RegScale raises USD $30 million in oversubscribed Series B

RegScale has reported 300% revenue growth and raised an oversubscribed Series B funding round of more than USD $30 million, with backing from M12, Microsoft's venture fund.

The cyber compliance software company said Washington Harbour Partners led the financing, with participation from M12, Hitachi, Ankona and SYN Ventures, bringing total funding to more than USD $50 million. It also reported 140% net revenue retention as it expands across federal and large corporate customers.

RegScale sells software for continuous controls monitoring, a category designed to replace manual governance, risk and compliance processes with automated, ongoing checks. Customers are using its system in production environments to monitor controls, collect evidence and analyse risk continuously, rather than preparing for audits at fixed intervals.

The announcement comes as security leaders face rising compliance demands across cloud, artificial intelligence and DevSecOps environments. RegScale argued that spreadsheet-led compliance work and older governance tools are too slow for organisations that must manage changing regulatory requirements and produce evidence more quickly.

Among the investors, M12 pointed to a broader market shift.

"Compliance automation is at an inflection point, and RegScale is where the most sophisticated federal and enterprise buyers are landing," said Todd Graham, Managing Partner, M12, Microsoft's Venture Fund. "The combination of a compliance-as-code foundation, AI agents already in production, and FedRAMP High authorization gives RegScale a position that is very difficult to replicate. We've watched this team execute ahead of expectations at every stage, and we believe this is still the early innings of a significant market transformation."

RegScale said customers are achieving compliance certifications 90% faster and cutting audit preparation work by 60%. The figures suggest buyers are prioritising shorter certification cycles and lower labour demands as compliance programmes grow more complex.

Federal push

A significant share of the company's recent growth has come from federal and large enterprise accounts. RegScale said it has moved into a new tier of Fortune 500 and major federal customers, while expanding sales coverage in North America and Europe.

It has also deepened its partner network, including a strategic partnership with Leidos and relationships with GuidePoint, CALIBRE, Microsoft and Carahsoft. That channel strategy suggests RegScale is trying to broaden its reach through established government and enterprise suppliers rather than relying only on direct sales.

Leidos linked the partnership to pressure on public sector organisations to improve both security and efficiency.

"Federal agencies are working to strengthen cybersecurity, keep pace with compliance requirements and operate more efficiently," said Josh Salmanson, Vice President of Defensive Cyber Practise, Leidos. "By combining Leidos' cybersecurity experience and mission understanding with RegScale's continuous controls monitoring capabilities, we aim to help customers simplify compliance activities, gain better insight into security and risk, and support stronger cyber resilience."

CALIBRE Systems also highlighted changing expectations among federal clients.

"RegScale has changed how we can deliver compliance services to our federal clients," said Charles Onstott EVP & CTO, CALIBRE Systems. "The platform's ability to automate evidence collection and continuously monitor controls means we can deliver outcomes our customers previously could not have imagined on their timelines or budgets. The collaboration we have built with the RegScale team this year is one we intend to grow significantly."

Product focus

At the centre of RegScale's pitch is RegML, a set of artificial intelligence agents that, according to the company, can continuously monitor controls, automate evidence gathering, assess risk in real time and trigger remediation steps without human intervention. The business also said it has donated OSCAL Hub to the open-source community, reflecting the growing importance of machine-readable compliance standards in government and regulated industries.

Its credentials include FedRAMP High authorisation, TX-RAMP and the CSA STAR "Valid-AI-ted" designation, where it said it scored 97.7%. Those certifications are likely to carry particular weight with government buyers and large regulated companies that require proof of security and assurance controls before adopting software.

RegScale has also expanded internally, appointing Chad Woolf as chief product officer and increasing headcount by more than 30%. That hiring push suggests the company is investing in product development and commercial scale as it competes for larger contracts.

Chief executive officer and co-founder Travis Howerton said the company is seeing frustration among security leaders with labour-intensive compliance work.

"Every CISO we talk to is frustrated and burned out by manual compliance processes on their team," said Travis Howerton, Co-Founder and CEO, RegScale. "Our second annual State of CCM Report confirmed what our customers tell us: regulated organizations are not asking whether to automate compliance anymore. They are asking who gets them there fastest, securely, and at scale. RegScale is that answer, and this year's results prove it."