Cyber Security

Insignary Closes the SBOM Accuracy Gap with Binary Level Specification for Regulatory Risk

Many software architecture analysis tools read what developers say. Insignary Clarity’s first proprietary binary platform analyzes what’s actually being built, deployed, and deployed – including open source components that don’t appear in any manifest.

Insignary, Inc., whose proprietary binary fingerprinting technology has been cited in four Gartner research reports, today announced its recognition as an Accessibility Analysis Exemplary Vendor in the Gartner Hype Cycle for Secure Software Engineering, 2026.

According to Gartner: “Open source components and third-party components can contain a long list of vulnerabilities, but not all of them directly affect your code base. Vulnerability analysis helps evaluate vulnerabilities based on their exploitability.”*1

The urgency is evident in all private sector research. Venafi’s 2024 survey of 800 security decision makers across the US, UK, Germany, and France found that 92% are concerned about AI-generated code, and 63% have considered shutting it down entirely due to security risks.*2 The US National Vulnerability Database recorded more than 48,000 CVEs by 2025 – about 130 every day.

AI coding assistants are accelerating the growth of unmanaged open source dependencies. As organizations increasingly use these tools, they face an expanding challenge: understanding which open source components go into production software, whether those components can be trusted, and how the resulting security and compliance risks are managed.

The problem with the layout. Most SCA tools learn what developers say – not what actually works. AI-generated code, vendor libraries, and third-party binaries often bypass package managers and do not appear in the manifest.

“SBOMs are becoming more and more a regulatory requirement around the world. However, the visibility of the software is only as reliable as the accuracy of the SBOM itself. You cannot verify the SBOM by reading the manifest that it created. You verify the SBOM by testing the software that was actually built, shipped, and used. As the regulations of the SBOM software supply chain are increasingly dependent on the key capability of the SBOM software according to the critical functionality of the software in the operating organization. operating in regulated industries, critical infrastructure, and in the areas of AI-powered software ” – Taek Wan Kim, President and CEO, Insignary

PRELIMINARY EXPLANATION: TWO-FIRST. AI-AWARE.

Insignary Clarity scans both source and binary to create a complete Software Bill of Materials (SBOM) for application teams, third-party components, and IT infrastructure that go through a secure development lifecycle.

Key skills include:

  • Binary SCA — identifies open source components, vulnerabilities, and license obligations directly from compiled binaries, without requiring source code or package specification
  • AIBOM Generation – generates an AI Bill of Materials for software that contains AI-generated code or AI, including components that bypass traditional dependency declarations
  • Accessibility Analysis – determines which exposed vulnerabilities reach executable code paths, allowing risk-based prioritization rather than trying to calculate a raw CVE
  • Continuous Vulnerability Alert – monitors maintain SBOMs against an updated vulnerability database and deliver automatic alerts when newly exposed CVEs match exploits, without requiring rescans

“SBOM is the foundation for managing the complexity and security of modern software deployments.”*3

AWARDED TO FOUR GARTNER REPORTS

Insignary has been identified in four Gartner research reports*, Gartner Hype Cycle for Secure Software Engineering, 2026, Gartner Hype Cycle for Application Security, 2025, Gartner Scale Application Security With AI-Augmented Vulnerability Remediation, 2025, and Gartner 3 Steps to Assess Open-Source Software2.

SUPPORTING THE PURCHASING NEEDS OF GLOBAL SOFTWARE SERVICES

Insignary Clarity supports organizations meeting the security needs of the software-supply chain across North America and around the world:

  • US Executive Order 14028 and OMB Memorandum M-26-05 — federal agencies can now independently certify vendors’ SBOMs rather than accepting a standard certification form, raising the standard for all software sold to the US government.
  • FDA Section 524B – all pre-market shipments of a connected medical device must include a binary certified SBOM that includes all integrated software components.
  • Canada’s Bill C-8 Critical Cyber ​​​​Systems Protection Act (CCSPA), which comes into effect in June 2026 – mandatory regulation of the risk supply chain for banking, telecommunications, energy, and transportation operators.

Additional frameworks: CISA and NSA SOM guidance, NIST SSDF, Australia’s Information Security Manual (ISM), US Connected Car Act, EU Cyber ​​Resilience Act.

TRUSTED BY GOVERNMENTS AND BUSINESSES WORLDWIDE

Globally, BearingPoint – one of Europe’s leading management and technology companies and a strategic investor in Insignary – acts as the company’s exclusive distributor throughout Europe. Cybertrust Japan, another strategic investor, and reseller partner TechMatrix are driving adoption across Japan under a joint SBOM program. Customers include government organizations and world leaders across the energy, defense, financial services, automotive, manufacturing, medical, and other technology sectors.

GARTNER and Hype Cycle are trademarks of Gartner, Inc. and/or its subsidiaries. Gartner does not endorse any vendor, product or service featured in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designations. Gartner research publications contain the opinions of the Gartner research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, regarding this research, including any warranties of merchantability or fitness for a particular purpose.

ABOUT THE INSIGNARY

Insignary Inc. is a Toronto-based cybersecurity company specializing in binary analysis and software supply chain security. Its patented technology allows organizations to identify open source software components, vulnerabilities, and software evolution directly from compiled binaries without needing access to the source code.

The company’s flagship platform, Insignary Clarity, provides binary analysis and software architecture analysis capabilities that enable organizations to verify the content of deployed software and strengthen software supply chain governance. Insignary Clarity AIR extends this capability to the AI ​​domain by helping organizations identify, assess, and manage risks associated with AI models, AI-generated software, and AI-driven development environments.

The company serves enterprises, governments, and software vendors worldwide and is backed by strategic investors and partners including BearingPoint in Europe, Cybertrust Japan and TechMatrix in Japan, and TMA Solutions. Through its ecosystem of global partners, Insignary supports software security systems across North America, Europe and Asia.

Website:

Full report: Gartner Hype Cycle for Secure Software Engineering, 2026

References:

  1. Gartner, The Hype Cycle for Secure Software Engineering 2026
  2. Venafi, “A Review of Machine Ownership Management Development,” 2024
  3. Gartner, “Emerging Tech: Software Bill of Materials Essential to Software Supply Management.”
Contact person

Principal Solutions Architect

Jessica DY Lee

Insignia

jessicalee@insignary.com

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button