VulnCheck, a company specialising in exploit intelligence, has secured fresh investment of $25m as demand rises for faster and more precise threat detection tools.
The US-based firm focuses on helping organisations identify and respond to actively exploited software vulnerabilities, aiming to close what it describes as the “exploitation-timing gap” between disclosure and attack.
The company has raised $25m in a Series B round led by Sorenson Capital, with participation from National Grid Partners and existing backers Ten Eleven Ventures and In-Q-Tel (IQT). The latest funding brings VulnCheck’s total capital raised to $45m.
VulnCheck provides a machine-consumable dataset built around first-party evidence of exploitation. Its platform analyses more than 500 million records across over 500 sources covering all common vulnerabilities and exposures (CVEs), filtering out noise to highlight the threats that matter most to defenders.
By delivering intelligence designed primarily for machine-to-machine consumption, the company says it enables automated workflows and faster remediation. Its data is refreshed multiple times daily, giving customers context around threat actor activity, ransomware links and exploit proof-of-concept code circulating in the wild.
The new funding will be used to accelerate growth and further develop its intelligence capabilities. VulnCheck says the capital will support expanded automation and AI-powered emerging threat detection, allowing global organisations to better protect critical infrastructure, sovereign systems and the wider economy from rapidly weaponised vulnerabilities.
The investment follows what the company describes as a record year. Over the past 12 months, VulnCheck reported a 557% increase in enterprise annual recurring revenue (ARR) and a 306% rise in government ARR. It also climbed from No. 143 to No. 28 in all-time CVE assignment rankings, with nearly 2,000 CVEs assigned.
Its Known Exploited Vulnerabilities (KEV) list expanded by nearly 900 software and hardware vulnerabilities in 2025, representing 25% year-on-year growth. According to company research, 32% of those vulnerabilities were exploited on or before the day of CVE disclosure, up 36% compared to 2024. Meanwhile, its community user base grew by nearly 7,000, bringing total users of VulnCheck KEV and VulnCheck NVD++ to more than 13,000.
Sorenson Capital partner Ken Elefant said, “VulnCheck’s fundamentally different approach has allowed the company to sustain its hypergrowth trajectory. Legacy vulnerability management solutions were built for manual analyst workflows and cover only a fraction of known vulnerabilities. VulnCheck combines the largest breadth of public and first-party exploit intelligence and delivers it first for machine-to-machine consumption, with human review as a secondary outcome, to drastically close the exploitation-timing gap. This approach has it well-positioned in the market for years to come.”
VulnCheck founder and CEO Anthony Bettini said, “The weaponization and exploitation of software vulnerabilities is happening at a much faster rate than remediation, and this is particularly concerning for security teams as the number of CVEs increases exponentially year-over-year. This funding validates our approach to providing faster, more precise, and continuously updated intelligence, and reinforces our commitment to the organizations that rely on us to outpace attackers when exploit timelines have become more compressed than ever.”
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
