My INCUBA Search Dansk

Coana writes a new chapter: Aarhus cyber startup becomes part of US Socket

The Aarhus-based AppSec company Coana, which originated from Professor Anders Møller's research group at Aarhus University and is based at INCUBA, has been acquired by the American software security startup Socket. The deal marks one of the largest exits in the INCUBA environment in recent years and emphasises Aarhus' position as a hot-spot for deep technological research with global commercial impact.

From research to global platform

Coana was founded in 2022 with the backing of Sequoia Capital and others to turn cutting-edge static control and data flow analysis into a practical tool for reachability analysis: a method that cuts up to 80% of false positives in traditional Software Composition Analysis (SCA). In just two-and-a-half years, the team has grown from an academic proof-of-concept to an engine trusted by some of the world's most demanding development teams.

‘We founded Coana to give developers a tool that finds 100 critical problems instead of 10,000 trivial ones,’ says Martin Torp, CPO and co-founder of Coana. ‘By joining Socket, we can take that vision to the next level.’

Read more about Coana's story here.

Why Socket?

In just a few short years, Socket has cemented itself as a market leader in software supply chain security with customers such as Anthropic, Figma, OpenAI and Vercel. However, the company needed an extremely accurate prioritisation engine for known vulnerabilities - and this is where Coana's reachability technology fits like a glove.

‘For any team buried under thousands of vulnerability alerts, Coana's reachability analysis offers a smarter way forward,’ says Feross Aboukhadijeh, Founder and CEO of Socket. ‘Together, we can provide developers with accurate, actionable insights - without the noise.’

Socket has delivered over 300% revenue growth in the past 12 months and today blocks more than 1,000 supply chain attacks per week. With Coana's technology integrated directly into Socket's platform, developers now get reachability context alongside real-time detection of malicious packets.


What does this mean for the Coana team and customers?

The entire Coana team - including co-founders Anders Søndergaard (CEO), Martin Torp (CPO), and Benjamin Barslev (CTO) - will remain with Socket and are already working to build reachability analytics into Socket's dashboards.

‘Joining Socket means we can scale our impact immediately,’ says Anders Søndergaard, CEO of Coana. ‘Together we will help organisations drastically reduce the burden of vulnerability management.’

Existing Coana customers will enjoy a seamless transition to Socket once the integration is complete. For the INCUBA community, the Coana founders promise to maintain a strong relationship: the Aarhus office will be the hub for further research, development and talent recruitment in static analysis.

Benjamin Barslev, Martin Torp, Anders Søndergaard og Anders Møller, co-founders of Coana

An incentive for the Danish deep-tech ecosystem

For INCUBA, the acquisition is proof of the value of close collaboration between university, investors and entrepreneurs.

‘Coana's journey shows how research can become global products almost from day one,’ says Jacob Doktor Mogensen, CEO of INCUBA. ‘We are proud to have supported them from university to an international exit - and we look forward to the next generation of security startups from the community.’

With the acquisition, to be announced in San Francisco on 23 April 2025, Socket gains access to the world's leading reachability engine, while Aarhus once again puts itself on the world map as an incubator for cutting-edge cybersecurity technology.

Read more at Coana here and at Socket here.

Martin Torp, Coana, Benjamin Barslev, Coana, Feross Aboukhadijeh, founder & CEO, Socket, Jay Keswani, Head of Strategy & Operations, Socket, Anders Møller, Coana og Anders Søndergaard, Coana

Cybersecurity in INCUBA

With Coana's exit, INCUBA cements itself as one of Denmark's strongest cybersecurity hubs. In addition to Coana, INCUBA is home to global players such as CrowdStrike, TrueSec and Partisia, promising growth companies such as Confiware and the newly established ecosystem Security Tech Space, and a number of emerging startups. The dense cluster of research, capital and specialised talent means that new security solutions can mature and scale quickly - as Coana's journey from university spinout to international exit now stands as a shining example.

  • Founded: 2022, Aarhus, INCUBA
  • Founders: Anders Søndergaard (CEO), Martin Torp (CPO), Benjamin Barslev (CTO), Anders Møller (CRO)
  • Roots: Research in static analysis with Professor Anders Møller, Aarhus University
  • Product: Reachability-based Software Composition Analysis that removes up to 80% false positives
  • Investors: Sequoia Capital and others
  • Results: Up to 10× faster remediation of critical vulnerabilities
  • Team: An elite team of researchers and developers (all continuing in Socket)
  • Founded: 2020, San Francisco
  • Founder/CEO: Feross Aboukhadijeh
  • Focus: Software supply chain security with real-time detection of malicious packages
  • Customers: 8,500+ organisations; 750,000+ code repositories (e.g. Anthropic, Figma, OpenAI, Vercel)
  • Key metrics: 300% annual growth; blocking > 1,000 attacks per week
  • Funding: $40 million. Series B led by Abstract Ventures, Elad Gil and a16z
Coana, INCUBA, 23 April 2025