Eclypsium Lands $25M to Secure IT's Hidden Front Line

PORTLAND, Ore. – March 19, 2026 – Eclypsium, a company specializing in the security of foundational IT infrastructure, announced today it has secured a $25 million strategic investment. The funding round, led by PEAK6 Strategic Capital with participation from a top-three U.S. bank and cybersecurity-focused Ten Eleven Ventures, signals a significant shift in enterprise defense priorities towards the often-overlooked hardware and firmware that underpins the global digital economy.

The investment arrives as organizations grapple with a new and perilous battleground: the technology supply chain. From the firmware that boots servers to the microcode on network devices, sophisticated attackers are increasingly targeting these low-level components to establish undetectable persistence and launch devastating attacks. This new funding will fuel Eclypsium’s mission to illuminate and defend this hidden digital territory.

The New Battleground: The Digital Supply Chain

For years, cybersecurity focused on protecting networks, applications, and operating systems. However, a wave of high-profile incidents has exposed a critical vulnerability deep within the technology stack. According to recent industry analysis, attacks targeting the software supply chain have surged, with some reports indicating a more than 200% year-over-year increase in related breaches. Attackers view the complex, often opaque web of hardware manufacturers, software dependencies, and third-party code as a soft target ripe for exploitation.

This escalating threat has not gone unnoticed by regulators. New mandates in the U.S. and E.U., such as the Digital Operational Resilience Act (DORA), are placing stringent requirements on organizations to verify the integrity of their technology partners and components. Frameworks like NIST's Cybersecurity Framework 2.0 now explicitly call for robust vendor risk management, pushing supply chain security from a niche concern to a board-level imperative. Eclypsium’s work directly addresses this burgeoning market, which industry analysts have noted is rapidly moving from an emerging concept to a peak area of investment and concern.

“Eclypsium is a trusted leader in safeguarding both public and private critical infrastructure against the world’s most sophisticated threat actors, including nation-states,” said PEAK6 Co-founder Jenny Just. “With its proven technology and deep expertise in supply chain security for IT infrastructure, we believe the company is exceptionally well positioned to help organizations strengthen cyber resilience in the enterprise. We’re proud to partner with Eclypsium to accelerate its growth in financial services, AI infrastructure, and beyond.”

Securing the AI Revolution at the Edge

A significant portion of the new capital is earmarked for one of the fastest-growing and most vulnerable sectors of technology: artificial intelligence infrastructure. As organizations race to deploy AI, they are building out massive data centers filled with GPU servers and extending their networks to a new generation of Edge AI devices, including autonomous network appliances, advanced CCTV cameras, and 5G equipment.

This rapid expansion creates a vast new attack surface. GPU servers, the workhorses of AI, are susceptible to unique hardware-level threats like side-channel attacks that can leak data. Edge devices, often deployed in physically unsecured locations, can be tampered with or compromised to create a backdoor into the corporate network. Many of these devices cannot host traditional security software, leaving them as an "invisible edge" for security teams.

Eclypsium plans to extend its platform's deep-scanning capabilities to this new frontier. This includes securing GPU servers in AI datacenters, NVIDIA Bluefield DPU-based appliances that manage network traffic, and a growing array of critical edge hardware. By joining the NVIDIA Inception Program and partnering with leaders like SentinelOne, the company is positioning itself to secure the foundational components of the AI revolution before vulnerabilities can be widely exploited.

From Research to Resilience: Building Credibility Through Discovery

Eclypsium’s market credibility is built not just on its platform, but on the groundbreaking work of its research team. The company has a track record of uncovering critical vulnerabilities that traditional security tools miss, demonstrating a profound understanding of the threats lurking below the operating system.

One of their most notable findings involved the "BadCam" vulnerability, where researchers demonstrated how common webcams could be remotely hijacked and transformed into malicious "BadUSB" devices. Once weaponized, the compromised webcam could inject keystrokes, deliver malware, and persist on a system even after a complete OS reinstallation. This research proved for the first time that a peripheral already attached to a computer could be remotely turned into a persistent attack tool.

Similarly, the company has extensively documented critical flaws in Baseboard Management Controllers (BMCs)—the powerful microcomputers embedded in nearly every server that allow for remote administration. Eclypsium has shown how vulnerabilities in BMCs, which often lack basic security hygiene, could grant attackers complete, root-level control over a server, even when it's powered off. The press release noted the "actual active exploitation of earlier found BMC vulnerability," confirming these are not just theoretical risks but active threats.

This deep expertise is being fortified with new leadership, including the recent appointments of Hiep Dang as Vice President of Technology & Research and Brian Dunphy as Vice President of Product Management, who bring decades of experience from security giants like McAfee, Symantec, and Qualys.

"As securing critical IT infrastructure and the supply chain becomes a top global imperative, this strategic investment accelerates our mission to deliver the industry’s most comprehensive protection across every layer of enterprise technology,” said Yuriy Bulygin, CEO and Co-Founder of Eclypsium. Bolstered by new funding, expanded partnerships, and a clear focus on the next generation of infrastructure threats, the company is poised to play a defining role in how organizations secure their most critical assets from the silicon up.