Item 1A. Risk Factors
You should carefully consider the risks and uncertainties described below, together with all of the other information included in this Annual Report on Form 10-K and other documents we file with the SEC. The risks and uncertainties described below are those that we have identified as material to our business, but they are not the only risks and uncertainties facing us. Additional risks and uncertainties not currently known to us or that we currently believe are immaterial also may adversely affect our business, financial condition, results of operations and prospects. If any of the following risks actually occur, our business, financial condition, results of operations and prospects could be materially and adversely affected, in which case the trading price of our common stock could decline and you could lose all or part of your investment.
Risks Related to Our Business and Operations
We derive a substantial portion of our revenue from a limited number of contracts and clients, and the loss of any significant contract or client relationship could materially reduce our revenue and profitability.
A significant portion of our revenue is concentrated among a small number of contracts and clients, primarily state and local government agencies including higher education institutions, law enforcement agencies, and municipal transportation authorities. If any significant client were to terminate, reduce the scope of, or fail to renew their contracts with us, or if we were unable to replace expiring contracts with new engagements of comparable scope and value, our revenue could decline significantly. The conclusion of certain key government contracts contributed to a decline in revenue during fiscal year 2025. Our reliance on a concentrated client base means that adverse developments affecting even a single major client—such as a change in that client's leadership, budget priorities, procurement policies, or political environment—could have a disproportionate impact on our financial results.
Our contracts with state and local government agencies are subject to funding risks, including dependence on federal funding that flows through those agencies, which creates uncertainty in our revenue.
While the majority of our contracts are with state and local government entities, many of these clients fund their IT and cybersecurity programs in whole or in part with grants, appropriations, or pass-through funding from the federal government. Federal funding for state and local cybersecurity and IT modernization programs is subject to annual congressional appropriations, continuing resolutions, government shutdowns, executive orders, and shifting policy priorities. Reductions or delays in federal funding—whether resulting from budget cuts, sequestration, the activities of cost-reduction initiatives such as the Department of Government Efficiency ("DOGE"), or changes in the political environment—can cause our state and local government clients to delay procurements, reduce contract scope, or cancel projects entirely. We have experienced, and may continue to experience, delays in contract awards and revenue recognition attributable to disruptions in federal funding flows.
Additionally, state and local governments face their own budgetary pressures, including rising pension obligations, infrastructure costs, and competing spending priorities. Many operate under balanced-budget requirements and may lack the flexibility to sustain IT and cybersecurity spending during periods of fiscal stress. Budget compromises that may be needed for future fiscal years may continue to be extraordinarily difficult given the complicated grassroots political environment, a closely divided Congress, an increasing federal deficit and debt load, and a challenged economy.
Recent and ongoing federal and state government cost-reduction initiatives may reduce demand for our services and disrupt our contracting pipeline.
The current federal administration has undertaken significant cost-reduction initiatives, including through DOGE, that have resulted in broad-based cuts to federal contracts, grants, and agency budgets. These initiatives have directly impacted federal cybersecurity and IT spending, including the termination of contracts at the Cybersecurity and Infrastructure Security Agency ("CISA"), reductions in Federal Risk and Authorization Management Program ("FedRAMP") staffing, and disruptions to interagency cybersecurity coordination. Although our contracts are primarily with state and local governments rather than directly with federal agencies, these federal cost-reduction efforts have had, and may continue to have, cascading effects on our business because many of our state and local clients rely on federal pass-through funding. Federal grant programs that historically supported state and local cybersecurity investments have been reduced or placed under review, creating uncertainty for our clients and slowing their procurement timelines.
Table of Contents
Additionally, approximately half of U.S. states have created or proposed their own state-level efficiency initiatives modeled on the federal DOGE program. These state-level cost-reduction efforts could directly impact our existing contracts and our ability to win new engagements at the state and local level. We have experienced, and expect we may continue to experience, delays in our contracting backlog attributable to these budget disruptions, and we can provide no assurance that these delayed contracts will ultimately convert to revenue. There is also the risk that government clients at any level may choose to perform cybersecurity and IT services in-house rather than contracting with outside providers like us, which would further reduce demand for our services.
The competitive landscape for cybersecurity and IT services is intense, and if we do not continue to innovate we may not remain competitive and our revenue and operating results could suffer.
The market for cybersecurity and IT services provided to government clients is highly competitive and fragmented. We compete with large, well-established defense and IT contractors, each of which has significantly greater financial, technical, and marketing resources, broader name recognition, and larger installed bases of government contracts and clearances. We also compete with specialized cybersecurity firms, cloud service providers, managed security service providers, and smaller niche contractors. Many of our competitors can offer broader service portfolios, more favorable pricing, and greater capacity to absorb the costs of competitive bidding and contract protests.
The cybersecurity landscape is constantly changing with increasing scale, frequency, and organization of attacks, requiring constant improvement and timely innovation. We face the risk that our service offerings may not adequately target our clients’ most-needed solutions, may not be cost-effective, or may not be easy to adopt and use. If our competitors introduce new technologies or services that make our product and service offerings less attractive, or if we are unable to anticipate and respond to changes in the threat landscape and client requirements in a timely manner, our competitive position, revenue, and operating results could be materially adversely affected.
