Application security startup Boost Security Inc. today announced two acquisitions and an additional $4 million in funding as it builds out what it pitches as an artificial intelligence-native defense platform for software development.

The company has acquired SecureIQx, an MIT-founded startup that built a software composition analysis reachability engine and Korbit Technologies Inc., an AI-driven pull request review platform. The price of the acquisitions was not disclosed.

Founded in 2020, Boost sells what it calls an AI-Native SDLC Defense Platform, a platform that combines developer endpoint protection, software supply chain security and AI-native application security posture management in a single product. The platform is designed to defend the AI toolchain used by coding agents, block supply chain threats before packages are ingested and auto-remediate vulnerable code so that engineering teams are not slowed down by security review.

The acquisition of SecureIQx gives Boost reachability analysis that works against both binary and source code across more than a dozen programming languages. The technology is intended to help security teams determine whether a vulnerable component is actually reachable and exploitable in production, rather than treating every flagged dependency as equally urgent.

Korbit.ai contributes an AI-based code review system trained on hundreds of millions of lines of code that flags security flaws, performance issues and coding errors at the pull request stage.

“We’re in a new era,” said founder and Chief Executive Zaid Al Hamami. “By some estimates, 15 times more code was produced in 2025 than in 2024 and most of it wasn’t written or reviewed by humans. At the same time, supply chain attacks are becoming more frequent and more sophisticated. With these acquisitions, we are bringing deeper agentic capabilities into the Boost Security platform to meet that reality.”

The deals add reachability analysis and AI-native static application security testing to a platform Boost has been positioning against incumbents including Snyk Ltd., Endor Labs Inc. and Apiiro Ltd., as well as a growing field of startups focused on securing AI-generated code.

The new funding was an extension to Boost’s existing capital base. Backers include White Star Capital, Amiral Ventures, Accelia Capital Inc. and Sorensen Capital.

“The deeper risk is that every engineering team on the planet is now shipping code written by AI agents that can unknowingly introduce vulnerabilities at machine speed and machine scale and you can’t ask the same agent that wrote the bug to be your last line of defense,” said Catherine Ouellet-Dupuis, a partner at White Star Capital “Boost is one of the few platforms built from the ground up to sit outside that loop.”

The new funding will be used to support continued development of the company’s platform.

Image: SecureIQx