Eclypsium has closed a funding round to strengthen its position in global supply chain security. The funding will help Eclypsium realise its vision of creating a future where every company has control and confidence in the security of their supply chain.

Within just a few days, researchers encountered two examples of supply chain vulnerabilities in high-value devices from leading vendors: one in Illumina’s genetic testing equipment discovered by the Eclypsium research team recently and another in Palo Alto Networks firewalls, published by a separate team the previous week. Both devices lacked protections one would expect from high-value equipment.

Many premier manufacturers, despite their reputation for innovation, maintain an outdated belief that their devices are inherently inaccessible to attackers. This assumption feels like something out of science fiction, particularly anachronistic in 2025 when nation-state actors and ransomware groups routinely target devices from almost every major manufacturer, with a particular focus on network edge devices. When attackers successfully breach a device’s security perimeter, they can gain nearly complete control, enabling them to maintain long-term access, steal sensitive data, or disable the device entirely.

Supply chain security transcends cybersecurity concerns; it stands as a cornerstone of economic stability and national defense. Initiatives like American Dynamism emerged to bolster U.S. competitiveness in critical technologies vital to national security and critical infrastructure. With the announcement to invest $500 billion in AI infrastructure, there must be a strong emphasis on fortifying supply chains and protecting infrastructure against persistent and disruptive cyberattacks. These efforts are essential to ensuring resilience in the face of evolving global geopolitical threats.

Several months ago, details emerged of a Volt Typhoon attack that exploited Fortinet VPNs and Cisco devices to compromise critical communications infrastructure for many years. The attackers, part of a nation-state operation, were able to route traffic through compromised systems, gaining persistent access to sensitive data. The boldness and sophistication of these threats have reached unprecedented levels.

More concerning is that this was not an isolated incident. Repeated campaigns by nation states and ransomware groups have targeted telecommunication backbones, manufacturing facilities, data centers, satellite communications, and financial and healthcare infrastructure. These are not hypothetical risks—they are occurring now and are global, with real consequences for businesses, governments, and individuals.

The focus has shifted beyond malware on personal laptops or smartphones. The battleground has moved to the infrastructure that powers entire economies, healthcare systems, and communication networks. Nation-states and ransomware groups are exploiting these vulnerabilities not just to steal data but to establish long-term persistent control over critical systems.

Eclypsium is committed to creating a comprehensive supply chain security framework enabling manufacturers to verify the integrity of their products, while organizations can trust that their essential components are authentic, uncompromised, and protected.