BlueFlag Security, a San Francisco, CA-based provider of an identity-centric SDLC security and governance platform, has raised $16.5 million in a Series A funding round led by Maverick Ventures and Ten Eleven Ventures.
The funding round brings the total to $28 million.
The company plans to use the funds to accelerate platform development and expand its presence in the U.S. and EMEA, supporting regulated industries and tech organizations that use AI software at scale.
BlueFlag plans to accelerate platform development and expand its presence in the U.S. and EMEA, focusing on regulated industries and tech companies that use AI-driven software. The company recently partnered with Obsidian Systems, Catworkx, and Knowmad Mood, showing strong demand for secure AI software solutions.
Read More:Oryon Cell Therapies Raises $21M in New Series A Tranche
Global software supply chain attacks are on the rise. Most attacks start not with code flaws but with compromised or malicious users with access to development systems. The 2025 Verizon DBIR found 68% of breaches involved stolen credentials, and software supply chain failures ranked third on the OWASP Top 10, with half of security experts naming supply chain risk their top concern.
The security industry has mostly focused on code review for vulnerabilities, but most risks in the software development lifecycle (SDLC) go unnoticed. BlueFlag found that over 75% of SDLC risk is invisible to current security tools. Until now, security teams couldn’t easily know who is working in their development systems, what they are doing, or if any activity indicates a threat or attack.
Developer Behavioral Risk Analysis – BlueFlag spots risky developer actions that could lead to stolen credentials, insider threats, or supply chain attacks. It tracks behavior across developer identities, tools and pipelines to reveal threats that code scanning tools miss, like unusual repository access, mass cloning outside normal hours or privilege escalation attempts. Unlike other tools that see signals separately, BlueFlag connects them before attackers can.
AI Agent Governance – BlueFlag monitors AI identities in development, including AI coding assistants like Copilot and autonomous AI agents that write, test and deploy code without human oversight. It applies identity governance to both, using behavior baselines, anomaly detection, privilege scoring, and full audit trails. The platform also detects unapproved AI use, scores AI contributions, and enforces approval workflows to keep AI agents within limits. AI agents are growing rapidly in SDLC, but most organizations lack visibility into their access and behavior changes.
Key BlueFlag Benefits
Know who is in your SDLC and what they are doing: BlueFlag continuously monitors all internal, external, offshore developers, non-human identities, and AI agents, giving security teams a clear view of access and potential risks.
Govern AI agents before they govern you: BlueFlag is the only platform that provides full governance for AI coding assistants, and autonomous AI agents, including behavior baselines, anomaly detection, privilege scoring and audit trails.
See what others miss: BlueFlag links behavior across human and AI identities, tools, and pipelines to detect threats that code scanning and ASPM tools miss—before attackers can exploit them.
Quick deployment, fast results: Set up in 30 minutes, uncover risks in 48 hours, with read only API access, no developer friction, and prioritized findings with automated guidance.
ROI from day one: Customers report 80% less manual work and faster threat remediation.
BlueFlag will be at the RSA Conference in San Francisco. You can book a private demo or attend an exclusive event. If you’re not attending, request a free Risk Assessment that sets up in under 30 minutes and provides a full report in 48 hours, showing prioritized risks, guided fixes and a complete view of every identity in your SDLC. Many organizations discover risks they didn’t know existed.
“AI agents are increasingly common in development, from coding assistants that work with developers to autonomous agents that write, test, and deploy code on their own,” said Katie Norton, Research Manager at IDC. “Together with service accounts and other non-human identities, they make it harder to see who and what is active in the software development lifecycle. BlueFlag helps close this gap by applying governance and behavior monitoring to risks most security tools miss.”
“Attackers target the people and tools behind the code, not the code itself. BlueFlag was built to address this, and the market is ready,” said Raj Mallempati, Founder and CEO of BlueFlag Security. “AI agents are already in your development environment—the real question is whether you are managing them. Our mission is to secure every stage of software development by providing identity intelligence and creating a trusted environment for innovation.”
About BlueFlag Security
Founded in 2022, by Raj Mallempati and Ken Schneider, BlueFlag Security is an identity focused platform that monitors all developer identities and the tools they use, from first commit to production. By tracking human developers, contractors, non-human identities, and AI agents, BlueFlag identifies risks that code scanning and traditional tools miss. The platform sees every identity, creates a risk profile and links behavioral signals across tools and pipelines—spotting threats before attackers do. BlueFlag gives security teams the visibility and control to act before harm occurs.
Read More:Flourish Care Raises $5.7M in Seed Funding