The government contracting process is lengthy, complex, and subject to protest and delay, which makes our revenue difficult to predict.
The process for obtaining new government contracts and task orders is frequently protracted, involving competitive solicitations, multi-step evaluations, and best-value determinations. Contract award decisions may be delayed by funding uncertainties, changes in agency leadership or priorities, or procurement policy changes. Protests by unsuccessful bidders can delay the start of work by months or result in re-competition of the contract entirely. We may spend considerable cost and management time preparing bids and proposals for contracts that we do not win.
Government contracts are also frequently structured as indefinite delivery/indefinite quantity ("IDIQ") contracts, General Services Administration Schedule ("GSA") contracts, or blanket purchase agreements, under which the government is not obligated to order any minimum amount of services. We believe our position as a prime contractor under GSA Schedule contracts and other IDIQ contracts is important to our ability to sell our services, but these vehicles require us to compete for each individual task order rather than having a predictable stream of activity. As a result, our contracted backlog may not be a reliable indicator of future revenue. We also experience seasonality in our revenue, as government procurement cycles tend to accelerate near the end of fiscal years, which can cause quarter-to-quarter fluctuations.
Our government contracts are subject to audit, investigation, modification, and termination by the government, which could result in adverse findings, reduced revenue, or other penalties.
Government contracts are subject to oversight, including audits by government auditors and investigators. Government agencies have the unilateral right to modify, curtail, or terminate our contracts, either for convenience or for cause. If a contract is terminated for convenience, we generally can recover only costs incurred and a reasonable profit on work already performed, but may not recover anticipated profits on unperformed work. If a contract is terminated for cause, we may be required to pay the government for the cost of re-procuring the services, and a termination for cause could harm our reputation and ability to win future contracts.
As a government contractor, we are subject to various laws and regulations governing the formation, administration, and performance of government contracts, including the Federal Acquisition Regulation and its state and local equivalents. Violations of these requirements, including the False Claims Act, could result in civil or criminal penalties, treble damages, contract suspension or debarment, or other remedies that would materially harm our business and reputation. The Department of Justice's Civil Cyber-Fraud Initiative has increased the risk that government contractors may face False Claims Act liability related to cybersecurity compliance, which is particularly relevant given that cybersecurity compliance is itself a core component of our service offerings.
Table of Contents
Our business strategy may impose limitations in our ability to accurately forecast future revenue and operating results.
Our operating results are dependent on a variety of factors, including purchasing patterns of our clients, competitive pricing, debt servicing, and general economic trends. Our revenue and operating results may fluctuate if our sales targets are not met, new service offerings receive poor client response, or client acquisition costs increase due to competition. In addition, our acquisition strategy may impose additional risks to the predictability of our operating results, as revenue streams may be volatile due to the uncertainty in identifying attractive acquisition candidates and our ability to consummate new acquisitions.
Risks Related to Cybersecurity and Technology
A cybersecurity breach or incident affecting our systems, our clients' systems, or our AI-enhanced ARx platform could damage our reputation, expose us to liability, and undermine the market confidence that is fundamental to our business.
As a cybersecurity provider, our reputation depends on the market’s confidence in the security and reliability of our services and technology. A successful cyberattack against our own systems, the systems we manage for clients, or our AI-enhanced ARx cybersecurity platform could compromise sensitive government data, disrupt client operations, expose us to regulatory penalties and litigation, and cause lasting reputational harm. Because we are in the business of protecting our clients against cyber threats, a security failure affecting our own operations would be particularly damaging to our credibility and competitive position.
Cyberattacks are becoming more frequent, more sophisticated, and more difficult to detect. Threat actors—including nation-state actors, organized criminal groups, and insiders—continue to develop new methods of attack, and there can be no assurance that our defensive measures will be sufficient to prevent all breaches. Additionally, our products may contain undetected errors or defects, may falsely detect vulnerabilities or threats that do not actually exist, or may fail to detect vulnerabilities in our customers’ infrastructure, including due to the constantly evolving techniques used by attackers to access or sabotage data. If we fail to update our solutions in a timely or manner to respond to these , our customers could experience security . We cannot be certain that our insurance coverage will be adequate for data security liabilities actually incurred, or that insurance will continue to be available on economically reasonable terms.
The cybersecurity regulatory environment is rapidly evolving, and our failure to comply with new and changing requirements could result in penalties, loss of contracts, and competitive disadvantage.
Our business is subject to a complex and rapidly changing set of cybersecurity regulations and standards at the federal, state, and local levels. Federal requirements include compliance with NIST (defined below) SP 800-171 for protecting Controlled Unclassified Information, the Cybersecurity Maturity Model Certification ("CMMC") program, FedRAMP authorization requirements for cloud-based solutions, and various agency-specific security requirements. State and local governments are also increasingly adopting their own cybersecurity compliance mandates and vendor security assessment programs.
