RegScale Raises $30+ Million to Redefine Cyber GRC for Highly Regulated Industries

September 17, 2025 at 06:00 AM EDT

In the face of escalating cyberattacks and increased regulatory burden, RegScale raises funds from global investors to accelerate AI roadmap and expand go-to-market

RegScale, the leader in Continuous Controls Monitoring (CCM), today announced it has raised $30+ million in an oversubscribed Series B round led by Washington Harbour Partners, with additional investment from new investors M12, Microsoft’s Venture Fund, Hitachi Ventures, and Ankona Capital, as well as continued participation from existing investors SYN Ventures and SineWave Ventures. This raise confirms what customers and investors already know: RegScale isn’t building the next wave of cyber GRC, it’s redefining it, turning compliance from a burdensome, manual checklist process into a real-time and automated platform for the most heavily regulated industries.

“We invested in RegScale because the stakes could not be higher. Protecting critical infrastructure and high-value assets must be achievable, scalable, and resilient,” said Mina Faltas, Founder and CIO, Washington Harbour Partners. “RegScale has the technology, leadership, deep expertise, and market traction to transform GRC from a cost center into a force multiplier for security and resilience. With compliance debt dragging down agencies and enterprises alike, the company doesn’t just check compliance boxes; it increases security effectiveness while cutting compliance costs.”

The new capital will accelerate RegScale’s leadership in the $50+ billion GRC market and fuel key hires across R&D and sales, enabling the company to deliver increased impact to its growing customer base. It will accelerate RegScale’s RegML, industry-leading AI roadmap, expanding the only CCM platform with AI agents purpose-built to continuously monitor compliance, automate evidence collection/reviews, conduct audits, and analyze risk — capabilities no other provider delivers securely at scale. “RegScale’s AI-powered compliance-as-code approach delivers what today’s operators need most: faster certifications, lower costs, and a stronger security posture. This is the future of cyber GRC, and we’re excited to support RegScale as they scale to meet the growing demand,” said Todd Graham, Managing Partner at M12, Microsoft’s Venture Fund.

With this funding, RegScale is not only strengthening its value for government agencies, financial services, and high-tech organizations but also accelerating expansion into energy, utilities, and other highly regulated sectors where continuous compliance and security assurance are most urgent.

With cyberattacks escalating, nation-states and criminal groups exploiting compliance gaps, and budget cuts pushing for cost takeout and tool consolidation across all industries, CISOs can no longer rely on traditional GRC and manual labor approaches to just check a box. They need CCM to operationalize their risk program and deliver real-time control assurance against a growing set of cybersecurity threats.

RegScale is leading this revolutionary change in managing cyber GRC. Customers report 60% faster audit prep, 3–4x faster FedRAMP High authorizations, and up to 80% greater accuracy, with AI and automation delivering up to 10x staff efficiency. RegScale continues to promote industry standards, serving as the lead affiliate for the Cyber Risk Institute’s (CRI) OSCAL initiative, as a founding member of the OSCAL Foundation, a participant in the Cloud Security Alliance (CSA) Compliance Automation Revolution, and a contributor to the FedRAMP 20x initiative. Its impact has been recognized across the industry, most recently being named Best Compliance Solution by SC Media and as an industry leader by Gartner.

As proof of its platform’s maturity, RegScale achieved FedRAMP High Authorization sponsored by the DHS in half the cost and in just six months, versus the typical 18–24 months. Inside the company, the team is driving incredible growth: ARR has tripled year-over-year, key enterprise and federal customers are on board, and the team has expanded with major additions, including Devon Goforth as CTO, Rich Shirley as VP of Strategic Partnerships, Mike Kimball and Meghan Shafer as VPs of Sales, Jennifer Stafford as GM of Federal, and strategic advisors Roland Cloutier and Alex Tosheff.

“RegScale is transforming GRC from a consultant-driven, expensive, checklist-based compliance burden into real-time resilience and dynamic operational control assurance. By automating continuous controls monitoring, RegScale is leading the industry in how compliance can become a driver of competitive advantage and mission speed, not a barrier to innovation,” said Wolfgang Seibold, Partner & CFO at Hitachi Ventures.

“CISOs are faced with ensuring the systems that keep our country running can withstand increasingly sophisticated cyber threats. From homeland security missions, to the grid, to our leading cloud service providers, to global banking transactions, every compliance gap can quickly become an operational catastrophe or worse, a national security risk. RegScale was built to close those gaps in real time while cutting costs and accelerating missions,” said Travis Howerton, Co-Founder and CEO of RegScale. “We have assembled a world class leadership team that is laser focused on automating all aspects of risk and compliance. This funding allows us to double down: scaling our go-to-market team, expanding our platform capabilities, and accelerating our pace of innovation. The future of cyber GRC isn’t just manual paperwork, it’s your AI-powered Risk and Compliance Co-Pilot that accelerates your digital transformation efforts while simultaneously improving your security posture and cost basis.”

About RegScale

RegScale is a continuous controls monitoring (CCM) platform that is designed to be the operational risk tool for the CISO. Built on a compliance as code foundation, RegScale enables extreme automation with our API first strategy, self-updating paperwork, and powerful AI agents that all but eliminate manual labor, turn your program more proactive, save money, accelerate time to market, and reduce risk in your operational environment. Heavily regulated organizations, including Fortune 500 enterprises and the federal government, use RegScale and report achieving compliance certifications 90% faster and trimming audit preparation efforts by 60%, thereby strengthening security and reducing costs. Learn more at www.regscale.com.