Cybersecurity Stars Awards · By The Hacker News
2026 WINNER · CYBERSECURITY STARS AWARDS

ReversingLabs · Spectra Assure

Best Software Supply Chain Security Platform
2026 Winner medal
ReversingLabs logo
Company
ReversingLabs
Location
United States
Team Size
50 - 99 employees
01

Overview

ReversingLabs (RL) is the trusted authority in software supply chain security. RL's Spectra Assure platform is the only solution that gives enterprises true visibility and control over software supply chain attacks — where traditional security tools and processes fall short. By automatically inspecting software build outputs, open-source packages, binaries, containers, AI models, and third-party software, Spectra Assure enables organizations to validate the integrity and security of software before curation, release, procurement, or deployment.

In 2025, software supply chains became a primary attack surface — deliberately exploited by cybercriminals and state-sponsored actors to achieve scale, persistence, and impact in targeted organizations. RL research revealed a 73% increase in malicious open-source packages, with nearly 90% of detections concentrated in npm, including the discovery of Shai Hulud, the first registry-native npm worm ever observed. ReversingLabs' threat intelligence platform — the world's largest, with over 422 billion pieces of malware and goodware (23.92 PB), more than eight times larger than the closest competitor offering — powers Spectra Assure's unmatched detection accuracy.

02

Key Capabilities

Spectra Assure automatically inspects binaries, containers, AI models, open-source packages, third party software, AI written software, developer tool extensions, artifact repositories, final releases, and software updates — identifying malware, tampering evidence, known vulnerabilities, code hardening issues, licensing violations, and more. Analysis generates comprehensive "SAFE" reports that translate deep technical analysis into actionable software composition, provenance, and policy compliance data.

Key features and capabilities include:

  • Extended Bill of Materials (xBOM): Goes beyond traditional SBOMs with ML-BOM (AI/ML model inventory), SaaSBOM (third-party SaaS and cloud service visibility), and CBOM (cryptographic asset inventory for post-quantum readiness) in CycloneDX format — supporting DORA, CRA, EU AI Act, and NIST AI RMF compliance.
  • Secure VMs: The only VM risk analysis that requires no deployment, runtime access, or agent installation — providing the fastest path to assessing risks in virtual machines.
  • Spectra Assure Community: Free visibility into risks in 6.5+ million open-source packages across npm, PyPI, RubyGems, NuGet, VS Code Extension Marketplace, PowerShell Gallery, and the new MCP Server Registry — enabling teams to vet OSS and AI tools before use.
  • Spectra Assure Insights: Consolidated views of related issues across multiple SAFE reports, pre-built searches to automatically detect "toxic combinations" of risks, and one-click saved searches to dramatically improve analyst productivity and decision confidence.
  • Continuous Threat Hunting Automation: Policies automatically detect high-profile supply chain attacks (e.g., Toptal GitHub breach, npm Nx package attack, Shai-Hulud worm), misused Keras Lambda layers, and malicious transitive dependencies, with enhanced differential analysis to surface novel malware and tampering.

Spectra Assure also delivers:

  • Proven ROI: Spectra Assure delivered 1000% efficiency improvement for purchasing and deploying third-party commercial software and reduced approval times for employee software/freeware requests from 8 hours to 1 hour, Third-Party Cyber Risk Management times from 3 months to 1 week, and time to secure Virtual Machines from 8 hours to 30 minutes.
  • Agile Innovation: ReversingLabs released 31 product updates in 2025, approximately every two weeks, including new xBOM types, Spectra Assure Community integrations, automated threat hunting policies, Malware Details Pages, and Automated Approvals — continually embedding senior researcher expertise directly into the platform to stay ahead of the evolving threat landscape.

Spectra Assure Market-Validated Leadership:

  • Gartner's 2025 Market Guide for Software Supply Chain Security projects that by 2028, 85% of software engineering teams in large enterprises will deploy software supply chain security tools, up from 60% in 2025. Spectra Assure is purpose-built to address the three core capabilities Gartner identifies as essential: OSS package curation, binary analysis without source code, and SBOM/VEX lifecycle support. 59 new enterprise customers adopted Spectra Assure in 2025 to proactively manage supply chain risk.
03

How we are different

Spectra Assure delivers the following:

  • Industry's only AI-Driven Complex Binary Analysis: Spectra Assure deconstructs binaries into their components and artifacts, identifying file formats using 4,800+ signatures and ML models across 400+ binary types to generate multiple BOMs — something no other tool can do. Packages up to 50GB with thousands of components are processed at ~1GB in under 5 minutes, delivering not just an SBOM but a best-in-class comprehensive risk analysis without requiring source code. This makes it the only true primary control point for third-party software risk.
  • The World's Largest Threat Repository that delivers results. Over 422 billion (totaling 23.92 PB) pieces of malware, goodware, proprietary threat research and attack intelligence are used to enable accurate threat detection and risk classification. This is more than eight times larger than the closest offering. In 2025, Spectra Assure did the following:
  • Served 466 billion API requests, up 49% YOY.
  • Analyzed 480 billion analyzed files (58 billion files added).
  • Identified 5.9 billion malicious files, up 20%.
  • Collected 2.6 billion URLs. 1.2 billion were malicious, up 91% and 102%, respectively.
  • Collected 466 million domains (186% increase). 255 million were malicious (220% increase).
  • Collected 133 million IP addresses (55% increase). 68 million were malicious (94% increase).
  • Extended Threat Hunting Automation that adapts to the changing threat landscape by embedding the expertise of RL's senior researchers directly into the product in a number of ways:
  • Implementing policies to automatically:
  • Detect high-profile supply chain attacks affecting open-source ecosystems, including Toptal GitHub breach, npm Nx package attack, and Shai-Hulud worm campaign.
  • Detect misused Keras Lambda layers executing arbitrary code (used in Tensorflow - an open-source, end-to-end platform for machine learning and deep learning)
  • Provide additional insights into AI model safety (e.g., fake news, harmful content, privacy violations, profanity), security (e.g., data exfiltration, jailbreaks, manipulation), and business alignment (e.g., intentional misuse) by integrating with SPLX red teaming.
  • Delivering enhanced differential analysis reporting that summarizes unusual changes for identifying novel malware and tampering
  • Secure AI-assisted coding workflows with integrated guardrails and automatic validation of referenced dependencies to prevent AI-code assistants from inadvertently introducing rogue open source.
  • Offering a pre-build check for malicious open source and other critical security risks based on Spectra Assure Community intelligence by scanning package manifest files for declared OSS dependencies and package manifest actions that occur during installation, development, testing, and package removal.
  • Reporting the presence of components with malicious transitive dependencies surfacing malware that may not be physically present within the software binary uploaded for analysis.
04

Gallery

Gallery image 1 Gallery image 2