Both as a cybersecurity provider and as a government contractor, we bear a dual compliance burden: we must maintain our own compliance and must also deliver solutions that enable our clients to achieve and maintain theirs. Changes to regulatory requirements require us to invest in updating our internal systems, processes, and solution offerings. These costs can be substantial and may not be fully recoverable under existing contracts. The SEC's cybersecurity disclosure rules, adopted in 2023, require us to disclose material cybersecurity incidents within four business days, and as a cybersecurity company, any such disclosure would be particularly damaging to our market position.
Our AI-enhanced ARx platform and other technology solutions are at an early stage of market adoption, and there is no assurance that these products will achieve broad commercial acceptance.
We are investing in the development and deployment of our AI-enhanced ARx cybersecurity platform and our Cyber Shield Managed Security Services Platform ("MSSP"). These platforms represent a strategic shift toward higher-margin, technology-driven recurring revenue, but they are at an early stage of market adoption. There is no guarantee that government or commercial clients will adopt these platforms at the scale or pace we anticipate, that the platforms will perform as expected in production environments, or that competitors will not introduce superior alternatives. The development and enhancement of these technology platforms require substantial ongoing investment, and if they fail to achieve meaningful market traction, we may not recover our development costs.
The integration of artificial intelligence into our products and services introduces new categories of risk, including adversarial manipulation of AI models, AI-generated false positives or negatives in threat detection, and the evolving federal and state regulatory landscape governing AI in government operations. Regulatory requirements for AI transparency, bias testing, and explainability are still developing, and future regulations could constrain our product development or require costly modifications to our AI-driven solutions.
Table of Contents
We depend on unaffiliated third-party software in order to provide our solutions and professional services and support our operations.
Significant portions of our services and operations rely on software that is licensed from third-party vendors. The fees associated with these license agreements could increase in future periods, resulting in increased operating expenses. If there are significant changes to the terms and conditions of our license agreements, or if we are unable to renew these license agreements, we may be required to make changes to our vendors or information technology systems that could impact the solutions and services we provide to our clients or the processes we have in place to support our operations.
Risks Related to Our Financial Condition and Capital Structure
Our recurring losses, net working capital deficit, and accumulated deficit have raised substantial doubt regarding our ability to continue as a going concern.
We have had a net working capital deficit and an accumulated deficit resulting from net income incurred during certain periods and from substantial losses during prior periods. In addition, we have had net cash outflows from operating activities, all of which raise substantial doubt about our ability to continue as a going concern. Although we were nominally profitable during certain recent fiscal years, there is no assurance that we will not continue to generate operating losses and consume significant cash resources for the foreseeable future.
Without additional financing, these conditions raise substantial doubt about our ability to continue as a going concern, meaning that we may be unable to continue operations for the foreseeable future or realize assets and discharge liabilities in the ordinary course of operations. If we seek additional financing to fund our business and potential acquisition activities in the future and there remains doubt about our ability to continue as a going concern, investors or other financing sources may be unwilling to provide additional funding on commercially reasonable terms or at all. If we are unable to obtain sufficient funding, our business, prospects, financial condition, and results of operations will be materially and adversely affected, and we may be unable to continue as a going concern. If we are unable to continue as a going concern, we may have to our assets and may receive less than the value at which those assets are carried on our financial statements; accordingly, it is likely that stockholders will all or a part of their investment.
Our level of indebtedness and debt service obligations could adversely affect our financial condition and make it more difficult to fund our operations.
We have significant indebtedness and other liabilities outstanding. This level of indebtedness means that we will need to use a substantial portion of available cash flow to pay interest and principal on existing debt, reducing the amount of money available to finance our operations and other business activities. Our debt level increases our vulnerability to general economic downturns and adverse industry conditions, could limit our flexibility in planning for or reacting to changes in our business, could place us at a competitive disadvantage compared to our competitors that have less debt, and our failure to comply with financial and other restrictive covenants in our debt instruments could result in an event of default that, if not cured or waived, could have a material adverse effect on our business or prospects. Despite the existing level of indebtedness, we and our subsidiaries may incur additional indebtedness, which could further exacerbate these risks.
We will require substantial additional funding in the future, which may not be available to us on acceptable terms, or at all, and, if not so available, may require us to delay, limit, reduce, or cease our operations.
Our operations have consumed substantial amounts of cash since our inception. Our business will require substantial additional capital for implementation of our long-term business plan and development of cybersecurity technology. Our ability to raise additional funds may be adversely impacted by potential worsening global economic conditions and disruptions to the credit and financial markets. We may seek to fund our operations through the sale of additional equity securities, debt financing, and/or strategic collaboration agreements. We cannot be sure that additional financing from any of these sources will be available when needed or that, if available, it will be obtained on favorable terms.
If we raise additional funds by selling shares of our common stock or other equity-linked securities, the ownership interest of our current stockholders will be diluted. We may issue additional shares of Cycurion common stock or other equity securities without stockholder approval in connection with future acquisitions, repayment of outstanding indebtedness, or under the 2025 Equity Incentive Plan. The issuance of additional shares could decrease your proportionate ownership interest, subordinate the rights of holders of common stock if preferred stock is issued with senior rights, or adversely affect the market price of our shares. If we raise additional funds through debt financing, we may have to grant a security interest on our assets, and servicing the interest and principal repayment obligations could divert funds that would otherwise be available to support development of new programs and marketing. If we are unable to raise capital when needed or on acceptable terms, we could be forced to delay, reduce, or eliminate certain service offerings or future marketing efforts, or reduce or discontinue our operations.
