IntelliGRC Raises $3.5M to Scale Enterprise Compliance Technology
With CMMC enforcement live and fewer than 1% of defense contractors audit-ready, IntelliGRC bets on MSPs as the compliance delivery layer for the DIB.
Fairfax, Virginia-based IntelliGRC, a cybersecurity governance, risk, and compliance platform built for managed service providers, has closed a $3.5 million seed round as the company looks to carve out a position in the global GRC software market, which industry analysts value at roughly $23 billion in 2026 and project will reach $39 billion by 2031 at a compound annual growth rate exceeding 10%. The funding, which closed on January 31, 2026, arrives at a moment when the Department of Defense’s Cybersecurity Maturity Model Certification program has moved from years of rulemaking into active enforcement, creating an immediate compliance burden for more than 220,000 companies in the Defense Industrial Base.
The round was co-led by Kyle Hanslovan, co-founder and chief executive of Huntress, and Blu Ventures, a Vienna, Virginia-based venture capital firm that has deployed more than $200 million in capital since its founding in 2010 and focuses primarily on early-stage cybersecurity investments. Marcos Torres, a venture partner at Blu Ventures and former chief financial officer of Huntress Labs, will take a board seat. Legal advisory firm Cooley structured the transaction. Additional participants include SaaS Ventures, Early Light Ventures, and Hypershift Technologies, along with individual backers Jennifer and James VanderWeir of Vandy Advisors, John Ferrell of Huntress, Kevin Blake and Rashaad Bajwa of Integris, Steven Freidkin of Ntiva, Ryan Bonner of DEFCERT, and Dustin Bolander of Cyberdrain and Beltex Insurance.
Hanslovan’s involvement is notable. Huntress, the managed detection and response company he co-founded in 2015, is valued at more than $1.5 billion after raising over $300 million in venture capital, including a $150 million Series D led by Kleiner Perkins and Meritech Capital in 2024. The company protects more than 200,000 businesses across four million endpoints and 10 million identities. His personal participation in IntelliGRC’s seed round puts cybersecurity channel credibility behind the bet that compliance automation for service providers represents a distinct and growing category.
The market tailwinds behind that bet are considerable. Phase 1 of the CMMC program took effect on November 10, 2025, and the Department of Defense estimates that roughly 65% of the defense supply base will be affected during the first year. Only about 1% of defense contractors are fully prepared for CMMC audits, according to a recent survey of the Defense Industrial Base, a figure that has actually declined from 4% in 2025 and 8% in 2023. Approximately 80 authorized third-party assessment organizations currently serve roughly 80,000 contractors requiring Level 2 certification, and many are already booked through 2026. Assessment fees, which currently range from $31,000 to $76,000, are expected to climb to between $75,000 and $150,000 by late 2026 as demand outstrips supply. Industry estimates suggest that between 33,000 and 44,000 companies could exit the defense market between 2025 and 2027 as compliance costs exceed the economic value of maintaining their defense business.
Meanwhile, prime contractors are not waiting for the government’s phased timeline. Lockheed Martin now requires all suppliers to document their CMMC status and frames compliance as essential to maintaining uninterrupted business operations. Boeing is urging suppliers to pursue Level 2 certification immediately rather than waiting for contract requirements to appear. Phase 2, which introduces mandatory third-party certification, is scheduled to begin in November 2026.
IntelliGRC is positioning itself at the intersection of this regulatory pressure and the managed services industry, a sector valued at more than $400 billion globally in 2026 according to multiple research firms, with over 70% of MSP clients falling into the small and medium-sized business category. The company was founded by Ozzie Saeed, who previously served as Director of Cybersecurity Operations at Tiber Creek Consulting, where the platform was originally incubated in 2016 after years of performing compliance determinations for NIST 800-171 requirements. Saeed also contributed to the development of the CMMC 2.0 Assessment Guides and Scoping Guide and represented small and medium-sized businesses within the NDISAC Defense Industrial Base Sector Coordinating Council, giving him direct visibility into the policy framework his company now automates against.
The IntelliGRC platform embeds artificial intelligence and bulk automations into the compliance lifecycle, including automated evidence collection and mapping, continuous control monitoring, an Intelligent Control Library, asset-centric data modeling, and parameter-driven remediation guidance. IntelliGRC has a multi-tenant architecture that allows service providers to manage compliance across multiple clients simultaneously. The core thesis is that traditional GRC systems, despite promises of automation, still require heavy involvement from subject matter experts who are in short supply. Fewer than 600 certified CMMC assessors exist today, against an estimated need for 2,000 to 3,000 to meet future certification demand.
The $3.5 million will be directed toward expanding IntelliGRC’s AI capabilities, further developing the Intelligent Control Library, broadening integrations across the MSP ecosystem, and growing the company’s sales, customer success, and enablement teams. The company will also invest in partner programs to help managed service providers build compliance into a repeatable, revenue-generating service offering. Cybersecurity services are already the fastest-growing segment of the MSP market, expanding at 18% annually through 2026 according to industry data, outpacing overall managed services growth of roughly 14%.
The competitive landscape in GRC is crowded at the enterprise level, with established players including IBM, Oracle, SAP, MetricStream, ServiceNow, and NAVEX Global commanding significant share. But IntelliGRC is targeting a specific niche: service providers selling compliance into the small and midsized defense contractor market, where the combination of regulatory urgency, limited internal resources, and high compliance costs creates acute demand for purpose-built tooling. The broader GRC platform market grew from $51.4 billion in 2025 to an estimated $56.7 billion in 2026, with the small and medium enterprise segment posting a projected 14.9% CAGR through 2031, the fastest growth rate by organization size.
Whether a $3.5 million seed round is sufficient to build durable market position against better-capitalized competitors remains an open question. But with CMMC enforcement accelerating, assessor capacity severely constrained, and tens of thousands of defense contractors facing a compliance-or-exit decision within the next 18 months, IntelliGRC has placed its bet at what appears to be an inflection point. The company’s ability to convert regulatory urgency into recurring revenue through the MSP channel will determine whether this seed round becomes the foundation of something larger.
