PRESS RELEASE: ObjectSecurity Awarded $2.5M Government Contract to Advance DoD Capabilities in Automated Vulnerability Assessment

ObjectSecurity is Using Artificial Intelligence to Improve and Automate Vulnerability Assessment for the DoD

San Diego, Calif. – Dec 19, 2019 – ObjectSecurity, The Security Automation Company, today announced that it has been awarded a $2.5 Million Phase II Small Business Innovation Research (“SBIR”) grant from the Navy to advance the capabilities of the US Department of Defense (DoD). Entitled “Red Team in a Box for Embedded and Non-IP Devices”, the Phase II SBIR investment will help fund the development of an automated cybersecurity vulnerability assessment and penetration testing (VAPT) system. A core objective is to overcome the limitation of human red team resources for conducting vulnerability assessments on DoD systems, in particular, cyber-physical systems.

The $2.5M SBIR technology investment will help fund a portable, easy-to-use, automated vulnerability scanning solution to effectively and efficiently assess the cyber security posture of embedded devices. In Phase I, ObjectSecurity successfully developed a working proof of concept of the automated technology, supporting extracting the embedded device firmware via embedded systems ports (JTAG, UART etc.) followed by software vulnerability analysis beyond traditional signature-based assessments. The automated technology uses deep learning to intelligently and adaptively choose the best course of action, which ObjectSecurity researched as part of another prior SBIR contract that focused on traditional enterprise networks.

“The award of this Phase II SBIR grant is an important milestone for ObjectSecurity and underscores the strength of our science innovation that underwent rigorous peer review. It allows us to prioritize research efforts into needed features for the DoD,” said Ulrich Lang, CEO of ObjectSecurity. “SBIR contracts allow us to research and develop advanced concepts that feed into rapid product development, enabling us to commercialize next-generation innovative products that will bring tremendous value to the DoD, and our customers across all industries. We are committed to leading this initiative with the DoD to protect DoD’s embedded systems from adversaries by delivering advanced next-generation technology solutions.”

“By orchestrating a raft of vulnerability assessment and penetration testing technologies that were originally designed for manual use by human experts, our solution will be usable by non-experts”, said Edward Hackbarth, Senior Software Engineer at ObjectSecurity. “Deep learning allows the solution to learn and adapt over time like a human vulnerability assessor would”, adds Ulrich Lang, CEO of ObjectSecurity.

The federally-funded Small Business Innovation Research (SBIR) program is a highly competitive program that encourages domestic small businesses to engage in research and development that has significant potential for commercialization of innovative products, and their eventual transition into DoD programs. The program’s chief role is to bridge the gap between the performance of basic science and the commercialization of resulting innovations.

About ObjectSecurity

ObjectSecurity LLC is The Security Automation Company. A privately held company based in San Diego, CA, ObjectSecurity’s mission is to reduce cybersecurity effort, complexity, and cost through innovative cybersecurity automation technologies, including security policy automation, supply chain risk analysis automation, and vulnerability assessment automation.

  1. Supply chain risk analysis automation: ObjectSecurity SCRAMS analyzes procurement data and microelectronics for supply chain risks. In 2019, we added analysis support for SAP, and circuit board risk analysis as a finalist at an AFWERX Challenge.
  2. Security policy automation: ObjectSecurity OpenPMF offers powerful yet manageable technical security policy implementation. In 2019, we improved user and dev experience, and increased the reach of our consistent “umbrella” platform – covering people, process, tech layers, and policies (ABAC & more). ObjectSecurity was selected “Cool Vendor” by Gartner for OpenPMF
  3. “AI hacker” automation: ObjectSecurity VAPTBOX, an ongoing commercialization of the just-funded SBIR Phase II, is an intelligent automated vulnerability assessor and penetration tester that uses artificial intelligence to adapt. In 2019, we received a multi-million, multi-year government investment to fully develop VAPTBOX.


Ulrich Lang, Ph.D.
Chief Executive Officer
ObjectSecurity LLC
1855 1st Ave #103
San Diego, CA 92101
[email protected]