Table of Contents
Our allocation of capital to cryptocurrency investments involves speculative risk and may not align with the expectations of our shareholders or clients .
Through our subsidiary, Cycurion Crypto, we have allocated capital from our equity line of credit to acquire Bitcoin and Ethereum as long-term holdings. Cryptocurrency markets are extremely volatile and subject to regulatory uncertainty, technological risks, and market manipulation. The value of our cryptocurrency holdings could decline substantially, and such declines would adversely affect our financial condition and results of operations. Our decision to allocate capital to cryptocurrency rather than to our core cybersecurity operations or working capital needs may be viewed unfavorably by investors, analysts, and government clients. There is no assurance that our cryptocurrency strategy will enhance shareholder value.
Risks Related to Our Growth Strategy and Acquisitions
Our growth strategy depends in part on acquisitions, which involve integration risks, potential liabilities, and the diversion of management's attention, and if we fail to retain existing clients and attract new clients through acquisitions, we may not achieve profitability.
We have completed the acquisition of certain complementary businesses, and we intend to consider additional potential strategic transactions that expand, complement, or otherwise relate to our business. Any business acquisition creates risks such as the need to integrate and manage the acquired business, additional demands on our resources and controls, disruption of our ongoing business, and diversion of management’s attention. The environment for acquisitions in our industry is very competitive and acquisition candidate purchase prices will likely exceed what we would prefer to pay. We may only be able to conduct limited due diligence on an acquired company’s operations or may discover that products or technology acquired were not as capable as we initially assessed. Following an acquisition, we may be subject to unforeseen liabilities arising from the acquired company’s past or present operations that may exceed negotiated warranty and indemnity limitations.
Through acquisition of other service providers, we will also inherit an increasingly larger client base, which creates cross-selling and up-selling opportunities but also requires high-quality service and exemplary client management to retain and grow that base. If our marketing and integration efforts do not materialize, we may lose existing clients or fail to obtain new clients. Integration challenges are particularly acute for a company of our size, as we have limited management bandwidth and financial resources to absorb the complexity of multiple simultaneous integration efforts. Any impairment of goodwill or other intangible assets acquired in an acquisition may materially reduce our earnings.
Our strategic partnerships and international expansion expose us to a range of business risks and uncertainties.
We have entered, and intend to continue to enter, into strategic partnerships with third parties to support our future growth plans, including our partnership with LSV-TECH International Consortium to launch our MSSP Cyber Shield platform in Latin America and our collaboration with NACCHO for public health cybersecurity. Strategic partnerships require significant coordination, and we have invested and will continue to invest significant time, money, and resources to establish and maintain these relationships. There is no assurance that any particular relationship will continue, result in new offerings that we can effectively commercialize, or generate meaningful revenue. International expansion exposes us to risks including unfamiliar regulatory environments, foreign exchange fluctuations, geopolitical instability, and the challenges of establishing brand recognition in new geographies.
Risks Related to Our Human Capital
We rely on personnel with extensive information security expertise, including security-cleared professionals, and the loss of, or our inability to attract and retain, qualified personnel could harm our business.
Our future performance depends upon our ability to attract and retain qualified cybersecurity personnel and the continued contribution of our senior management and other qualified personnel. The information technology consulting and cybersecurity industries have highly competitive labor markets, and there is a well-documented nationwide shortage of qualified cybersecurity professionals. This shortage is particularly acute for personnel who hold government security clearances, as the clearance process is lengthy, expensive, and outside of our control, which constrains our ability to staff contracts and scale our operations rapidly in response to new contract awards.
We compete for talent with larger, better-capitalized firms that can offer higher compensation, more extensive benefits, and broader career advancement opportunities. In order to attract and retain the employees we need, we may need to increase compensation levels, which could adversely affect our operating margins. The loss of the services of our senior management or other key employees for any reason could significantly delay or prevent the achievement of our development and strategic objectives. If any of our executive officers joins a competitor or forms a competing company, we may lose some or all of our customers. We do not maintain key-person life insurance on any of our executive officers.
Table of Contents
Risks Related to Our Securities and Nasdaq Listing
There can be no assurance that our securities will continue to be listed on Nasdaq in the future.
Our common stock is listed on The Nasdaq Global Market and our warrants are listed on The Nasdaq Capital Market. We have received, and may continue to receive, deficiency notices from Nasdaq related to our failure to timely file periodic reports with the SEC and to meet minimum bid price, market value of listed securities, and market value of publicly held shares requirements. Although we are working to regain compliance with all applicable Nasdaq listing rules, there is no guarantee that we will be able to do so within the required time periods or at all.
If our common stock were to be delisted from Nasdaq and become quoted on the over-the-counter market, and if the trading price were below $5.00 per share at the time of delisting, trading in our common stock would be subject to certain rules promulgated under the Exchange Act that require additional disclosure by broker-dealers in connection with trades involving “penny stocks” and impose various sales practice requirements on broker-dealers who sell penny stocks to persons other than established customers and accredited investors. These additional requirements may discourage broker-dealers from effecting transactions in our securities, which could severely limit the market price and liquidity of our common stock. Delisting could also impair our reputation with government clients and partners, who may view our continued listing status as an indicator of financial stability and corporate governance quality, and could trigger defaults or other adverse consequences under our financing agreements.
