This quarter was a defining one for VulnCheck — not just in numbers, but in what those numbers represent and how critical VulnCheck is in both enriching cyber products in the market and protecting our global economy and national security.
Crossing the $10 million in ARR and posting our first $2M+ quarter marks a historic milestone for us. But it’s also a signal that the cybersecurity market is waking up to the reality that exploit intelligence is the missing layer in vulnerability management — and that our approach is fundamentally reshaping how teams think about defending emerging threats at scale.
This is on top of VulnCheck’s triple-digit growth in 2024 where we tripled ARR year-over-year, grew our customer base 152%, and achieved 100% gross retention. That tells me something simple yet powerful: our customers are not just staying with us — they’re expanding with us. And we’re staffing up to support customers at scale, growing global headcount by 126% YTD.
The urgency behind this growth is real.
In the past year alone, vulnerabilities exploited on or before disclosure have caused a 180% spike in breaches making exploitation now the leading cause of major cyber incidents – – more than phishing. And the window from “public disclosure” to “in-the-wild” activity is shrinking from weeks to hours.
Security teams don’t need more alerts or some single pane — they need faster, smarter data with context. That’s where VulnCheck is leading the charge: providing real-time, autonomously pulled intelligence that combines vulnerability, exploit, and threat data into a single, actionable signal.
We also welcomed two powerhouse additions to the company this quarter.
Caitlin Condon, our new Vice President of Security Research, brings deep experience in vulnerability analysis and threat research. She’s already expanding our research programs and publishing findings that help the entire industry understand exploitation at scale.
VulnCheck also added Patrick Morley, former CEO of Carbon Black, to our Board of Directors. Patrick’s track record in scaling one of cybersecurity’s most successful companies is invaluable as we continue to expand our global presence across enterprise and federal markets.
Community, Customers, and Category Leadership
From the start, VulnCheck has been focused on community and transparency.
Our VulnCheck Community now has over 12,000 registered users — researchers, defenders, and vendors who rely on VulnCheck KEV, NVD++, and XDB to stay ahead of exploitation.
We also launched the VulnCheck Partner Program on a global scale, hosted our first THREATCON1 conference (which drew more than 300 attendees), and were recognized by SINET16 as one of the most innovative cybersecurity companies of 2025.
Behind the metrics, though, is something more meaningful: trust.
We’ve earned it from our customers by delivering intelligence that arrives hours, days, and sometimes even years before traditional sources. And we’ve earned it from the community by maintaining a transparent, open-source-aligned approach to vulnerability data.
Momentum like this doesn’t happen by accident. It comes from relentless focus — on solving a real problem, building a culture of technical excellence, and staying close to the customers who are counting on us.
We’ve ascended from 115th in CVE assignment ranking to 56th out of 518 CNAs from Q2 to Q3 this year which demonstrates our commitment to vulnerability research in the broader cyber market.
As we look toward 2026, we’re not just growing a company. We’re building a foundation for how the world understands and responds to exploited vulnerabilities better, faster and with more emerging threat context. Because when every hour counts, intelligence has to move at the speed of business to outpace adversaries.
