RapidFort raises $42M Series A to eliminate software supply chain vulnerabilities at machine speed

AI has changed how software gets built, shipped, and attacked — all at once. The gap between when a vulnerability is disclosed and when it is exploited is shrinking, and security teams are running out of time to react. That pressure is showing up in investor behavior.

Cybersecurity startup RapidFort has raised $42 million in a Series A round as enterprises seek ways to prevent vulnerabilities from becoming breaches. The round was led by Blue Cloud Ventures and Forgepoint Capital, with Felicis Ventures participating again alongside Alumni Ventures, Boulder Ventures, Brave Capital, Evolution Ventures, Florida Funders, Gaingels, and Mana Ventures.

The timing is telling. Software teams are shipping code faster than ever, and attackers are matching that pace. Verizon’s latest Data Breach Investigations Report shows vulnerability exploitation now accounts for 20 percent of breaches, nearly on par with credential abuse. Quarterly patch cycles and manual triage no longer fit how software moves today. That mismatch has pushed security leaders to rethink what “vulnerability management” even means.

Blue Cloud Ventures’ managing partner, Rami Rahal, framed the shift clearly. “Software teams are shipping faster than ever—and attackers are moving even faster. RapidFort is building what the market urgently needs: continuous vulnerability remediation that keeps pace with modern development. Their end-to-end platform doesn’t just surface risk—it eliminates it. We’re excited to partner with RapidFort as they define the next era of software supply chain security.”

With $42M in funding, cybersecurity startup RapidFort aims to redefine software supply chain security for the AI era

Founded in 2020 by a team of cybersecurity veterans, Mehran Farimani (CEO), along with Rajeev Thakur (CTO), Russ Andersson (COO), and George Manuelian (CRO), RapidFort’s pitch starts where many security tools stop.

Most platforms focus on detection, surfacing long lists of issues that teams struggle to fix in a timely manner. RapidFort focuses on continuously removing vulnerabilities at machine speed before they reach production. Its platform works across the full software lifecycle, from build through runtime, analyzing and rebuilding software artifacts so exposed components don’t linger long enough to be exploited.

Founder and CEO Mehran Farimani puts the problem bluntly. “The problem isn’t that organizations don’t know they have vulnerabilities, it’s that they can’t fix them fast enough,” he said. “AI has accelerated software delivery and attacker capability at the same time. The window between disclosure and exploitation has collapsed. RapidFort exists to eliminate vulnerabilities continuously—at machine speed—before they reach production.”

A core part of that strategy sits in the company’s catalog of hardened, near-zero-CVE container images across major Linux distributions. These images let teams replace insecure components without rewriting applications, reducing exposure from months to days. Runtime analysis strips out unused software, dramatically reducing the attack surface, while automated rebuilding keeps artifacts hardened as code changes roll out.

Forgepoint Capital sees this as a category shift rather than an incremental improvement. Managing director Ernie Bio said the market has moved past scanning alone. “RapidFort represents the evolution of software supply chain security from reactive to proactive. In an AI-accelerated threat landscape, detection alone is table stakes. What matters is elimination. RapidFort is the only platform that combines comprehensive profiling, automated rebuilding, intelligent patching, and continuous validation at enterprise scale. We’re thrilled to partner with Mehran and the team as they define the new standard for software supply chain security.”

The approach has drawn attention from regulated industries that need security controls they can prove and audit over time. RapidFort supports frameworks such as FedRAMP, CMMC, ATO, CRA, and NIS2 by keeping artifacts hardened continuously, rather than relying on periodic reviews. Forgepoint vice president Jimmy Park described the appeal as structural rather than procedural. “What’s compelling about RapidFort is that it treats software artifacts as infrastructure. By hardening and validating images continuously, the platform creates a security foundation that scales across teams, tools, and environments—without forcing developers to change how they build.”

The new capital will push RapidFort into its next phase. The company plans to scale sales and partnerships, deepen automation across remediation and attack-surface reduction, and support larger enterprise deployments with smoother onboarding and broader integrations. The broader goal remains the same: protect the software supply chain end-to-end, from build systems through runtime environments, without slowing development.

As AI continues to compress development timelines, the security window keeps closing. RapidFort is betting that the future of software security won’t come from finding more problems, but from making sure those problems don’t survive long enough to matter.