If we fail to comply with the continued minimum closing bid requirements of the Nasdaq Global Market or other requirements for continued listing, our common stock may be delisted and the price of our common stock and our ability to access the capital markets could be negatively impacted.
Our common stock is listed for trading on the Nasdaq Global Market. We must satisfy Nasdaq continued listing requirements, including, among other things, a minimum closing bid price requirement of $1.00 per share for 30 consecutive business days. If a company’s common stock trades for 30 consecutive business days below the $1.00 minimum closing bid price requirement, Nasdaq will send a deficiency notice to it, advising that it has been afforded a "compliance period" of 180 calendar days to regain compliance with the applicable requirements. Thereafter, if such a company does not regain compliance with the bid price requirement, a second 180-day compliance period may be available.
On October 14, 2025, we received written notice from the Nasdaq Staff that it had determined to commence proceedings to delist our common stock from the Nasdaq Global Market. As previously announced in a Current Report filed with the SEC, on April 15, 2025, the Staff notified us on April 9, 2025 that, for the prior 30 consecutive business days, the closing bid price of our common stock had been below the minimum of $1.00 per share required for continued listing on The Nasdaq Global Market under Nasdaq Listing Rule 5550(a)(2) ("Bid Price Rule"). The notification letter stated that we would be afforded 180 calendar days, or until October 6, 2025, to regain compliance. We did not regain compliance with the Bid Price Rule by October 6, 2025, and the listed security is now subject to delisting from The Nasdaq Global Market. Unless we request an appeal of the Staff's determination by October 21, 2025, trading of our common stock will be scheduled for delisting at the opening of business on October 23, 2025, and Nasdaq intends to file a Form 25-NSE with the SEC, removing the common stock from listing and registration on The Nasdaq Stock Market. On October 20, 2025, the we requested a hearing to appeal the Staff's determination to the Nasdaq Hearings Panel pursuant to the procedures set forth in the Nasdaq Listing Rule 5800 Series. The hearing request will stay the of our securities and the filing of the Form 25-NSE pending the Panel's decision. We received written notice from Nasdaq that the hearing with the Panel was scheduled for November 20, 2025.
On October 27, 2025, we effected the one-for-thirty Reverse Stock Split (as defined below) at the commencement of business. We effected the Reverse Stock Split by filing the Second Amendment to the Second Amended and Restated Certificate of Incorporation with the Secretary of State of the State of Delaware on October 24, 2025. Our shares of common stock began trading on a split-adjusted basis on The Nasdaq Global Market, when the market opened on October 27, 2025, under the existing trading symbol "CYCU" and new CUSIP number 95758L305. As a result of the Reverse Stock Split, every thirty of our issued shares of common stock were combined into one issued share of common stock, without any change to the par value per share and without any change in the total number of authorized shares of common stock. The number of outstanding shares of common stock was reduced from approximately 86,533,435 shares to approximately 2,884,447 shares. No fractional shares were issued in connection with the Reverse Stock Split. Stockholders who otherwise held a fraction of a share of common stock of yours will receive a cash payment (without interest and subject to withholding taxes, as applicable) in lieu thereof at a price equal to that fraction of a share to which the stockholder would otherwise be entitled, multiplied by the closing price of our shares on The Nasdaq Global Market on the trading day immediately preceding the effective date of the Reverse Stock Split.
Table of Contents
On November 11, 2025, we received a letter from Nasdaq stating that Nasdaq has determined that we regained compliance with Nasdaq’s minimum bid price requirement under Listing Rule 5450(a)(1) and that we are now in compliance with The Nasdaq Global Market’s listing requirements. Nasdaq also determined that the previously scheduled hearing with the Panel on November 20, 2025 has been canceled and that our securities will continue to be listed and traded on The Nasdaq Stock Market without interruption.
Despite the implementation of the Reverse Stock Split, and the regained compliance with the Bid Price Rule, there is a risk that our shares of common stock may trade below $1.00 in the future and we could be delisted from Nasdaq, which would adversely impact liquidity of our shares of common stock, potentially result in even lower bid prices for our shares of common stock, and make it more difficult for us to obtain financing through the sale of our shares of common stock.
Following the Reverse Stock Split, the resulting market price of our common stock may not attract new investors, including institutional investors, and may not satisfy the investing requirements of those investors. Consequently, the trading liquidity of our common stock may not improve.
Although we believe that a higher market price of our common stock may help generate greater or broader investor interest, there can be no assurance that the Reverse Stock Split will result in a share price that will attract new investors, including institutional investors. In addition, there can be no assurance that the market price of our common stock will satisfy the investing requirements of those investors. As a result, the trading liquidity of our common stock may not necessarily improve.
A "short squeeze" due to a sudden increase in demand for shares of our common stock that largely exceeds supply and/or focused investor trading in anticipation of a potential short squeeze have led to, and may lead to, extreme price volatility in the price of our common stock.
