A busy few months at Agger Labs

It has been a while since our last update. Most of that time has been spent where it has the greatest impact. Writing code, breaking code, refining detections and working with customers who expect tools that function predictably when their systems are under pressure. Silence on the blog has meant activity everywhere else. The last few months have been productive, deliberate and focused on substance.

A few milestones stand out. Each one reflects what we believe the security industry should be moving towards. Rigorous testing, transparency about capability, and engineering practices that prioritise correctness over marketing. Here is what we have been working on.

SE Labs certification

The most significant milestone is achieving SE Labs certification for the Agger agent. Their testing is known for being grounded in realistic adversary behaviour rather than generic lab scenarios. They are part of the Microsoft Virus Initiative, which gives them direct insight into how security technologies must operate on modern Windows platforms.

The industry has a long history of embellishing capability. Features are announced before they exist. Behavioural detection is claimed with no clear definition. Vendors say they stop ransomware while offering little to prove it. Independent testing is one of the few mechanisms that cuts through this noise. It forces vendors to confront what their products actually do, not what their marketing suggests.

For us, this validation matters because it confirms that our approach is both effective and robust under scrutiny. More importantly, it signals our commitment to honesty. If you are going to sell defensive technology, it should withstand external evaluation from teams who know how attackers operate. We expect this of others, so we hold ourselves to the same standard.

Go to Market

Our focus this year has been getting Agger into the hands of the teams who need it most. The tech works and the results speak for themselves, but adoption is where impact becomes real. In the second half of the year we pushed harder on our go to market, building cleaner onboarding paths, tightening our sales motion and spending more time with prospects under active pressure. The result has been incredible growth and a set of new customers we’re genuinely proud to support.

Selected for Black Hat Europe Cyber Startup Program

We were also selected for the Black Hat EU Startup Spotlight programme. Being chosen by peers is always meaningful because it reflects the view of practitioners who spend their time dealing with real incidents. Black Hat audiences are not easily swayed and recognition from that community suggests that our approach to ransomware defence is resonating. It also gives us the opportunity to engage directly with organisations who face the pressure of live attacks every week. Their feedback shapes our roadmap and keeps us focused on real world conditions rather than theoretical clean room models.

Adopting the UK DSIT Software Security Code of Practice and OWASP ASVS

We have also fully adopted the UK Department for Science, Innovation and Technology's Software Security Code of Practice. This initiative emphasises secure by design principles, which is how modern defensive tools should be built. Vendors expect customers to trust critical software that has deep access to their systems. That trust must be earned through engineering discipline rather than claims.

Our implementation of secure by design goes beyond policy alignment. We have embedded the OWASP Application Security Verification Standard into our development process to ensure our codebase adheres to recognised, measurable assurance levels. Every component of the Agger agent and its supporting infrastructure undergoes continuous analysis. This includes static analysis, variant analysis, fuzzing, threat modelling and stress testing. These pipelines run constantly and are tuned to the reality of kernel level development where undefined behaviour is never acceptable.

Security vendors should meet the same expectations they place on everyone else. If we advocate for secure software development, then we must demonstrate it in our own work.

Building, refining and preparing what is next

Away from public announcements, the majority of our effort has been focused on improving the agent. We have strengthened detection paths, expanded our modelling of exfiltration focussed ransomware, and improved the resilience and predictability of kernel operations under load. Much of this work has come directly from discussions with early adopters who operate in high pressure environments and need tooling that does not introduce instability.

New capabilities are coming. Some are already in customer hands and others are entering the final stages of testing. They represent the next step in our commitment to building defensive technology that behaves reliably, scales effectively and is grounded in clear, testable logic.

A final word

The past few months have reaffirmed what we stand for. Build defensible technology. Invite independent scrutiny. Adopt secure by design practices and prove that they shape the code rather than sit in documentation. The security industry needs more honesty and more engineering discipline. We intend to show that it is possible to build robust, transparent and trustworthy defensive software without resorting to exaggeration.

Thank you to everyone who has supported, challenged and collaborated with us. More is coming.