RapidFort raises USD $42m for automated vuln fixes

RapidFort has raised USD $42 million in a Series A funding round as it targets wider adoption of automated software supply chain security and vulnerability remediation.

Blue Cloud Ventures and Forgepoint Capital led the round, with participation from Felicis Ventures. Other investors included Alumni Ventures, Boulder Ventures, Brave Capital, Evolution Ventures, Florida Funders, Gaingels and Mana Ventures.

The funding comes as security teams face growing pressure from quicker exploitation of disclosed vulnerabilities and faster release cycles in software development. RapidFort cited data from Verizon's Data Breach Investigations Report that put vulnerability exploitation at 20% of breaches, close to credential abuse at 22%.

RapidFort positions its product around continuous remediation rather than periodic patching and manual prioritisation. The company says its platform can remove 70% to 90% of known vulnerabilities in days, without code and application changes.

Remediation focus

The company's approach centres on automating the work required to reduce vulnerabilities across the software lifecycle, from build through runtime. It says the platform continuously analyses software artefacts, applies remediation, and hardens images and other components so vulnerabilities persist for less time.

RapidFort also says its technology is operating system agnostic and works across different environments. It frames that as a way for engineering teams to apply consistent controls without locking into a single vendor's stack.

A core element is a catalogue of "hardened, near-zero-CVE container images" across major Linux distributions, according to the company. It says these images can be used as drop-in replacements and reduce exposure without requiring code changes.

RapidFort also describes runtime intelligence features, including behavioural analytics and image optimisation. It says this can remove unused components and reduce attack surface by up to 90%.

Market context

Software supply chain security has expanded in scope as organisations depend on open source packages, third-party components and container images. Attacks and incidents linked to upstream components have pushed organisations to tighten controls in build pipelines and production environments.

Many enterprises still rely on scanning tools and remediation processes that need manual work by developers and security teams. RapidFort is targeting that gap with automated rebuilding and patching functions designed to reduce backlog and speed up remediation.

The company said it has more than 100 public and private enterprise customers. It also said Gartner has recognised the business, without giving further detail.

Use of proceeds

RapidFort said it plans to use the Series A funding for sales and marketing growth, partnerships, platform development and broader enterprise adoption. It also plans to expand integrations and onboarding work for regulated industries, alongside operational scaling for larger deployments.

The company lists several compliance and regulatory frameworks that it expects to support, including FedRAMP, CMMC, ATO, CRA and NIS2. These frameworks often require evidence of ongoing control operation and audit-ready reporting. Vendors in this area have increasingly linked product roadmaps to compliance reporting and continuous monitoring.

Investors framed the round around the shift from detection to remediation. "Software teams are shipping faster than ever-and attackers are moving even faster. RapidFort is building what the market urgently needs: continuous vulnerability remediation that keeps pace with modern development. Their end-to-end platform doesn't just surface risk-it eliminates it. We're excited to partner with RapidFort as they define the next era of software supply chain security," said Rami Rahal, Managing Partner, Blue Cloud Ventures.

RapidFort's chief executive described time pressure as a central driver. "The problem isn't that organizations don't know they have vulnerabilities, it's that they can't fix them fast enough," said Mehran Farimani, Founder and CEO, RapidFort. "AI has accelerated software delivery and attacker capability at the same time. The window between disclosure and exploitation has collapsed. RapidFort exists to eliminate vulnerabilities continuously-at machine speed-before they reach production."

Forgepoint Capital also argued that the competitive bar has moved beyond scanning.

"RapidFort represents the evolution of software supply chain security from reactive to proactive," said Ernie Bio, Managing Director, Forgepoint Capital. "In an AI-accelerated threat landscape, detection alone is table stakes. What matters is elimination. RapidFort is the only platform that combines comprehensive profiling, automated rebuilding, intelligent patching, and continuous validation at enterprise scale. We're thrilled to partner with Mehran and the team as they define the new standard for software supply chain security."

A second Forgepoint executive pointed to adoption friction as a factor in security tooling decisions. "What's compelling about RapidFort is that it treats software artifacts as infrastructure. By hardening and validating images continuously, the platform creates a security foundation that scales across teams, tools, and environments-without forcing developers to change how they build," said Jimmy Park.

RapidFort said the new funding will support further product development and expansion of its platform across the software lifecycle, from build systems through runtime environments.