbit.ai, coupled with $4 million in new funding from a group of investors including White Star Capital and Amiral Ventures. The expansion aims to address the security challenges posed by the massive surge in AI-generated code and the increasing complexity of software supply chains. By integrating advanced reachability analysis and AI-native code review, Boost Security is positioning itself as a critical defense layer that operates at the same speed as modern automated coding agents, preventing vulnerabilities from reaching production environments.
Boost Security acquired SecureIQx (MIT-founded SCA reachability) and Korbit.ai (AI-based code review).
The company secured $4 million in additional funding to support platform development.
The platform unifies Developer Endpoint Protection, Supply Chain Security, and AI-Native ASPM.
SecureIQx technology identifies if vulnerable components are actually reachable and exploitable.
Korbit.ai brings an AI-native SAST capability trained on hundreds of millions of lines of code.
Boost Security is designed to intercept threats outside the "AI generation loop" to ensure independent verification.
As software development shifts toward machine-speed execution, security teams are struggling to manage the volume of code produced by AI tools. Boost Security’s AI-Native SDLC Defense Platform is built to act as an independent auditor of this automated output. By sitting outside the generation loop, the platform can block supply chain threats and auto-remediate flawed code before it is committed. This architecture is intended to prevent the "machine-scale" introduction of vulnerabilities that human reviewers can no longer feasibly monitor.
"Recent high-profile supply chain attacks are just the opening act," said Catherine Ouellet-Dupuis, Partner, White Star Capital. "The deeper risk is that every engineering team on the planet is now shipping code written by AI agents that can unknowingly introduce vulnerabilities at machine speed and machine scale, and you can't ask the same agent that wrote the bug to be your last line of defense."
The acquisition of SecureIQx brings a specialized reachability engine capable of analyzing both binary and source code across a dozen programming languages. This allows teams to prioritize vulnerabilities that pose a real risk rather than chasing unreachable flaws. Meanwhile, Korbit.ai’s pull request review platform adds deep AI-native Static Application Security Testing (SAST) capabilities. Together, these technologies enable Boost Security to provide a more comprehensive, agentic defense that can automatically detect and fix issues during the development process.
"We're in a new era. By some estimates, 15 times more code was produced in 2025 than in 2024, and most of it wasn't written or reviewed by humans," said Zaid Al Hamami, founder and CEO of Boost Security. "With these acquisitions, we are bringing deeper agentic capabilities into the Boost Security platform to meet that reality."
The $4 million funding round included participation from Accelia Capital and Sorensen Capital, reflecting strong investor confidence in AI-native security infrastructure. As enterprises continue to leverage large ecosystems of third-party packages, Boost Security’s ability to secure the entire development lifecycle—from the developer endpoint to the final production push—is becoming an essential component of modern IT operations.
About Boost Security
Boost Security is the AI-Native SDLC Defense Platform built to secure software at the speed of generation. The platform unifies Developer Endpoint Protection, Software Supply Chain Security, and AI-Native ASPM into a single execution engine. By actively protecting the AI workspace, blocking supply chain threats, and auto-fixing flawed code before the commit, Boost empowers engineering teams to leverage AI and floor the accelerator safely.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.