ThreatModeler Acquires IriusRisk to Lead the AI Security Revolution

Leading the AI Coding Security Frontier

ThreatModeler has officially acquired IriusRisk, uniting the two most prominent names in enterprise threat modeling. Announced on January 9, 2026, this strategic merger addresses the massive surge in AI-generated code that is currently outpacing traditional security reviews. By joining forces, the company aims to dominate a $30 billion application security market and provide Fortune 1000 enterprises with a scalable way to implement secure-by-design practices.

A Response to the AI-Driven Code Surge

The acquisition is a direct response to the AI Coding Era, where tools like GitHub Copilot are flooding the software lifecycle with new code. CEO Matt Jones noted that together they deliver expanded support and more scalable solutions that make security a continuous practice. This move allows security teams to virtually scale alongside development teams, ensuring that all critical applications and infrastructure remain protected during rapid deployment cycles. Customers are already seeing massive returns, including 10x productivity gains and 50 percent cost savings within a year of adoption. ThreatModeler provides an AI-driven platform that excels at automated cloud diagramming, while IriusRisk brings a powerful rules-based engine and a thriving developer community. This combination enables security architects to operate with unprecedented speed and precision across complex environments in finance, healthcare, and manufacturing.

Stephen de Vries, CEO of IriusRisk, expressed that joining forces positions both companies to better deliver on their shared mission of starting security left. The deal is backed by Invictus Growth Partners, which remains the majority owner of the combined organization. Meanwhile, previous investors like Paladin Capital Group and Bright Pixel have praised the technical excellence and leadership that led to this successful outcome.

As the application security market continues to grow, this merger effectively creates a category king for enterprise-grade threat modeling. Regulatory pressures from organizations like NIST and the FDA are forcing companies to adopt more rigorous design-time security checks. This newly formed global leader is now uniquely positioned to democratize these practices, making them accessible to any internal security or development team.