Cycode is a well-funded startup that gives an end-to-end utility safety posture administration platform — that’s, a instrument that repeatedly scans code (and the libraries it depends on) for potential safety vulnerabilities all through the software program growth life cycle after which helps remediate these points. At the moment, the corporate introduced that it has acquired Bearer, a static utility safety testing (SAST) startup that focuses on making the developer expertise as clean as potential whereas nonetheless offering them with important safety suggestions. With its lately launched AI assistant, Bearer additionally wager on generative AI to counsel code fixes and clarify vulnerabilities.
Bearer raised an $8 million seed spherical led by Alven in 2022. Cycode has raised over $81 million in funding thus far, together with a $56 million Sequence B spherical in 2021. That’s what put the corporate able to make at present’s acquisition, although the 2 firms didn’t disclose the worth.
As Cycode co-founder and CEO Lior Levy instructed me, this acquisition now offers the corporate with all the capabilities it must turn into a full-fledged utility safety platform. Like so many startups, that’s not essentially what the staff was centered on when Cycode first launched. On the time, Cycode was one of many earlier gamers within the software program provide chain area. At the moment, the corporate addresses a far wider vary of assault vectors.
“Day one, we have been centered on what we wished to construct round software program provide chain safety,” he instructed me. “However then, as time progressed, we realized that there was further worth that we would have liked to seize. It’s the best strategy to turn into a platform and that is what we’ve heard from clients. So we adopted and addressed these wants.”
The Cycode and Bearer groups first began speaking final August and stayed in contact after that. In response to Levy, it was Dor Atias, Cycode’s co-founder and VP of R&D, who realized that Bearer’s expertise would properly complement — and full — the bigger startup’s present answer. “Our mission is to be a whole platform,” Atias mentioned. “The lacking half was a SAST instrument that may be quick and linked simply to the Cycode platform. And the Bearer staff invested lots within the mind of the SAST engine — not solely the foundations and stuff like that — however the engine itself. I examined it a couple of occasions and noticed that it might be built-in simply.”
And that’s what the Cycode staff has already achieved, despite the fact that the deal solely closed final week. Now, Atias mentioned, the staff is taking a look at the way it can carry that Bearer engine to different components of the platform, too. That features a few of Bearer’s AI options as nicely, together with its remediation capabilities. Levy believes that utilizing AI to repair points earlier than they even go into the supply management is one thing akin to the “secret sauce for safety” and can assist cut back the burden on builders and safety groups.
Cycode co-founder Ronen Slavin, the corporate’s CTO, additionally famous that this acquisition matches in nicely with the corporate’s deal with each placing safety and the developer expertise first. “Builders weren’t employed to repair safety points,” he mentioned. “They get annoyed they usually find yourself with false positives. Bearer has the very best price of precision when it comes to the speed of false positives. By way of GenAI, one of many parts is the context for the remediation that builders get that they wouldn’t get in any other case, which can also be tied to the improved expertise.”
Whereas Bearer nonetheless exists as a stand-alone product for now, Cycode plans to maneuver its clients over to its platform over time.
“We’re thrilled to be becoming a member of forces with Cycode, an organization that shares our imaginative and prescient for making developer safety a staff sport,” mentioned Bearer CEO Guillaume Montard. “This union marks a crucial milestone in our journey, amplifying our attain and affect to the world’s greatest safety and growth groups. Collectively, we’re set to proceed redefining the requirements of the whole strategy to utility safety posture administration.”