The pace of modern software delivery has significantly changed. AI-driven development, cloud-native architectures, and increasingly complex dependency chains have compressed the time between vulnerability disclosure and real-world exploitation. In this environment, traditional vulnerability management approaches that rely on periodic scanning, manual triage, and delayed patch cycles are no longer sufficient.

To address this shift, RapidFort has raised $42 million in Series A funding, led by Blue Cloud Ventures and Forgepoint Capital, with participation from Felicis Ventures and additional investors. This funding supports RapidFort’s mission to advance software supply chain security by moving the industry from reactive detection toward continuous, automated vulnerability elimination.

Read the full funding announcement.

As software delivery accelerates, security must operate with the same speed and context. This requires a shift away from static vulnerability reporting toward continuous, execution-aware remediation embedded directly into the software delivery lifecycle.
‍

Why Software Supply Chain Security Must Evolve

Most organizations today are not struggling to identify vulnerabilities. They are struggling to remediate them fast enough and to determine which vulnerabilities are truly exploitable in production environments.

As software delivery accelerates, three structural challenges have emerged:

• Vulnerability volume continues to increase due to inherited dependencies and bloated base images.
• The window between vulnerability disclosure and exploitation has narrowed significantly, leaving little time for manual response.
• Security teams lack runtime context to distinguish theoretical risk from operational risk in production environments.

These challenges require a fundamentally different security model, one that is execution-aware, continuously enforced, and embedded directly into the delivery lifecycle.
‍

RapidFort’s Platform Approach: From Detection to Continuous Elimination

RapidFort is designed to secure the software supply chain from build through runtime by continuously analyzing, remediating, hardening, and validating software artifacts. The platform focuses on reducing risk at its source while ensuring that security decisions are informed by real execution behavior in production environments.

Execution-Aware Vulnerability Analysis and Runtime Context

RapidFort extends beyond static analysis by incorporating runtime profiling and execution-path analysis. Through the Runtime Bill of Materials (RBOM) and execution-aware profiling, RapidFort identifies which components are actually loaded into memory and executed in production. This allows teams to prioritize remediation based on real exploitability rather than theoretical presence.

This execution-aware approach helps eliminate noise, reduce false positives, and focus security efforts where they have the greatest operational impact.

Curated Near-Zero CVE Images as a Secure Foundation

RapidFort provides Curated Near-Zero CVE Images, production-grade base images that are continuously patched and hardened across major LTS Linux distributions, including Alpine, Debian, Ubuntu, and Red Hat. With a catalog exceeding 35,000 curated images, RapidFort enables organizations to significantly reduce inherited vulnerabilities without requiring code changes.

Starting from a clean, continuously maintained foundation reduces security debt early in the lifecycle and limits the volume of vulnerabilities that propagate downstream into production environments.

Attack Surface Reduction Through Automated Container Optimization

RapidFort includes automated optimization capabilities designed to remove unused packages, libraries, and binaries without altering application functionality. By removing unnecessary components, organizations can significantly reduce their software attack surface by up to 90% while maintaining operational stability.

This continuous optimization ensures that container images remain lean, secure, and aligned with real production behavior over time.

Continuous Compliance Alignment for Regulated Environments

RapidFort supports organizations operating in regulated environments by aligning security controls with established benchmarks such as CIS, DISA STIGs, and NIST-based frameworks. Built-in compliance assessment and reporting capabilities help teams maintain audit readiness while continuously reducing vulnerability exposure across both containerized and non-containerized workloads.

‍

What the Series A Enables

This Series A funding accelerates RapidFort’s next phase of growth across several strategic areas:

• Platform Innovation: Advancing automated remediation, execution-aware analysis, and continuous attack surface reduction.
• Enterprise Adoption: Supporting large-scale deployments with deeper integrations, smoother onboarding, and operational scalability.
• Go-to-Market Expansion: Scaling sales, partnerships, and customer enablement to meet growing demand.
• End-to-End Assurance: Extending lifecycle security from build through runtime with continuous validation.

‍

Looking Ahead

The future of software security will be defined by speed, applicability, and continuous enforcement. As AI accelerates both development velocity and attacker capabilities, security platforms must operate with execution-level context and continuously remediate vulnerabilities as software changes.

RapidFort is investing to lead this transition by delivering a runtime-aware, continuously enforced software supply chain security platform designed for modern software delivery.

Organizations evaluating a shift from detection-driven security to continuous, runtime-aware remediation can request a technical evaluation or platform walkthrough with the RapidFort team 👉 https://www.rapidfort.com/contact-us