Most software program composition evaluation instruments learn what builders declare. Insignary Readability’s patented binary-first platform analyzes what is definitely constructed, shipped, and deployed — together with the open-source parts that by no means seem in any manifest.
Insignary, Inc., whose patented binary fingerprint know-how has been cited in 4 Gartner analysis studies, at this time introduced its recognition as a Pattern Vendor for Reachability Evaluation within the Gartner Hype Cycle for Safe Software program Engineering, 2026.
Based on Gartner: “Open-source and third-party parts might comprise an extended listing of vulnerabilities, however not all of them straight impression your code base. Reachability evaluation helps in triaging the vulnerabilities primarily based on their exploitability.”*1
The urgency is evident throughout impartial trade analysis. A 2024 Venafi survey of 800 safety decision-makers throughout the U.S., U.Okay., Germany, and France discovered that 92% are involved about AI-generated code, and 63% have thought of banning it outright over safety threat.*2 The U.S. Nationwide Vulnerability Database recorded greater than 48,000 CVEs in 2025 — roughly 130 on daily basis.
AI coding assistants are accelerating the expansion of unmanaged open-source dependencies. As organizations undertake these instruments at scale, they face a widening problem: understanding which open-source parts enter manufacturing software program, whether or not these parts will be trusted, and the way the ensuing safety and compliance dangers are managed.
The issue is structural. Most SCA instruments learn what builders declare — not what really runs. AI-generated code, vendor libraries, and third-party binaries regularly bypass bundle managers and by no means seem in a manifest.
“SBOMs are more and more turning into a regulatory requirement all over the world. Nonetheless, software program transparency is barely as dependable because the accuracy of an SBOM itself. You can not confirm an SBOM by studying the manifest that created it. You confirm an SBOM by analyzing the software program that was really constructed, shipped, and deployed. As software program supply-chain laws more and more rely on SBOMs, the flexibility to validate software program on the binary stage turns into important for organizations working in regulated industries, vital infrastructure, and AI-enabled software program environments.” — Taek Wan Kim, President & CEO, Insignary
INSIGNARY CLARITY: BINARY-FIRST. AI-AWARE.
Insignary Readability scans each supply and binary to construct an entire Software program Invoice of Supplies (SBOM) for the functions groups construct, the third-party parts they incorporate, and the IT infrastructure that bypasses the normal safe improvement lifecycle.
Key capabilities embody:
- Binary SCA — identifies open-source parts, vulnerabilities, and license obligations straight from compiled binaries, with out requiring supply code or bundle manifests
- AIBOM Technology — produces an AI Invoice of Supplies for software program containing AI-generated or AI-assisted code, overlaying parts that bypass conventional dependency declarations
- Reachability Evaluation — determines which disclosed vulnerabilities really attain executable code paths, enabling risk-based prioritization quite than uncooked CVE-count triage
- Steady Vulnerability Alerting — displays saved SBOMs in opposition to up to date vulnerability databases and delivers automated alerts when newly disclosed CVEs match deployed parts, with out requiring a rescan
“An SBOM is foundational to managing the complexity and securability of contemporary software program deployments.”*3
RECOGNITION IN FOUR GARTNER REPORTS
Insignary has been cited in 4 Gartner analysis studies*, Gartner Hype Cycle for Safe Software program Engineering,2026, Gartner Hype Cycle for Software Safety,2025, Gartner Scale Software Safety With AI-Augmented Vulnerability Remediation,2025, and Gartner 3 Steps for Assessing an Open-Supply Software program Venture, 2025.
SUPPORTING GLOBAL SOFTWARE SUPPLY CHAIN REQUIREMENTS
Insignary Readability helps organisations assembly software program supply-chain safety necessities throughout North America and globally:
- U.S. Govt Order 14028 and OMB Memorandum M-26-05 — federal businesses might now independently confirm vendor SBOMs quite than accepting an ordinary attestation type, elevating the bar for all software program offered into the U.S. authorities
- FDA Part 524B — each linked medical system premarket submission should embody a binary-verified SBOM overlaying all compiled software program parts
- Canada’s Invoice C-8 Crucial Cyber Techniques Safety Act (CCSPA), efficient June 2026 — necessary provide chain threat administration for banking, telecommunications, vitality, and transportation operators
Extra frameworks: CISA and NSA SBOM steering, NIST SSDF, Australia’s Data Safety Guide (ISM), U.S. Related Automobile Rule, EU Cyber Resilience Act.
TRUSTED BY GOVERNMENTS AND GLOBAL ENTERPRISES
Globally, BearingPoint — one in every of Europe’s main administration and know-how consulting corporations and a strategic investor in Insignary — serves as the corporate’s unique distributor throughout Europe. Cybertrust Japan, one other strategic investor, and its reselling companion TechMatrix drive adoption throughout Japanese manufacturing below a joint SBOM initiative. Clients embody authorities organizations and international leaders throughout the electronics, protection, monetary providers, automotive, manufacturing, medical, and different know-how sectors.
GARTNER and Hype Cycle are logos of Gartner, Inc. and/or its associates. Gartner doesn’t endorse any vendor, services or products depicted in its analysis publications, and doesn’t advise know-how customers to pick out solely these distributors with the very best scores or different designation. Gartner analysis publications encompass the opinions of Gartner’s analysis group and shouldn’t be construed as statements of truth. Gartner disclaims all warranties, expressed or implied, with respect to this analysis, together with any warranties of merchantability or health for a selected function.
ABOUT INSIGNARY
Insignary Inc. is a Toronto-based cybersecurity firm specializing in binary composition evaluation and software program provide chain safety. Its patented know-how permits organizations to determine open-source software program parts, vulnerabilities, and software program provenance straight from compiled binaries with out requiring entry to supply code.
The corporate’s flagship platform, Insignary Readability, gives binary evaluation and software program composition evaluation capabilities that allow organizations to confirm the contents of deployed software program and strengthen software program provide chain governance. Insignary Readability AIR extends this functionality to the AI area by serving to organizations determine, assess, and handle dangers related to AI fashions, AI-generated software program, and AI-driven improvement environments.
The corporate serves enterprises, governments, and software program distributors worldwide and is supported by strategic traders and companions together with BearingPoint in Europe, Cybertrust Japan and TechMatrix in Japan, and TMA Options. By means of its international companion ecosystem, Insignary helps software program provide chain safety initiatives throughout North America, Europe, and Asia.
Web site: https://insignary.com/
Full report: Gartner Hype Cycle for Safe Software program Engineering, 2026
References:
- Gartner, Hype Cycle for Safe Software program Engineering 2026
- Venafi, “Machine Id Administration Growth Survey,” 2024
- Gartner, “Rising Tech: A Software program Invoice of Supplies Is Crucial to Software program Provide Chain Administration.”
Contact
Principal Options Architect
Jessica DY Lee
Insignary
jessicalee@insignary.com


