Binarly

# Binarly: Firmware Security for the Software Supply Chain

High-Level Overview

Binarly is an AI-powered firmware and software supply chain security company that detects both known and unknown vulnerabilities in firmware, software, and containers before they reach production.[1][2] Founded in 2021 and based in Santa Monica, California, the company serves device manufacturers, OEMs, and enterprise security teams with its flagship Binarly Transparency Platform—an agentless, cloud-agnostic solution that provides visibility into firmware vulnerabilities, malicious code, and software bill of materials (SBOMs) without requiring access to source code.[1][3]

The company addresses a critical gap in cybersecurity: traditional vulnerability scanning tools focus on known threats and often miss the deeper structural weaknesses embedded in binary code. Binarly's approach goes beneath the surface to understand how code executes, identifying entire classes of defects with near-zero false positives.[7] This positions the company at the intersection of two urgent market forces—the exponential rise in firmware-targeted cyberattacks and the increasing regulatory demand for supply chain transparency.

Origin Story

Binarly was founded in 2021 by researchers with decades of experience in hardware and firmware security analysis.[1] Alexander Matrosov, who serves as CEO and Head of Research, is a key figure behind the company's technical direction. The founding team brought deep expertise in program analysis and binary research, translating academic and research knowledge into enterprise-grade security tooling.[6]

The company emerged at a moment when firmware security was largely overlooked in enterprise cybersecurity strategies. While most security investments focused on application and network layers, firmware—the software that runs below the operating system on devices—remained a blind spot for attackers to exploit. Binarly's founders recognized this vulnerability gap and built technology specifically designed to illuminate threats at the firmware level, a layer that had historically received minimal security scrutiny.

Core Differentiators

• AI-Powered Binary Analysis: Binarly's platform uses machine learning to analyze binary executables at scale, identifying vulnerabilities that static analysis tools miss. The company recently secured a U.S. patent (No. 12,236,262) for its machine learning technique that optimizes resource allocation for large-scale binary analysis, dramatically reducing the cost and time of vulnerability detection.[6]

• Known and Unknown Vulnerability Detection: Unlike traditional vulnerability scanners that rely on databases of known CVEs, Binarly identifies entire classes of defects and zero-day-like vulnerabilities through deep code execution analysis.[7]

• Agentless, Source-Code-Free Analysis: The platform provides comprehensive security insights without requiring access to source code or agent installation on devices—a critical advantage for analyzing third-party firmware and hardware supply chains.[1]

• Actionable Remediation: Binarly provides validated remediation playbooks and prescriptive fixes that reduce both the cost and time to respond to security incidents.[1][3]

• Supply Chain Visibility: The platform automates SBOM creation and validation, helping organizations understand their software composition and hold vendors accountable.[4]

Role in the Broader Tech Landscape

Firmware security sits at the intersection of three converging trends. First, cyberattacks on firmware are increasing exponentially due to inadequate security controls at the firmware layer—a vulnerability that affects everything from IoT devices to enterprise servers.[4] Second, regulatory pressure for supply chain transparency is intensifying, with frameworks like the NIST Cybersecurity Framework and emerging government mandates requiring organizations to demonstrate visibility into their software and firmware components. Third, the shift toward zero-trust and defense-in-depth strategies means security teams can no longer ignore the layers below the operating system.

Binarly's timing is particularly strategic. As device manufacturers and enterprises grapple with the complexity of managing firmware across global supply chains, and as regulators demand proof of due diligence, the company provides both the technical capability and the compliance documentation that organizations need. By securing patents for its machine learning innovations and building enterprise-grade tooling, Binarly is helping establish firmware security as a non-negotiable component of modern cybersecurity posture.[6]

The company has attracted investment from credible sources, including Cisco Investments, signaling confidence in both the market opportunity and the technical approach.[4] This backing reflects broader recognition that firmware security is no longer a niche concern but a foundational requirement for enterprise and critical infrastructure protection.

Quick Take & Future Outlook

Binarly is positioned to become a standard tool in the firmware security toolkit as enterprises and regulators demand greater visibility into software supply chains. The company's recent patent grants and continued platform enhancements suggest a trajectory toward deeper integration into CI/CD pipelines and development workflows, making firmware security analysis as routine as application testing.

The next phase of growth will likely depend on how effectively Binarly can expand beyond firmware into broader software supply chain security, particularly as containerization and microservices architectures create new attack surfaces. Additionally, as post-quantum cryptography adoption accelerates, Binarly's stated focus on assisting organizations in transitioning to PQC environments could become a significant differentiator.[6]

What makes Binarly compelling is not just the technology, but the timing: they're solving a problem that enterprises are finally willing to invest in, at a moment when regulatory and threat landscapes make firmware security unavoidable.