Regulus

The primary product line at Regulus is the Pyramid GNSS Protection Platform — a software stack that runs on automotive-grade embedded hardware (ECUs) or other embedded computing platforms and provides real-time detection, alerting, and in some configurations active mitigation of GNSS signal manipulation attacks. Pyramid is the commercial product through which virtually all of the company's revenue is generated.

The problem Pyramid addresses is technically narrow but operationally critical: GNSS receivers — the chips that process satellite signals to determine position, velocity, and time — have no native authentication mechanism in civilian GPS frequencies. A radio-frequency spoofer can broadcast a counterfeit GPS signal stronger than the genuine satellite signal, causing the receiver to compute a false position. Regulus's 2019 demonstration showed a Tesla Model 3 being redirected by a spoofed GPS signal, providing the first widely reported real-world vehicle attack of this type.

The buyers are Tier-1 automotive OEMs and their Tier-1 suppliers (e.g., companies in the advanced driver-assistance systems, or ADAS, stack), autonomous trucking companies, commercial UAV operators, and defense and government agencies that operate GPS-dependent platforms. The buyer roles are typically VP-level safety engineers, chief information security officers within automotive OEMs, and procurement officers in defense programs. The market is enterprise-only; there is no SMB or self-serve segment.

Regulus sells exclusively through a sales-led motion — direct enterprise engagements, proof-of-concept programs with OEM engineering teams, and channel relationships with defense-sector integrators. There is no publicly available trial version, no SaaS self-signup, and no marketplace listing for Pyramid.

Pricing is not publicly disclosed. Given the enterprise and government customer base, commercial terms are almost certainly structured as multi-year licensing or NRE (non-recurring engineering) arrangements rather than per-seat or per-API-call models. Specific contract values have not appeared in press releases or public filings.

The technical moat rests on two pillars: (1) proprietary signal-processing algorithms and associated patent filings covering GNSS spoofing detection methods, and (2) operational demonstration data — the 2019 Tesla Model 3 attack was one of the first publicly documented, peer-reviewed demonstrations of automotive GPS spoofing, and the company used that demonstration to establish research credibility that is difficult to replicate. The 2023 AirPods Pro vulnerability disclosure was a further iteration of the same research-led credibility strategy.

The engineering team works day-to-day on RF spectrum-domain signal processing, real-time anomaly detection using machine learning on GNSS signal characteristics, AUTOSAR-compatible software integration for automotive ECU deployment, and embedded systems programming targeting automotive-grade hardware constraints. Specific programming languages and frameworks (such as Rust, Kubernetes, or ClickHouse) used internally are not publicly known.

Pyramid GNSS Protection Platform is the flagship product. It is a software-only solution that ingests raw GNSS signal metadata from on-board receivers and runs detection algorithms to identify spoofing indicators — such as abnormal signal strength, unexpected carrier-phase shifts, or inconsistencies between multiple satellite constellations (GPS, GLONASS, Galileo, BeiDou). When an attack is detected, Pyramid generates an alert that can be acted upon by the vehicle's safety systems or the operator's monitoring infrastructure. In some configurations it also applies mitigation logic to prevent the false position from propagating to navigation stacks.

A secondary capability that Regulus has developed — and which it has used for internal research and customer PoC demonstrations — is a GNSS spoofing simulation and attack toolkit. This tool was used in the 2019 Tesla Model 3 demonstration. It is not marketed as a standalone commercial product; its primary role is as a research and validation instrument, though it presumably also assists customers in red-team testing of their own systems.

The most recent publicly acknowledged product milestone was the expansion of Pyramid to support multi-constellation GNSS environments and integration with AUTOSAR-based automotive software architectures, referenced in company communications and partner announcements in 2022 and 2023. This update broadened the platform's applicability beyond GPS-only receivers to multi-frequency, multi-constellation receivers increasingly common in L2-category autonomous vehicles.

No products are known to have been sunset. Given the company's small size and narrow focus, the product portfolio has remained tightly concentrated on the Pyramid platform since the company's founding in 2016.

Regulus does not appear in the AWS Marketplace, Salesforce AppExchange, or Snowflake Native Apps ecosystem based on publicly available information. Its distribution model is direct enterprise engagement rather than marketplace-driven discovery.

No public certifications under SOC 2, FedRAMP, or ISO 27001 have been announced by Regulus. In the automotive domain, the relevant cybersecurity standard is ISO/SAE 21434:2021 (Road Vehicles — Cybersecurity Engineering), and the complementary UN regulation UN R155, which governs cybersecurity management systems for vehicle OEMs. Regulus has positioned Pyramid as relevant to compliance with these frameworks, but no formal certification under ISO/SAE 21434 has been publicly announced.

The most directly comparable competitor is Spirent Communications, listed on the London Stock Exchange under ticker SPT. Spirent's GNSS division provides test and simulation equipment for satellite navigation systems, including spoofing simulation tools used by OEMs and government labs. The distinction between Spirent and Regulus is important: Spirent focuses on the test-and-measurement use case — helping engineers validate GNSS receivers in controlled environments — while Regulus focuses on in-vehicle runtime protection deployed in production systems.

