Vicarius Inc., a startup helping enterprises find and fix vulnerabilities in their software, today announced that it has raised a $30 million funding round.

Cybersecurity-focused venture capital firm Bright Pixel Capital led the Series B investment. It was joined by AllegisCyber Capital, AlleyCorp and Strait Capital.

New York-based Vicarius provides a software platform called vRx that can catalog the systems in a company’s network and map out what programs they’re running. It then scans those programs for vulnerabilities. According to Vicarius, vRx automatically flags if an application contains an open-source component with a known security flaw. 

The platform also spots zero-day exploits, or security flaws that aren’t already known to the cybersecurity community. It does so using an artificial intelligence engine that analyzes application vulnerabilities for common patterns. By comparing a company’s applications against those common patterns, the engine can find code that may contain a zero-day flaw. 

Besides spotting vulnerabilities, vRx can promises to help administrators patch them. The platform includes a patching tool that makes it possible to download the security updates available for an application with a few clicks. If applying the update immediately is impractical, administrators can schedule the download for later. 

Patching vulnerabilities isn’t always possible. Companies are typically faced with this challenge when researchers find a security flaw in an application, but the application’s developer hasn’t yet issued an update. There are also situations where applying a patch, a process that typically incurs downtime, is impractical because the affected workload is too important to take offline. 

Vicarius claims its vRx platform can address the challenge. It does so using a feature called Patchless Security that can secure a vulnerable workload without patching it. 

Applications consist in large part of functions, code snippets that each perform one specific task or a set of related tasks. When a vulnerability is discovered in an application, vRx can identify which specific functions are affected. From there, the platform configures itself to automatically detect and block cyberattacks that target the vulnerable functions. 

The company says its Patchless Security feature also fends off other types of cyberattacks. It can block attempts to exfiltrate data from applications’ memory. Moreover, vRx detects when malware attempts to mimic a legitimate program in order to read the files accessible to that program. 

Vicarius will use the proceeds from its new funding round to extend its platform’s feature set. The effort will place a particular emphasis on expanding vRx’s AI capabilities. 

In August, it introduced a large language model called vuln_GPT for the platform. The model automatically writes scripts to mitigate newly discovered application vulnerabilities. It can, for example, write a script to isolate a vulnerable application until a patch is available or disable the code component that contains the security flaw.

Vicarius will also invest a portion of the funding round in customer acquisition initiatives. Currently, the company’s installed base includes more than 400 organizations, including Hewlett Packard Enterprise Co., PepsiCo Inc. and other large enterprises. 

Image: Unsplash