BlueFlag Security, an identity-centric software development lifecycle (SDLC) security platform, has announced a Series A funding round, bringing its total capital raised to $28m.
The Series A was led by Maverick Ventures and Ten Eleven Ventures, with the proceeds earmarked to accelerate platform development and expand BlueFlag’s footprint across the US and EMEA, particularly within regulated industries and technology organisations embracing AI-driven software development at scale.
Founded in 2024, BlueFlag Security has positioned itself at the intersection of developer identity governance and supply chain security.
Rather than focusing solely on scanning code for vulnerabilities, the company monitors the human and non-human identities operating across the SDLC — including developers, service accounts, and increasingly, AI agents. The platform correlates behavioural signals to surface threats that traditional application security tools routinely miss, with the company’s own analysis suggesting more than 75% of SDLC risk remains invisible to existing tooling.
The fresh capital will support the rollout of two newly announced platform capabilities. The first, Developer Behavioral Risk Analysis, detects risky developer behaviours — such as mass repository cloning outside normal working hours or privilege escalation attempts — that can be early indicators of compromised credentials, insider threats, or supply chain attacks. The second, AI Agent Governance, extends identity oversight to both AI coding assistants, where a human remains in the loop, and fully autonomous agents that write, test, and deploy code independently. BlueFlag applies behavioural baselines, anomaly detection, and audit trails to both categories, while also detecting shadow AI usage and enforcing approval workflows.
The announcement comes against a backdrop of mounting concern around software supply chain security. The 2025 Verizon Data Breach Investigations Report found that 68% of breaches involve compromised credentials, and software supply chain failures entered the OWASP Top 10 2025 at number three, with half of security experts ranking supply chain risk as their primary concern.
BlueFlag has also recently announced strategic partnerships with Obsidian Systems, catworkx, and knowmad mood, pointing to growing market appetite for solutions that support secure, AI-driven software development. The company also reported a fivefold increase in Fortune 500 enterprise customers over the course of 2025.
BlueFlag Security founder and CEO Raj Mallempati said, “Attackers are not going after code – they are going after the identities and tools behind it. BlueFlag was built to close that gap and the traction we are seeing tells us the market is ready. The question is no longer whether AI agents are in your development environment. They already are. The question is whether you are governing them. Our mission is to secure every phase of the software development lifecycle by delivering identity intelligence that creates a trusted environment for innovation.”
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
