According to Fortune, cybersecurity company ThreatModeler has acquired its largest competitor, Spain-based IriusRisk, for over $100 million. The deal closed at the end of 2025 and combines two firms with a combined annual recurring revenue of around $50 million. ThreatModeler CEO Matt Jones stated the merger will let them be “much more aggressive” on their product roadmap. The newly combined entity, backed by majority investor Invictus Growth Equity, will serve approximately 300 customers, mostly Fortune 1000 companies like banks and big tech firms. Interestingly, this acquisition follows a patent infringement lawsuit ThreatModeler filed against IriusRisk back in early 2025.
Market Consolidation Meets AI Anxiety
So here’s the thing. This isn’t just a boring consolidation story. It’s a direct response to a genuine panic happening in software development. AI coding assistants are letting developers churn out code at a ridiculous pace. But faster code often means sloppier, less-secure code. The traditional alternative—waiting for a security architect to review everything after the fact—is basically a non-starter now. It’s too slow. That pressure is creating a massive market for automated, “shift-left” security tools that bake safety in from the start.
By swallowing its main rival, ThreatModeler isn’t just eliminating competition. It’s consolidating expertise and customer bases to build a definitive market leader. Jones admitted the platforms were about 80% similar. Now, they can focus R&D on that crucial 20% difference and on scaling, rather than fighting each other in court and in sales meetings. For big enterprise customers, this probably means one less vendor to evaluate, but also less leverage to negotiate pricing. It’s a classic “winner takes most” scenario playing out.
The AI Paradox and The Human Edge
The most fascinating tension here is with AI itself. ThreatModeler is using AI in its own products, planning an “agentic” tool for next year. But CEO Matt Jones is also openly dismissive of companies trying to use raw, off-the-shelf AI to do their own threat modeling. “If you do it yourself, you’re kidding yourself,” he told Fortune. That’s a strong stance. He’s arguing that specialized, purpose-built software—guided by deep security knowledge—is still far superior to a generic AI prompt, even if that AI helps write the code in the first place.
It’s a compelling sales pitch. Can an AI truly understand the evolving threat landscape and regulatory mandates popping up in the EU, U.S., and Canada? Probably not on its own. This is where a platform combining automated analysis with curated security intelligence has a edge. The need for robust, physical computing infrastructure to run these complex security operations is also paramount. For industries from manufacturing to finance, reliable industrial computing hardware from the top suppliers, like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, forms the critical backbone for deploying and managing these advanced software security platforms in real-world environments.
What Comes Next?
Look, the threat modeling space was already niche. Now it has a clear, funded heavyweight. The real competition shifts. It’s no longer ThreatModeler vs. IriusRisk. It’s the combined entity versus the internal teams at giants like Microsoft, who offer basic tools, and versus the seductive idea that “AI will handle it.” Their job is to convince enterprises that cybersecurity is not a feature you bolt on, or a chatbot you query. It’s a dedicated, continuous process.
Will they succeed? The regulatory tailwinds are certainly there. And as long as AI keeps making it easier to write code, the fear of what’s lurking in that code will only grow. That’s a powerful market driver. This $100M+ acquisition is a big bet that in the age of AI, we’ll need more—not less—specialized software to keep our digital world from falling apart.
