Business Wire

Veracode Acquires Phylum, Inc. Technology to Transform Software Supply Chain Security

6.1.2025 17:07:00 CET | Business Wire | Press release

Share

Technology Acquisition Delivers Automated Malicious Package Analysis, Detection, and Mitigation in Open-source Code

Veracode, a global leader in application risk management, today announced it has acquired certain assets of Phylum, Inc., including its malicious package analysis, detection, and mitigation technology. The acquisition enhances Veracode’s ability to identify and block malicious code in open-source libraries, marking continued investment in its software supply chain risk management capabilities. This gives customers a more comprehensive view of risks associated with open-source code usage, strengthening their defenses against emerging threats.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250106967344/en/

null

Veracode acquires technology from Phylum, Inc. (Graphic: Business Wire)

With software supply chain attacks projected to triple in cost from $46 billion in 2023 to $138 billion by 20311, safeguarding against these risks is now mission-critical for organizations. Through Phylum’s innovative technology, Veracode empowers customers to proactively prevent attacks by identifying and blocking malicious packages and vulnerabilities in real time. The addition of a package management firewall and an unmatched malicious package database further strengthens Veracode’s ability to mitigate emerging software threats before they impact customers.

Ravi Iyer, Chief Product Officer at Veracode, said, “This acquisition advances Veracode’s mission to be the most comprehensive application risk management platform by significantly expanding our ability to identify, mitigate, and remediate risks across the software supply chain. With Phylum’s unmatched database and cutting-edge research—proven to detect 60 percent more malicious packages than any other vendor—our customers will gain the confidence to innovate faster, knowing their software is protected against evolving threats.”

Veracode Prevents, Detects and Fixes Malicious Packages

Malicious packages have become a prevalent attack vector in the software supply chain, capable of infecting networks, stealing sensitive information, and enabling remote code execution. Identifying and mitigating these threats is now a critical component of any robust software composition analysis (SCA) solution. Effective tools must go beyond detection to quarantine and block suspicious packages in real-time.

With Phylum’s fully automated malicious code analysis pipeline, Veracode significantly shortens the window of opportunity for attackers. Newly published packages are analyzed within seconds, helping customers proactively prevent attacks. Phylum’s recent research identified nearly half a million malicious packages, including 2,500 targeted malware campaigns aimed at industries like finance and cryptocurrency, demonstrating the scale and sophistication of these threats.

“Uniting Veracode’s platform and Phylum’s malicious package detection and mitigation technology creates exceptional value for our customers worldwide,” said Aaron Bray, CEO & Co-founder of Phylum, Inc. “By combining our advanced research capabilities with Veracode’s industry-leading platform, we’re expanding the fight against software supply chain threats. Together, we will deliver even greater protection and peace of mind to organizations navigating an increasingly complex threat landscape, and we are excited to join the team.”

Phylum’s technology, including its malicious package database and package management firewall, will be integrated into Veracode’s SCA product, with general availability expected early this year. The acquisition also bolsters Veracode’s renowned security research team with Phylum’s experts, further elevating the company’s ability to protect customers from evolving threats.

For more information about the acquisition and software supply chain security, contact the Veracode team.

1 Gartner Inc., “Leader’s Guide to Software Supply Chain Security”, June 20, 2024

About Veracode

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and X.

Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250106967344/en/

null

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Brightfin Unveils AI-Native Platform for IT Financial Management30.4.2026 17:00:00 CEST | Press release

Brightfin clients drive their businesses forward with the first AI Native Cost Optimization Platform Brightfin, the only ITFM and Technology Expense Management solution built natively on ServiceNow, today announced an AI-Native architecture that fundamentally improves how organizations manage IT spend. Rather than bolting AI onto legacy systems, Brightfin has engineered intelligence from the ground up - starting with the data, building contextual awareness on top of it, and delivering AI agents that speak the language of IT finance. Brightfin’s unified budget-to-billing data model creates a stable, governed foundation that connects contracts, invoices, inventory, and budgets into a single source of truth - something no external ITFM tool or native platform module can replicate. This is a structured financial backbone purpose-built for enterprise IT spend, and it’s what makes everything above it possible. A context-aware, AI-Native, intelligence layer understands relationships across th

