RegScale today announced record growth and market-defining momentum as enterprises and government agencies accelerate their shift away from manual, audit-driven GRC toward real-time, automated assurance.
The company reported 300% revenue growth and 140% net revenue retention, powered by an oversubscribed $30+ million Series B led by Washington Harbour Partners with participation from M12 (Microsoft’s Venture Fund), Hitachi, Ankona, SYN Ventures, and others, bringing total funding to more than $50 million. RegScale customers consistently report achieving compliance certifications 90% faster and cutting audit preparation effort by 60%.
Platform Leadership: AI Agents, Open Source, and Certification at Scale
RegScale continued to accelerate its AI product, RegML, deploying purpose-built AI agents that continuously monitor and validate controls, automate evidence collection, analyze risk in real time, and trigger remediation without human intervention. RegScale’s AI leadership was independently validated when it was named 2025 Gartner® Cool Vendors™ with AI-Powered Technologies for Assurance Leaders, recognizing RegScale’s differentiated approach to AI-driven compliance at scale. The platform earned the CSA STAR “Valid-AI-ted” designation with a 97.7% score, and RegScale’s security credential portfolio now includes FedRAMP High Authorization and TX-RAMP.
RegScale simultaneously launched and donated the OSCAL Hub to the open-source community, continuing to contribute to machine-readable compliance standards now being adopted across government and commercial sectors.
Market Expansion: Enterprise, Federal, and Channel
RegScale also moved into a new tier of Fortune 500 and large federal enterprise accounts. The GTM team expanded into new territories in North America and across Europe and deepened channel investment through a strategic partnership with Leidos. Channel momentum was further reinforced through the company’s partner ecosystem, anchored by relationships with GuidePoint, CALIBRE, Microsoft, and Carahsoft, among others.
Leadership, Recognition, and the Road Ahead
RegScale strengthened its leadership team this fiscal year, appointing Chad Woolf as Chief Product Officer to lead the company’s compliance and risk modernization agenda, alongside new product and go-to-market leaders across the organization. The company has grown by more than 30% in employee count and is proactively scaling its team to meet market demand.
Industry recognition for RegScale’s category leadership reached new heights in FY26. Travis Howerton was named a Finalist in the prestigious 2026 EY Entrepreneur Of The Year Mid-Atlantic Awards and the company was named a CCM winner of numerous cybersecurity awards, solidifying its leadership in cyber GRC and CCM.
Gartner projects that by 2028, 75% of all DevOps continuous compliance automation processes will leverage AI technology to drive efficiencies in auditing, reporting, validating, and remediating regulatory compliance. RegScale’s customers are not waiting for 2028. With AI agents already in production across Fortune 500 and federal environments, RegScale is the platform delivering on that future today.
In FY27, the company will accelerate investment in DevSecOps, next-generation RegML agents, and real-time alignment with emerging frameworks like FedRAMP 20x and CMMC. With OSCAL adoption accelerating across government and financial services, RegScale is moving compliance from a business tax or revenue blocker to a continuous, intelligent layer of modern risk management for the CISO.
Attackers are operationalizing an AI framework flaw almost immediately after disclosure
Posted in Commentary with tags Hacked on May 14, 2026 by itnerdAttackers began targeting the PraisonAI vulnerability almost immediately after disclosure, showing how quickly threat actors are shifting toward AI frameworks and agentic tooling as viable attack surfaces. The speed of exploitation reflects a broader reality: many AI platforms are being deployed into enterprise environments before organizations fully understand their exposure, visibility gaps, or how these systems interact with sensitive internal infrastructure.
Gidi Cohen, CEO & Co-founder, Bonfy.AI
“Less than four hours after CVE-2026-44338 was disclosed, attackers were already probing PraisonAI’s unauthenticated agent endpoints. The patch is straightforward: upgrade to 4.6.34. But the harder question deserves attention.
PraisonAI is a multi-agent framework. When authentication is stripped away, what’s exposed isn’t just an endpoint; it’s every workflow those agents are configured to run, and every piece of sensitive data flowing through them. As Sysdig noted, “the impact ceiling is whatever that workflow is allowed to do.”
Most AI agent security conversations focus on configuration: what agents exist, what tools they can call, and whether auth controls are in place. Those questions matter. But they miss the data layer entirely, with sensitive content moving continuously between data sources, LLM providers, MCP servers, and output channels at runtime.
That’s where the real exposure lives. And right now, for most organizations, it’s almost entirely unexamined.
Patch immediately. Then ask: if an attacker had triggered your agent workflows before you patched, would you have known what data moved, and whether it should have?
All I have to say is welcome to our new reality where flaws are weaponized faster than they ever have before.
Leave a comment »