As software systems become increasingly dependent on third party code, open source components, and AI generated development, organisations are facing a growing problem, they often cannot fully verify what is actually running inside the software they deploy. Traditional security tools largely focus on source code analysis, but modern supply chain attacks increasingly exploit compiled software, firmware, and external vendor applications where source code may not even be accessible. Cybersecurity company RevEng AI is building a binary level verification system designed to address that challenge by analysing software directly at the executable level.
RevEng.AI has raised $15 million in a Series A funding round led by NATO Innovation Fund, with participation from Sands Capital, In Q Tel, IQ Capital, and Episode One.
The company plans to use the funding to expand deployment of its binary level software verification platform as demand grows from enterprise and defence organisations.
Addressing a Growing Software Security Problem
Software supply chain attacks have become one of the fastest growing cybersecurity threats globally.
Modern organisations rely heavily on third party software vendors, open source libraries, cloud services, firmware, and increasingly AI generated code, creating enormous complexity across software ecosystems.
At the same time, security teams often lack visibility into what compiled software actually contains once applications are packaged and deployed.
RevEng.AI aims to close that gap through a binary native verification approach that analyses executables directly rather than relying solely on source code reviews.
The company’s platform can inspect compiled software, firmware, and third party applications even when source code is unavailable.
Building AI Powered Binary Analysis
At the centre of RevEng.AI’s platform is a foundational AI model called BinNet.
The system is designed to analyse software directly at the binary level in order to identify hidden vulnerabilities, suspicious functionality, backdoors, undeclared components, and abnormal software changes before deployment.
According to the company, BinNet has been trained alongside government cyber units and commercial security teams to improve its ability to identify software risks automatically.
James Patrick Evans said executable binaries are becoming the most reliable method for understanding what software actually does once it operates on machines, especially as AI increasingly participates in software development.
Patrick Evans argued that much of the software being produced today may never be fully reviewed by humans, making automated binary verification increasingly important for security and trust.
Moving Beyond Traditional Application Security
Unlike many conventional application security platforms focused primarily on repositories and source code analysis, RevEng.AI works directly on compiled executables.
This enables the company to analyse closed source applications, firmware, and vendor supplied software where direct code access may not exist.
The platform is designed to help organisations compare releases against trusted versions, identify undeclared software components, detect vulnerabilities or malicious behaviour, and verify software integrity before procurement or deployment decisions are made.
The company believes binary level analysis is becoming increasingly critical as software ecosystems grow more fragmented and automated.
Growing Importance for Critical Infrastructure
David Ordonez said modern economies and critical infrastructure sectors including energy, transportation, healthcare, finance, and defence are becoming increasingly dependent on software systems.
According to Ordonez, organisations need better visibility into the software powering critical infrastructure even when applications originate from third party vendors or closed source systems.
RevEng.AI says it is already seeing early demand from enterprise and defence customers while integrating its technology into existing software delivery and security workflows.
As software supply chain attacks continue increasing in scale and sophistication, platforms capable of independently verifying software at the binary level are becoming an increasingly important part of the future cybersecurity landscape.