Investors may purchase shares of our common stock to hedge existing exposure or to speculate on the price of our common stock. Speculation on the price of our common stock may involve long and short exposures. To the extent aggregate short exposure exceeds the number of shares of our common stock available for purchase on the open market, investors with short exposure may have to pay a premium to repurchase shares of our common stock for delivery to lenders of our common stock. Those repurchases may, in turn, dramatically increase the price of shares of our common stock until additional shares of our common stock are available for trading or borrowing. This is often referred to as a "short squeeze." With the recent substantial increase in volume of our shares being traded and trading price, the proportion of our common stock that may be traded in the future by short sellers may increase the likelihood that our common stock will be the target of a short squeeze. A short squeeze and/or focused investor trading in anticipation of a short squeeze have led to, may be currently leading to, and could again lead to volatile price movements in shares of our common stock that may be unrelated or disproportionate to our financial performance or prospects and, once investors purchase the shares of our common stock necessary to cover their short positions, or if investors no longer believe a short squeeze is viable, the price of our common stock may rapidly . Investors that purchase shares of our common stock during a short squeeze may a significant portion of their investment. Under the circumstances, we you investing in our common stock, unless you are prepared to incur the risk of all or a substantial portion of your investment.
Our common stock price may be volatile and as a result you could lose all or part of your investment.
Since our common stock began trading on Nasdaq following our de-SPAC transaction with Western, our stock price has experienced substantial volatility and significant decline. Our stock price may continue to fluctuate significantly in response to a variety of factors, many of which are beyond our control, including: the inability to maintain the listing of our securities on Nasdaq; the inability to recognize the anticipated benefits of the de-SPAC transaction; decline in demand for, or the sale of a substantial number of, our shares of common stock; risks relating to the uncertainty of our projected financial information and downward revisions in analysts' estimates; technological innovations by competitors; changes in applicable laws or regulations; general economic trends; and broad market and industry factors unrelated or disproportionate to our operating performance. The thin trading volume in our shares may exacerbate price volatility and limit investors' ability to buy or sell shares at prices.
Volatility in the price of our common stock may subject us to securities litigation, which could cause us to incur significant expense, hinder execution of business and growth strategy and impact our stock price.
In the past, plaintiffs have often initiated securities class action litigation against a company following periods of volatility in the market price of its securities. Stockholder activism, which could take many forms or arise in a variety of situations, has been increasing recently. We may in the future be the target of similar litigation or activism. Securities litigation could result in substantial costs and liabilities and could divert management's attention and resources regardless of the outcome. Additionally, such securities litigation and stockholder activism could adversely affect our relationships with service providers and make it more difficult to attract and retain qualified personnel.
Table of Contents
Potential future sales pursuant to registration rights and under Rule 144 may depress the market price for our shares of common stock.
We have granted a number of our stockholders registration rights with respect to their shares of common stock. Such future sales by our existing stockholders pursuant to any registration statement, as well as sales by stockholders eligible to sell under Rule 144 under the Securities Act, may have a depressive effect on the market price of our shares. A significant number of our currently outstanding shares held by existing stockholders, including officers, directors, and principal stockholders, are currently or will become eligible for resale, and the possible sale of these shares could further depress the price of our shares in the applicable trading marketplace.
Future offerings of debt or preferred equity securities could adversely affect the market price of our common stock.
In the future, we may attempt to increase our capital resources by making additional offerings of debt or preferred equity securities. Upon liquidation, holders of our debt securities and shares of preferred stock and lenders with respect to other borrowings would receive distributions of our available assets prior to the holders of our common stock. Any preferred stock we may issue could have a preference on liquidating distributions or distribution payments that could limit our ability to make distributions to common stockholders. Since our decision to issue securities in any future offering will depend on market conditions and other factors beyond our control, we cannot predict the amount, timing or nature of our future offerings, and our stockholders bear the risk that future offerings may reduce the market price of our common stock.
You may experience immediate and substantial dilution as a result of an offering by us and any future offering and may experience additional dilution in the future.
In the future, your percentage ownership in our company may be diluted because of equity issuances for warrant exercises, conversion of promissory notes, acquisitions, strategic investments, capital market transactions, or otherwise, including equity compensation awards that we grant to our directors, officers and employees. The issuance and resale of additional shares of common stock or other securities in any future registration statement may cause substantial dilution of your ownership interest in our securities.
The future issuance of any such additional shares of common stock may create downward pressure on the trading price of our common stock. There can be no assurance that we will not be required to issue additional shares, warrants or other convertible securities in the future in conjunction with any capital raising efforts, including at a price (or exercise prices) below the price at which shares of our common stock are currently traded at such time.
Risks Related to Legal, Regulatory, and Compliance Matters
If we fail to maintain proper and effective internal control over financial reporting, our ability to produce accurate and timely financial statements could be impaired, which could harm our operating results, investors' views of us, and the value of our common stock.
