UltraViolet Cyber, a global provider of unified offensive and defensive cybersecurity services, has acquired Black Duck’s Application Security Testing (AST) services business. This acquisition aims to significantly expand UltraViolet’s application security capabilities and strengthen its position as a trusted provider for both commercial enterprises and federal agencies.

The acquired AST services from Black Duck, which include penetration testing, red teaming, threat modeling, cloud and container risk assessments, architecture risk analysis, and secure software development consulting, are now fully integrated into UltraViolet’s unified security operations portfolio. Black Duck has been recognized for its leadership in the AST sector, including seven consecutive years in the Gartner Magic Quadrant for Application Security Testing. These expanded capabilities enhance UltraViolet’s capacity to assess modern, distributed environments across multi-cloud workloads, DevSecOps pipelines, and containerized deployments.

For organizations adopting AI-generated code, building on open-source stacks, or operating in highly regulated sectors, these integrated services are intended to enable earlier risk identification, reduce remediation costs, and facilitate the development of more resilient, secure software. Ira Goldstein, CEO of UltraViolet Cyber, stated, “Building security in early, not bolting it on later, is essential to combating sophisticated threats. Black Duck has long been trusted by some of the world’s most complex enterprises. Their reputation for excellence in application security testing, combined with UltraViolet’s offensive and defensive capabilities, gives our clients a force-multiplier in protecting what matters most.”

UltraViolet’s investment in AST addresses the growing volume of AI-generated code and persistent challenges in code quality. The acquisition positions UltraViolet to assist both public and private sector clients in mitigating software risks before they become production issues, and bolsters UltraViolet’s market position as an emerging AI security leader. Jason Schmitt, CEO of Black Duck, commented, “Black Duck’s broad and distinguished portfolio of professional and managed services are highly complementary to UltraViolet’s offensive security offerings. This move ensures that our customers will continue to receive industry-leading security testing services and unlocks greater scale, scope, and specialization as part of UltraViolet’s unified security operations. Furthermore, our partnership with UltraViolet enables Black Duck to continue offering professional and managed services while doubling down on our core software and SaaS business.”

The acquisition also establishes a commercial partnership between the two organizations. Black Duck customers will continue to receive application security testing services, now supported by UltraViolet’s broader offensive and defensive security capabilities. UltraViolet clients will gain access to integrated software capabilities designed to enhance visibility and protection earlier in the development lifecycle, promoting continuous and proactive security outcomes across hybrid environments.

Aanand Radia of Achieve Partners, the equity sponsor for the acquisition, noted, “UltraViolet Cyber continues to lead the market in unifying offensive and defensive security operations under one model. This acquisition will play a critical role in ensuring that UltraViolet remains at the leading edge of helping organizations operate at the speed of the adversary, not behind it.” Reinforcing its market momentum, UltraViolet was recently named to the annual Inc. 5000 list, recognizing it among the fastest-growing private companies.