When the vulnerability clock starts ticking, most companies are still looking for the clock. VulnCheck just raised $25M in Series B funding, and if you understand the tempo of cyber right now, you know this is less about capital and more about cadence. Sorenson Capital led the round, with Ten Eleven Ventures, In-Q-Tel, National Grid Partners, Lux Capital, and Aviso Ventures stepping back in like seasoned producers who know a hit when they hear one. Total funding now sits at $45M. That is not noise. That is signal.
Anthony Bettini, Founder and CEO, has been here before. Appthority. FlawCheck. Built, scaled, acquired. He does not chase headlines. He chases inevitability. Alongside Anthony Bettini, CTO Jacob Baines and CMO Thomas Bain, the VulnCheck bench runs deep, from Mike Price driving Product and Engineering to Caitlin Condon leading Security Research. This is not a science fair project. This is a room full of operators who understand that exploits do not wait for quarterly planning sessions.
VulnCheck is not in the vulnerability business. They are in the exploitation business. There is a difference. While everyone else stares at CVSS scores like they are gospel, VulnCheck tracks what is actually getting weaponized in the wild. Their exploit and vulnerability intelligence feeds are machine readable, built for integration, and designed to move at machine speed. When attackers accelerate, the data accelerates. When proof of concept code drops, VulnCheck sees it. When ransomware crews start circling, the signal is already flowing through APIs into the hands of enterprises, governments, and security vendors who cannot afford to guess.
The numbers tell their own story. Over the last year, enterprise ARR grew 557%. Government ARR climbed 306%. Nearly 7,000 new users joined the VulnCheck Community, pushing the total past 13,000 across offerings like KEV and NVD++. In 2025 alone, VulnCheck identified 884 vulnerabilities with first observed evidence of exploitation. 884. That is not a backlog. That is a battlefield.
So why did this round happen now? Because the market finally stopped pretending that disclosure equals danger. Exploitation equals danger. Boards are asking sharper questions. CISOs are done playing whack a mole with 10,000 theoretical risks. The winners will be the teams that prioritize what attackers prioritize.
VulnCheck’s growth is not luck. It is alignment. They built for the moment when speed would matter more than volume, when machine readable intelligence would feed AI driven defenses, and when governments and critical infrastructure operators would demand proof, not probability.