Pursuant to Section 404 of the Sarbanes-Oxley Act, our management is required to report upon the effectiveness of our internal control over financial reporting. When and if we are a "large accelerated filer" or an "accelerated filer" and are no longer an "emerging growth company" or "smaller reporting company," our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting. However, for so long as we remain an emerging growth company or smaller reporting company, we intend to take advantage of an exemption from these auditor attestation requirements.
The rules governing management’s assessment of internal control over financial reporting are complex and require significant expenses, documentation, testing, and possible remediation. If we or, if required, our auditors are unable to conclude that our internal control over financial reporting is effective, investors may lose confidence in our financial reporting, the trading price of our common stock may decline, and our ability to obtain additional financing, especially on favorable terms, could be adversely affected. Any identified material weakness in our internal controls could affect our ability to provide reliable financial statements and our business decision-making process, and could result in investigations or sanctions by regulatory authorities.
As a provider of cybersecurity services to government clients, we are subject to heightened data protection obligations, and any compliance failure could result in significant penalties and loss of client trust.
We handle sensitive government data in the course of providing cybersecurity and IT services to our government clients. We are subject to numerous federal, state, and local laws and regulations governing the collection, use, storage, transmission, and protection of such data. Many federal, state, and foreign governments have enacted laws requiring companies to notify individuals of data security breaches involving their personal data, and any association of us with such breaches may cause our customers to lose confidence in the effectiveness of our security solutions. Our failure to comply with these requirements could result in regulatory penalties, contract termination, litigation, and severe reputational damage.
Table of Contents
The Financial Industry Regulatory Authority, Inc. ("FINRA") has adopted sales practice requirements that may also limit a stockholder's ability to buy and sell our common stock.
FINRA has adopted rules that require that, in recommending an investment to a customer, a broker-dealer must have reasonable grounds for believing that the investment is suitable for that customer. Prior to recommending speculative low-priced securities to their non-institutional customers, broker-dealers must make reasonable efforts to obtain information about the customer's financial status, tax status, investment objectives and other information. Under interpretations of these rules, FINRA believes that there is a high probability that speculative, low-priced securities will not be suitable for at least some customers. FINRA requirements make it more difficult for broker-dealers to recommend that their customers buy our shares of common stock, which may limit your ability to buy and sell our stock and have an adverse effect on the market for our shares of common stock.
Changes in government contracting regulations, procurement preferences, or small business set-aside policies could reduce our contract opportunities.
The government contracting environment is subject to frequent legislative and regulatory changes. Changes to Federal Acqusition Regulation provisions, state procurement codes, small business set-aside programs, and best-value evaluation criteria could alter the competitive dynamics of our markets in ways that are difficult to predict. The current administration’s initiative to overhaul the Federal Acquisition Regulation (described as "FAR 2.0") represents the first major restructuring of federal procurement rules in approximately forty years and could introduce new requirements or change evaluation standards that affect our competitiveness. At the state and local level, procurement reforms, vendor consolidation initiatives, and changes to cooperative purchasing arrangements could similarly affect our contract pipeline.
Accusations of intellectual property infringement by third parties, regardless of accuracy, could result in significant costs and harm our business.
We cannot ensure that our professional services and solutions, or the third-party solutions that we offer to our clients, do not infringe on the intellectual property rights of third parties. Infringement claims, even if without merit, can be time-consuming and costly to defend, injure our reputation, and divert management’s attention and resources away from our business. If we are required to enter into royalty or licensing agreements on less-than-favorable terms or to modify our offerings, our ability to compete effectively could be impaired.
Our insurance policies may not adequately protect us from all business risks, leaving us exposed to significant uninsured liabilities.
We carry insurance for most categories of risk that our business may encounter; however, we may not have adequate levels of coverage. We may not be able to maintain existing insurance at current or adequate levels of coverage. Any significant uninsured liability may require us to pay substantial amounts, which would adversely affect our cash position and results of operations.
Anti-takeover provisions contained in our charter and bylaws, as well as provisions of Delaware law, could impair a takeover attempt.
Our charter contains provisions that may discourage unsolicited takeover proposals that stockholders may consider to be in their best interests. We are also subject to anti-takeover provisions under Delaware law, which could delay or prevent a change of control. Together, these provisions may make more difficult the removal of management and may discourage transactions that otherwise could involve payment of a premium over prevailing market prices. These provisions include no cumulative voting in the election of directors, the right of our board of directors (the "Board") to fill vacancies, and a prohibition on stockholder action by written consent.
Our charter also provides that the Court of Chancery of the State of Delaware will be the exclusive forum for substantially all disputes between us and our stockholders (subject to limited exceptions), and that the federal district courts of the United States will be the sole forum for Securities Act claims. This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable, which may discourage certain lawsuits and increase the costs of litigating claims.
Table of Contents
Risks Related to Operating as a Public Company
Our historical management team has limited experience managing a public company, and we may incur significantly increased costs as a result of operating as a public company.
Our historical management team members have limited experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws, rules and regulations that govern public companies. As a public company, we are subject to significant obligations relating to reporting, procedures and internal controls, and our management team may not successfully or efficiently manage such obligations, which could divert attention from the day-to-day management of our business.
