The rise of AI coding instruments means builders can create software program functions sooner than ever, however the danger for hacks and exploits is rising in lockstep. ThreatModeler, a cybersecurity firm that helps builders determine vulnerabilities of their functions, introduced on Thursday it’s buying its largest competitor, IriusRisk. The deal is for over $100 million, based on a supply with direct information, who added that the annual recurring income for the mixed firms is round $50 million.
In an interview with Fortune, ThreatModeler CEO Matt Jones stated that his firm’s objective is to “democratize” the apply of vulnerability detection at a time when many should depend on fundamental instruments from bigger platforms like Microsoft or flip to AI for menace modeling, which Jones argues is inadequate and might result in huge dangers. Jones stated the acquisition will let ThreatModeler preserve tempo as corporations are scaling up their coding capability like by no means earlier than. “For us to be able to bring the two leaders together,” he stated, “We can be much more aggressive on [our] roadmap.”
Assault floor
Based in 2010, the New Jersey-based ThreatModeler offers automated software program that helps coders evaluation safety flaws of their functions earlier than launching them. For a lot of organizations, the choice is counting on specialists often called safety architects, who evaluation codebases after they’re dwell, which generally is a cumbersome and sometimes belated course of.
Initially bootstrapped by founder Archie Agarwal, ThreatModeler took its first institutional funding in 2024 from the expansion fairness agency Invictus, which purchased a majority stake within the firm. Invictus will now be a majority investor of the mixed companies as nicely.
Till the acquisition, which closed on the finish of 2025, ThreatModeler’s largest competitor was the Spain-based IriusRisk, with ThreatModeler even submitting a patent infringement lawsuit in opposition to IriusRisk in early 2025.
Except for resolving the litigation, Jones stated that the deal made sense for purchasers by combining the 2 platforms, which he described as “80%” comparable. “What we’re going to do is take the best of both and bring them together,” he stated. The mixed corporations may have round 300 clients, which Jones stated are largely Fortune 1000 firms like banks and massive tech operations, although he declined to call particular ones as a result of safety issues.
Whereas ThreatModeler was based nicely earlier than the Nov. 2022 launch of ChatGPT set off the present AI revolution, Jones stated that his firm has built-in AI into its workflow, together with a plan to launch an agentic product within the second half of subsequent yr that may adapt organizations’ menace fashions as their functions evolve.
The flip facet of AI is that as organizations’ coding capability will increase, so does their want for software program like ThreatModeler. “The more code that gets cranked out, the more that needs to be evaluated,” Jones stated.
Totally different jurisdictions, together with the U.S., Canada, and the European Union, are additionally implementing mandates for firms reminiscent of monetary establishments and {hardware} producers to take care of their very own cyberthreat fashions.
As potential vulnerabilities speed up, ThreatModeler’s new foremost competitor is probably going firms turning to AI to develop their very own menace modeling strategy. However Jones stated a part of his firm’s position is to coach on the necessity for strong cybersecurity practices. “If you do it yourself, you’re kidding yourself,” he stated. “You may be thinking you’re doing threat modeling, when in fact you might be creating more risk for yourself.”
