UltraViolet Cyber Expands Its Arsenal With Black Duck Application Security Testing Acquisition

UltraViolet Cyber is bolstering cybersecurity’s most persistent weak spots: application security. The company announced the acquisition of Black Duck’s Application Security Testing (AST) services business, adding a powerful set of offensive and defensive tools to its portfolio as it scales to serve both Fortune 500 companies and federal agencies.

The deal underscores how quickly software risk has become central to security strategy. AI-generated code, open-source dependencies, and cloud-native architectures have amplified vulnerabilities across modern development pipelines. By absorbing Black Duck’s testing capabilities, UltraViolet aims to help organizations spot flaws earlier in the lifecycle and lower the cost of remediation. The new suite spans penetration testing, red teaming, threat modeling, cloud and container risk assessments, and secure development consulting.

“Building security in early, not bolting it on later, is essential to combating sophisticated threats,” said Ira Goldstein, CEO of UltraViolet Cyber. “Black Duck has long been trusted by some of the world’s most complex enterprises. Their reputation for excellence in application security testing, combined with UltraViolet’s offensive and defensive capabilities, gives our clients a force-multiplier in protecting what matters most.”

Black Duck, which has spent seven consecutive years on Gartner’s Magic Quadrant for Application Security Testing, has become a staple in enterprise DevSecOps programs. Now, its services are part of UltraViolet’s unified operations model. That integration matters at a moment when CISOs are under pressure to address code quality, regulatory compliance, and AI-driven development risks simultaneously.

“Black Duck’s broad and distinguished portfolio of professional and managed services are highly complementary to UltraViolet’s offensive security offerings,” said Jason Schmitt, CEO of Black Duck. “This move ensures that our customers will continue to receive industry-leading security testing services and unlocks greater scale, scope, and specialization as part of UltraViolet’s unified security operations.”

The transaction also establishes a commercial partnership, allowing Black Duck to focus on its core software and SaaS products while UltraViolet folds AST into a larger framework of threat detection and incident response. Clients of both companies are expected to benefit from deeper visibility across hybrid environments and more proactive protection earlier in the development process.

“UltraViolet Cyber continues to lead the market in unifying offensive and defensive security operations under one model,” said Aanand Radia of Achieve Partners, which sponsored the deal. “This acquisition will play a critical role in ensuring that UltraViolet remains at the leading edge of helping organizations operate at the speed of the adversary, not behind it.”

The move caps a period of momentum for UltraViolet, which recently secured a spot on the Inc. 5000 list of fastest-growing private companies. With application security now colliding head-on with the rise of AI-generated code, the company’s bet on Black Duck signals a sharpened focus: addressing risks where they start, in the software itself.