A second competitor is Orolia, the French company that was acquired by Safran in 2022 for an undisclosed sum and now operates as Safran Trusted 4D. Orolia/Safran offers resilient PNT (positioning, navigation, and timing) solutions including anti-spoofing and anti-jamming hardware for defense, aviation, and maritime applications. Where Orolia addresses spoofing primarily through hardware-based countermeasures and multi-antenna receivers, Regulus's Pyramid is a software-layer solution that can run on existing receiver hardware — a meaningful architectural distinction for automotive OEMs who cannot easily change their hardware supply chains.

A third relevant competitive presence is u-blox (SIX: UBXN), the Swiss GNSS module maker whose newer modules include built-in spoofing-detection features at the chipset level. u-blox's embedded detection competes with Pyramid at the architectural level because OEMs may perceive chipset-level features as sufficient, reducing demand for a separate software protection layer. However, Regulus argues that chipset-level features are less sophisticated than Pyramid's algorithm suite.

Regulus does not appear in Gartner Magic Quadrant or Forrester Wave reports — these analyst frameworks cover enterprise software categories where the GNSS cybersecurity niche is not yet large enough to constitute a dedicated segment. The company competes for mindshare primarily through research publications, conference presentations at events like Black Hat and DEF CON, and direct OEM engagement.

From a pricing standpoint, Regulus targets premium enterprise and government contracts. There is no evidence of a free-tier or open-source strategy. Given that the buyers are automotive OEMs with multi-billion-dollar vehicle programs and government agencies with formal procurement processes, the company's commercial model is consistent with a premium-only positioning.

The Tesla Model 3 spoofing demonstration in 2019 was reported in Wired, IEEE publications, and numerous automotive-security media outlets, effectively serving as a landmark customer-awareness event even though Tesla was not a customer. In 2023 the AirPods Pro vulnerability disclosure was covered by 9to5Mac and broader cybersecurity press, reinforcing the company's research profile.

The primary tailwind for Regulus is the rapid proliferation of autonomous and semi-autonomous vehicles governed by SAE Level 2+ and Level 3 standards, drone delivery programs by companies including Amazon and UPS, and the expanding use of GPS-dependent precision agriculture and maritime autonomous systems — all of which increase the installed base of GNSS receivers that require protection. A headwind is that many OEMs still treat GPS security as a secondary concern relative to LiDAR or camera-system cybersecurity, which means budget allocation for standalone GNSS protection can be slow.

Regulus has not made any known acquisitions and has not itself been acquired as of the available information.

Regulus Cyber occupies office space in Haifa, which serves as the company's singular Israeli location. Unlike many Israeli cybersecurity companies that maintain headquarters in Tel Aviv or Herzliya, Regulus's choice of Haifa reflects both the founders' roots and the city's established engineering ecosystem, which includes a large number of Technion graduates and proximity to the Northern Israel defense-technology corridor.

The Israel headcount represents the vast majority of the company's total workforce of under 50 people. All R&D, security research, product, and management functions are based in Haifa. The Israeli operations constitute the full engineering spine of the company. A small number of commercial personnel operate outside Israel, primarily in the United States, where the key autonomous vehicle OEM customers are headquartered.

No expansion, downsizing, or relocation of the Haifa office has been publicly reported in the 2023-2024 period. The company appears to have maintained a stable physical footprint in Haifa since inception in 2016, consistent with its relatively small scale and focused product strategy.

Both co-founders — Dr. Dov Radcliffe and Yitzchak Hochberg — are Israeli. The core technical leadership is Israeli, and the security research team is composed substantially of engineers with military-intelligence and signals-intelligence backgrounds. The nature of the work — detecting and simulating radio-frequency attacks on satellite navigation systems — closely mirrors capabilities developed in IDF units that specialize in electronic warfare and signals intelligence, including Unit 8200 and related formations. While Regulus has not officially described a formal alumni pipeline from any specific unit, the skill set required (RF expertise, GNSS protocol knowledge, electronic warfare) is highly correlated with IDF electronic intelligence backgrounds.

In Israel, Regulus hires primarily for the following roles: embedded software engineers with experience in C/C++ on automotive-grade platforms, signal processing engineers with GNSS or RF background, cybersecurity researchers with published vulnerability research experience, hardware engineers familiar with GNSS chipsets and antenna systems, and product managers with automotive or defense domain experience. UX/UI design or DevOps roles are not consistent with the company's engineering-centric profile at this scale.

Notable investors with Israeli ties include YL Ventures, one of Israel's most prominent early-stage cybersecurity funds with offices in Tel Aviv and San Francisco — YL participated in the 2019 Seed round. Canaan Partners Israel, the Israeli arm of the Silicon Valley firm Canaan Partners, also participated in funding rounds. Ariel Maislos, a serial Israeli tech entrepreneur and investor, is noted in connection with the company's early backing. These investor relationships embed Regulus in the broader Israeli cybersecurity venture ecosystem, connecting it to deal flow and talent networks common in the Tel Aviv security startup community even though the company itself is based in Haifa.

The organizational culture at Regulus reflects the standard profile of a small, research-intensive Israeli cybersecurity startup: a flat hierarchy, a strong emphasis on published security research as a credibility mechanism, and a technical-first approach to business development in which impressive vulnerability demonstrations open commercial conversations with enterprise buyers. The 2019 Tesla Model 3 attack and the 2023 Apple device disclosures are both consistent with this strategy — findings that would be classified as responsible disclosure in any other context function simultaneously as product-marketing for the Pyramid platform.