ThreatModeler Software Inc., a provider of cybersecurity posture analysis software, today disclosed that it has acquired a Spain-based rival called IriusRisk SL.

The terms of the deal were not disclosed.

When developers determine that an application may contain cybersecurity risks, they create what’s known as a threat model. That’s a diagram of the application’s components and vulnerabilities. It also provides information on how a hacker might go about exploiting the vulnerabilities as part of a cyberattack.

Creating threat models is a highly time-consuming task, particularly in large companies where developers may have to analyze dozens of applications. New Jersey-based ThreatModeler provides a platform that speeds up the process. Developers can use artificial intelligence features built into the software to automate certain aspects of the diagram creation workflow.

According to ThreatModeler, its platform also speeds up certain related tasks. It can not only visualize the cybersecurity flaws in an application but also prioritize them by severity. For example, the platform might determine that a certain vulnerability should be prioritized because it’s being actively exploited by a hacking group. The built-in AI generates remediation suggestions to speed up the remediation workflow.

IriusRisk sells a competing threat modeling platform that automates many of the same tasks such as ThreatModeler. It also provides several features not supported by the latter company.

At the start of a software project, developers put together a list of the features they plan to build. That list is often stored in Atlassian Corp.’s Jira platform. IriusRisk provides a tool called Bex AI that can analyze feature descriptions in Jira and flag any issues they contain. For example, the tool could point out if a proposed feature might weaken an application’s encryption mechanism.

Fixing vulnerabilities at the design stage is easier than in subsequent phases of the development workflow. Once a vulnerable feature is live, rewriting its code can take a significant amount of time. It may also require developers to update other application components that depend on the feature.

IriusRisk says that its platform can be used to map out not only cybersecurity flaws but also other risks. The software highlights application components that breach data management regulations such as GDPR and HIPAA. Furthermore, companies can use the built-in diagramming features to visualize risks in their supply chains.

ThreatModeler says the acquisition will enable it to speed up product development. The combined company is majority-owned by Invictus Growth Partners, a private equity firm that bought ThreatModeler in 2024 for $60 million. Paladin Capital Group, a venture fund that led a $29 million round for IriusRisk in 2022, owns the rest of the company. 

Image: Unsplash