RegScale, the AI-powered Continuous Controls Monitoring (CCM) platform operationalizing risk for the CISO, today announced record growth and market-defining momentum as enterprises and government agencies accelerate their shift away from manual, audit-driven GRC toward real-time, automated assurance.
The company reported 300% revenue growth and 140% net revenue retention, powered by an oversubscribed $30+ million Series B led by Washington Harbour Partners with participation from M12 (Microsoft’s Venture Fund), Hitachi, Ankona, SYN Ventures, and others, bringing total funding to more than $50 million. RegScale customers consistently report achieving compliance certifications 90% faster and cutting audit preparation effort by 60%.
“Every CISO we talk to is frustrated and burned out by manual compliance processes on their team,” said Travis Howerton, Co-Founder and CEO, RegScale. “Our second annual State of CCM Report confirmed what our customers tell us: regulated organizations are not asking whether to automate compliance anymore. They are asking who gets them there fastest, securely, and at scale. RegScale is that answer, and this year’s results prove it.”
Platform Leadership: AI Agents, Open Source, and Certification at Scale
RegScale continued to accelerate its AI product, RegML, deploying purpose-built AI agents that continuously monitor and validate controls, automate evidence collection, analyze risk in real time, and trigger remediation without human intervention. RegScale’s AI leadership was independently validated when it was named 2025 Gartner® Cool Vendors™ with AI-Powered Technologies for Assurance Leaders, recognizing RegScale’s differentiated approach to AI-driven compliance at scale. The platform earned the CSA STAR “Valid-AI-ted” designation with a 97.7% score, and RegScale’s security credential portfolio now includes FedRAMP High Authorization and TX-RAMP.
RegScale simultaneously launched and donated the OSCAL Hub to the open-source community, continuing to contribute to machine-readable compliance standards now being adopted across government and commercial sectors.
Market Expansion: Enterprise, Federal, and Channel
RegScale also moved into a new tier of Fortune 500 and large federal enterprise accounts. The GTM team expanded into new territories in North America and across Europe and deepened channel investment through a strategic partnership with Leidos. Channel momentum was further reinforced through the company’s partner ecosystem, anchored by relationships with GuidePoint, CALIBRE, Microsoft, and Carahsoft, among others.
“Compliance automation is at an inflection point, and RegScale is where the most sophisticated federal and enterprise buyers are landing,” said Todd Graham, Managing Partner, M12, Microsoft’s Venture Fund. “The combination of a compliance-as-code foundation, AI agents already in production, and FedRAMP High authorization gives RegScale a position that is very difficult to replicate. We’ve watched this team execute ahead of expectations at every stage, and we believe this is still the early innings of a significant market transformation.”
“Federal agencies are working to strengthen cybersecurity, keep pace with compliance requirements and operate more efficiently,” said Josh Salmanson, Vice President of Defensive Cyber Practice, Leidos. “By combining Leidos’ cybersecurity experience and mission understanding with RegScale’s continuous controls monitoring capabilities, we aim to help customers simplify compliance activities, gain better insight into security and risk, and support stronger cyber resilience.”
“RegScale has changed how we can deliver compliance services to our federal clients,” said Charles Onstott EVP & CTO, CALIBRE Systems. “The platform’s ability to automate evidence collection and continuously monitor controls means we can deliver outcomes our customers previously could not have imagined on their timelines or budgets. The collaboration we have built with the RegScale team this year is one we intend to grow significantly.”
Leadership, Recognition, and the Road Ahead
RegScale strengthened its leadership team this fiscal year, appointing Chad Woolf as Chief Product Officer to lead the company’s compliance and risk modernization agenda, alongside new product and go-to-market leaders across the organization. The company has grown by more than 30% in employee count and is proactively scaling its team to meet market demand.
Industry recognition for RegScale’s category leadership reached new heights in FY26. Travis Howerton was named a Finalist in the prestigious 2026 EY Entrepreneur Of The Year Mid-Atlantic Awards and the company was named a CCM winner of numerous cybersecurity awards, solidifying its leadership in cyber GRC and CCM.
Gartner projects that by 2028, 75% of all DevOps continuous compliance automation processes will leverage AI technology to drive efficiencies in auditing, reporting, validating, and remediating regulatory compliance.* RegScale’s customers are not waiting for 2028. With AI agents already in production across Fortune 500 and federal environments, RegScale is the platform delivering on that future today.
In FY27, the company will accelerate investment in DevSecOps, next-generation RegML agents, and real-time alignment with emerging frameworks like FedRAMP 20x and CMMC. With OSCAL adoption accelerating across government and financial services, RegScale is moving compliance from a business tax or revenue blocker to a continuous, intelligent layer of modern risk management for the CISO.
About RegScale
RegScale is a Continuous Controls Monitoring (CCM) platform designed to be the operational risk tool for the CISO. Built on a compliance-as-code foundation, RegScale delivers extreme automation through an API-first architecture, self-updating paperwork, and purpose-built AI agents that eliminate manual labor, make programs more proactive, accelerate time to market, and reduce operational risk. Heavily regulated organizations, including Fortune 500 enterprises and the federal government, report achieving compliance certifications 90% faster and trimming audit preparation by 60%. Learn more at www.regscale.com.
Gartner, Cool Vendors with AI-Powered Technologies for Assurance Leaders, Jie Zhang, Nicholas Sworek, Weston Wicks, Joel Backaler, 15 September 2025.
Gartner, “Market Guide for DevOps Continuous Compliance Automation Tools,” Daniel Betts, George Spafford, Chris Saunderson, Hassan Ennaciri, 2 March 2026. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research and advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260514674818/en/
Media gallery