We incur significant costs related to legal, accounting, listing, hiring of external consultants and advisors, and other expenses of being a public company. We are subject to the reporting requirements of the Exchange Act and must comply with the applicable requirements of the Sarbanes-Oxley Act, the Dodd-Frank Act, and SEC and Nasdaq rules, including the establishment and maintenance of effective disclosure and financial controls. We expect that compliance with these requirements will continue to increase our legal and financial compliance costs. Additionally, operating as a public company makes it more expensive to obtain director and officer liability insurance, which could also make it more difficult to attract and retain qualified people to serve on our Board or as executive officers.
We qualify as an "emerging growth company" and a "smaller reporting company," and if we take advantage of certain exemptions from disclosure requirements, it could make our securities less attractive to investors.
We qualify as an "emerging growth company" as defined in the Securities Act, as modified by the JOBS Act, and are eligible to take advantage of certain exemptions from various reporting requirements, including the auditor attestation requirements under Section 404(b) of the Sarbanes-Oxley Act, say-on-pay voting requirements, and reduced executive compensation disclosure obligations. Even after we no longer qualify as an emerging growth company, we may still qualify as a "smaller reporting company," which would allow many of the same exemptions. We have elected not to opt out of the extended transition period for complying with new or revised accounting standards. Investors may find our common stock less attractive because we rely on these exemptions, which may result in a less active trading market and more volatile stock price.
Risks Related to Taxation
Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could adversely affect our results of operations and financial condition.
We may be subject to taxes by the U.S. and foreign tax authorities. Our future effective tax rates could be subject to volatility or adversely affected by a number of factors, including allocation of expenses to and among different jurisdictions, changes in the valuation of our deferred tax assets and liabilities, the expected timing and amount of the release of any tax valuation allowances, tax effects of stock-based compensation, costs related to intercompany restructurings, changes in tax laws, treaties, regulations, or interpretations thereof, and lower than anticipated future earnings in jurisdictions where we have lower statutory tax rates. In addition, we may be subject to audits of our income, sales and other taxes by taxing authorities, and outcomes from these audits could have an adverse effect on our operating results and financial condition.
Changes in tax laws or regulations that are applied adversely to us or our customers may materially adversely affect our business, prospects, financial condition and operating results.
New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time, or interpreted, changed, modified or applied adversely to us or our customers. For example, the One Big Beautiful Bill Act ("OBBBA"), enacted on July 4, 2025, significantly changed the U.S. tax landscape by implementing revisions to key business tax provisions, including the reinstatement of bonus depreciation deductions, the restoration of earnings before interest, tax, depreciation and amortization ("EBITDA")-based business interest expense limitations, expanded rules related to deductibility of executive compensation, and changes relating to the computation of certain taxes in respect of non-U.S. activities. The long-term effects of OBBBA on our results of operations and cash flows remain uncertain and could be significant. Additionally, the Organization for Economic Cooperation and Development has announced the "Pillar Two" accord to set a minimum global corporate tax rate, which is being or may be implemented in many jurisdictions. If countries amend their tax laws to adopt all or part of the OECD guidelines, this may increase tax uncertainty and increase our tax obligations. To the extent that any changes in tax laws have a negative impact on us, our suppliers, or our customers, these changes may materially and adversely affect our business.
Table of Contents
Our ability to use certain tax attributes may be or become subject to limitation.
Generally, U.S. federal net operating losses may be carried forward indefinitely and may offset up to 80% of taxable income in each year. However, our ability to use federal NOL carryforwards and certain other tax attributes to offset future taxable income may be limited. Our ability to use these tax attributes depends on many factors, including future taxable income, the timing of which is uncertain. In addition, our ability to use NOL carryforwards and other tax attributes may be subject to significant limitations under Section 382 of the Internal Revenue Code of 1986, as amended, and corresponding provisions of state tax law.
General Risk Factors
Macroeconomic conditions, including inflation, rising interest rates, and economic uncertainty, could adversely affect our business, our clients’ budgets, and our cost structure.
Our business and operating results are sensitive to general macroeconomic conditions. Periods of economic slowdown, recession, or heightened uncertainty may cause government customers to reduce, delay, or reprioritize spending on IT and cybersecurity services, which could result in the reduced demand for our solutions, longer sales cycles, or delays in contract awards and renewals. In addition, inflation has increased, and may continue to increase, our operating costs, particularly labor costs, which represent the largest component of our cost of revenue. Our ability to offset such increases through price adjustments may be limited under existing contracts or competitive market conditions. Rising interest rates may also increase our borrowing costs, reduce access to capital, or place additional pressure on our liquidity. These macroeconomic factors, individually or collectively, could materially adversely affect our revenue, margins, cash flows, and overall financial performance.
If securities or industry analysts do not publish research or reports about us, or publish negative reports, our share price and trading volume could decline.
The trading market for our common stock depends in part on the research reports and opinions published by securities or industry analysts. We do not have any control over whether analysts initiate, maintain, or discontinue coverage of our Company, nor over the content of any reports they publish. If analysts do not publish research about us, the market price and trading volume of our common stock could decline. In addition, if our financial or operating performance fails to meet analysts' expectations or published estimates, our stock price could experience increased volatility or a sustained decline, and our visibility in the public markets could be reduced.