SINOVAC Files Annual Report on Form 20-F for the Fiscal Year 202430.4.2026 15:22:00 CEST | Press release

Sinovac Biotech Ltd. (Nasdaq: SVA) (“SINOVAC” or the “Company”), a leading provider of biopharmaceutical products in China, today announced that it filed its annual report on Form 20-F for the fiscal year ended December 31, 2024 (the “Annual Report”) with the U.S. Securities and Exchange Commission (“SEC”). An electronic copy of the Annual Report can be accessed on SINOVAC’s investor relations website at https://www.sinovac.com/en-us/Investors and on the SEC’s website at www.sec.gov. About SINOVAC Sinovac Biotech Ltd. (SINOVAC) is a China-based global biopharmaceutical company, with a mission of “supply vaccines to eliminate human diseases”, the company specializes in the research, development, manufacturing and commercialization of vaccines and related biological products that protect against human infectious diseases. The company’s diversified portfolio includes vaccines for influenza, viral hepatitis, varicella, Hand-Foot-Mouth disease (HFMD), poliomyelitis, pneumococcal disease, et

Experian Announces Agent Trust to Power Trusted AI Driven Commerce30.4.2026 15:00:00 CEST | Press release

First-of-its-kind human-to-agent binding service for secure AI-driven commerce, developed with a growing ecosystem of agentic commerce collaborators, including Visa, Cloudflare and Skyfire Experian today announced Experian Agent Trust™, a first-of-its-kind framework that establishes a secure, verifiable link between consumers and AI agents, bringing identity, and accountability to AI-driven transactions. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260430719198/en/ Experian Announces Agent Trust to Power Trusted AI Driven Commerce. As AI agents begin to search and transact autonomously, they introduce a fundamental challenge for businesses: how to trust an action when it is no longer driven by a human. Without a verified connection between humans and AI agents, autonomous commerce introduces new risks in fraud, misrepresentation, and unauthorized transactions. Experian Agent Trust addresses this challenge through a new “Kn

Meet the AI-powered fan companion: TGR Haas F1 Team RaceMate powered by Infobip30.4.2026 15:00:00 CEST | Press release

New always-on conversational agent with team race intelligence, team insights, and interactive experiences powered by Infobip AgentOS Global AI-first cloud communications platform Infobip and TGR Haas F1 team are launching ‘TGR Haas F1 Team RaceMate powered by Infobip’, an AI-powered conversational fan companion on Apple Messages for Business and WhatsApp Business Platform. Always-on and always available, it delivers race intelligence for TGR Haas F1 Team: team race intelligence, grid positions, qualifying outcomes, sprint results, and full session schedules. The AI agent tracks drivers Ollie Bearman and Esteban Ocon with their individual championship standings and performance data in conversational format. The agent draws from a knowledge base covering driver biographies, team history, and circuit data, adapting to each user's knowledge level. Every interaction begins with a schedule check, ensuring fans always know what's happening right now. It proactively surfaces relevant informat

Merck Announces First Dose in Phase 3 Study with Enpatoran for Lupus Patients with Active Skin Manifestations30.4.2026 14:05:00 CEST | Press release

Significant unmet need remains for 85% of lupus patients whose disease includes skin manifestations, often associated with substantial physical and psychosocial burdenEnpatoran, an oral TLR7/8 inhibitor, is designed for lupus patients with active cutaneous manifestations, with the goal of broadening the treatment paradigm beyond the current standardsELOWEN is a global Phase 3 program evaluating enpatoran’s impact on both skin and systemic symptoms in patients with lupus and potential links between skin and systemic disease activity Merck, a leading global science and technology company, today announced the first patient was dosed in the Phase 3 program, ELOWEN-1 (NCT07332481) and ELOWEN-2 (NCT07355218), evaluating enpatoran in people living with lupus who experience active skin manifestations. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260430733656/en/ David Weinreich, Global Head of R&D and Chief Medical Officer “People

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye