Advancing Supply Chain Security of Our Most Critical Infrastructure
Today, I am thrilled to share a pivotal milestone in Eclypsium’s journey: we have raised $45 million through a combination of equity and debt in a Series C round with Qualcomm Ventures, Pavilion Capital, and Singtel Innov8, with participation from a16z, Ten Eleven Ventures, Madrona and other existing investors. This funding will help us accelerate our vision to create a future where every organization operates with control and confidence in the security of its supply chain.
Milestones like this naturally inspire reflection—on who we are, where we’re going, and why this work matters. As 2024 came to a close, I was reminded of just how urgent our mission is. Within just a few days, we encountered two examples of supply chain vulnerabilities in high-value devices from leading vendors: one in Illumina’s genetic testing equipment discovered by the Eclypsium research team recently and another in Palo Alto Networks firewalls, which our team published last week. Both devices lacked protections you’d expect from high-value equipment.
What stands out is that even some of the most trusted and advanced manufacturers often assume that attackers would never gain access to their devices. And this is the moment it feels like I’d entered the surrealism of William Gibson’s Chiba City – this is a dangerously outdated assumption in 2025, when devices of virtually every major manufacturer have been targeted by nation states and ransomware, especially network edge devices. Once attackers compromise a device’s integrity, they gain virtually unrestricted control—allowing them to persist, exfiltrate data, or even render the device inoperable.
The Global Stakes of Supply Chain Risk
Supply chain security transcends cybersecurity concerns; it is a cornerstone of economic stability and national defense. Initiatives like American Dynamism emerged to bolster U.S. competitiveness in critical technologies vital to our own and our allies’ national security and critical infrastructure. With the announcement to invest $500 billion in AI infrastructure, we must place a strong emphasis on fortifying supply chains and protecting infrastructure against persistent and disruptive cyberattacks. These efforts are essential to ensuring resilience in the face of evolving global geopolitical threats.
A few months ago, details emerged of a Volt Typhoon attack that exploited Fortinet VPNs and Cisco devices to compromise critical communications infrastructure for many years. The attackers, part of a nation-state operation, were able to route traffic through compromised systems, gaining persistent access to sensitive data. It hit me just how bold and sophisticated these threats have become.
What’s worse is that this wasn’t an isolated incident. Time and again, we’ve encountered campaigns by nation states and ransomware groups targeting telecommunication backbones, manufacturing facilities, data centers, satellite communications, and financial and even healthcare infrastructure. These are not hypothetical risks—they are happening right now and are global, with real consequences for businesses, governments, and individuals.
It’s no longer about malware on someone’s personal laptop or smartphone. The battleground has shifted to the infrastructure that powers entire economies, healthcare systems, and communication networks. Nation-states and ransomware groups are exploiting these vulnerabilities not just to steal data but to establish long-term persistent control over critical systems.
At Eclypsium, we’re committed to creating a robust approach to supply chain security. Vendors can validate the safety of their products, while enterprises gain confidence that the components they rely on are legitimate, untampered and secure.
Securing GenAI Infrastructure
As someone who’s spent years in the evolving landscape of cybersecurity, I can’t help but feel a sense of urgency as we step into the age of GenAI. We live in a time when Wintermute is about to merge with Neuromancer. These technologies are revolutionizing how we work, learn, and innovate, but they’re also becoming prime targets for attackers.
A stark reminder last year was when critical vulnerabilities were discovered in NVIDIA’s DGX compute hardware—an essential piece of AI infrastructure. The implications are attackers could gain full control over systems running sensitive AI models, putting invaluable data and innovations at risk. It underscored a harsh reality: the infrastructure we’re building to power the next generation of AI is incredibly powerful—but also dangerously exposed.
But we don’t have to repeat the mistakes of the past. This is our chance to get it right. If we embed security into the foundation of GenAI infrastructure now, we can avoid the pitfalls that plagued previous generations of technology. At Eclypsium, we’re working to make this vision a reality. With our new investment, we are accelerating our mission to help organizations inventory and verify every piece of their GenAI stack—from NVIDIA GPUs and DGX firmware to AI-specific CPUs and networking hardware. Our goal is to provide an independent, reliable way to ensure these components are secure, authentic, and uncompromised.
When I think about the future of GenAI, I see endless potential. But that potential can only be realized if we build a foundation of trust and security. Together, we can ensure the infrastructure behind AI is something we can depend on—not just today, but for years to come.
A Shared Responsibility
For me, the urgency is personal. These attacks highlight how fragile our technological foundations have become. As someone deeply invested in securing supply chains and infrastructure, I can’t ignore the scale of these threats or the growing audacity of the actors behind them.
We’re living in an era where the stakes couldn’t be higher. The systems we rely on daily—cloud services, telecommunication backbones, AI infrastructure—are under siege. The question is no longer if an attacker will find a way in but how prepared we are to detect, respond, and rebuild when they do.
This is why I believe so strongly in the work we’re doing at Eclypsium. Protecting infrastructure at this level requires deep visibility, collaboration, and an unwavering commitment to trust and security. Together, we can build a safer, more resilient future—this is our opportunity to create a world where technology empowers us without compromising our security. This is our mission.
