OneSpan agrees to acquire Build38, expanding SDK-based mobile app protection as banks confront rising AI-driven and mobile attacks.
OneSpan said it has reached a definitive agreement to acquire Build38, a European specialist in next-generation mobile application protection, as financial institutions face an intensifying wave of AI-driven and mobile-centric attacks.
The acquisition, expected to close by March pending regulatory approvals, will expand OneSpan’s SDK-based mobile security capabilities and strengthen its App Shielding portfolio. By integrating Build38’s technology, OneSpan aims to deliver deeper in-app protection that combines runtime defenses, cloud intelligence, and AI-driven threat detection—while providing richer telemetry from the devices where mobile applications are deployed.
Mobile banking has become the primary interface between customers and their financial institutions, making it an increasingly attractive target for attackers. AI-powered fraud, malware, and application tampering have accelerated pressure on banks to secure digital channels without degrading user experience. OneSpan said the deal reflects a growing need for layered security models that operate directly within mobile applications, rather than relying solely on perimeter controls.
Also Read: Why Seasonal Hiring Puts Data Security at Risk
At the core of the transaction is Build38’s SDK-based approach to Runtime Application Self-Protection (RASP), which enables applications to detect and respond to threats in real time. Build38, named a sample vendor in the 2025 Gartner Hype Cycle for Application Security, has built a strong presence in Europe securing mobile identities, including digital wallets, healthcare apps, and citizen services, and holds certifications aligned with some of the world’s most stringent regulatory standards.
“Our goal is to provide financial institutions with comprehensive protection across the entire customer interaction—from authentication and transaction signing to application protection and fraud detection,” said Victor Limongelli. “Build38’s technology already protects more than 250 million endpoints and gives banks embedded, next-generation defenses at the application level. As mobile threats surge and the market shifts toward AI-driven security, this acquisition positions us ahead of the curve.”
Christian Schläger said the combination would allow the company to scale its vision globally. “We founded Build38 to redefine mobile security through advanced RASP, cloud delivery, and AI innovation,” he said. “Joining OneSpan gives us the reach to deliver best-in-class protection to organizations with the highest security demands.”
Also Read: The Code Problem: Why Connected Cars Are Prime Cyber Targets
The agreement builds on a series of moves by OneSpan to broaden its digital security platform. In 2025, the company acquired Nok Nok Labs to strengthen passwordless authentication and made a strategic investment in ThreatFabric to enhance fraud prevention—steps that together signal a push toward end-to-end protection for financial institutions.
As banks increasingly embed security directly into mobile applications, the OneSpan–Build38 deal reflects a broader industry shift: defending the mobile channel is no longer optional, and trust is becoming inseparable from the app itself.
