What changed in VirnetX Holding Corp's 2024 10-K compared to 2023?

Across the narrative sections we track, VirnetX Holding Corp (VHC) added 195 paragraphs, removed 199, and edited 152 between the 2023 and 2024 10-K filings. The biggest movers are Item 1A. Risk Factors (+81/−69), Item 1. Business (+62/−65), Item 7. Management's Discussion & Analysis (+32/−40).

Did VirnetX Holding Corp add new Risk Factors in the 2024 10-K?

Yes — Item 1A Risk Factors shows 81 new/edited paragraphs and 69 removed paragraphs versus the 2023 10-K.

What changed in VirnetX Holding Corp's MD&A (Item 7) in 2024?

Item 7 Management's Discussion & Analysis shows 32 new/edited paragraphs and 40 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did VirnetX Holding Corp update its Cybersecurity disclosure (Item 1C) in 2024?

Item 1C Cybersecurity has 13 paragraph-level changes between the 2023 and 2024 filings.

Where does this VHC 10-K diff come from?

The source filings are VirnetX Holding Corp's official 2023 and 2024 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in VirnetX Holding Corp's 10-K — 2023 vs 2024

Paragraph-level year-over-year comparison of VirnetX Holding Corp's 2023 and 2024 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2024 report.

+195 added−199 removedSource: 10-K (2025-03-17) vs 10-K (2024-03-15)

Top changes in VirnetX Holding Corp's 2024 10-K

195 paragraphs added · 199 removed · 152 edited across 6 sections

Item 1A. Risk Factors+81 / −69 · 60 edited
Item 1. Business+62 / −65 · 45 edited
Item 7. Management's Discussion & Analysis+32 / −40 · 27 edited
Item 1C. Cybersecurity+13 / −13 · 13 edited
Item 5. Market for Registrant's Common Equity+5 / −10 · 5 edited

Item 1. Business

Business — how the company describes what it does

45 edited+17 added−20 removed36 unchanged

2023 filing

2024 filing

Biggest changeWe are seeking further licensing of our technology, to developers and original equipment manufacturers, or OEMs, of chips, servers, Desktop, mobile devices such as smart phones, tablets, laptops, net books, and other devices, within the IP-telephony, mobility, fixed- mobile convergence, and unified communications markets including 5G and 4G/LTE. We have published our royalty rates and guidelines on our website.

Biggest changeKG, and Siemens Enterprise Communications Inc. to license certain of our patents, for a one-time payment and an ongoing royalty for all future sales through the expiration of the licensed patents with respect to certain current and future IP-encrypted products. 5 Index We are seeking further licensing of our technology, to developers and original equipment manufacturers, or OEMs, of chips, servers, Desktop, mobile devices such as smart phones, tablets, laptops, net books, and other devices, within the IP-telephony, mobility, fixed- mobile convergence, and unified communications markets including 5G and 4G/LTE.

We believe our product portfolio to secure devices and systems are stable in areas such as City, County and State Governments, Healthcare, Finance, Legal, Oil and Gas, Medical, Law Enforcement, National Defense and related support industries. We continue to actively pursue new sales opportunities in and one of United States.

Our platform allows businesses and other enterprises of all sizes to add a “security umbrella” as an added layer on top of their existing infrastructure to further reduce risk and bolster security against ever-growing cyberthreats to data, operating systems, other infrastructure products and gateway security controllers.

Our platform allows government organizations, businesses, and other enterprises of all sizes to add a “security umbrella” as an added layer on top of their existing infrastructure to further reduce risk and bolster security against ever-growing cyberthreats to data, operating systems, other infrastructure products and gateway security controllers.

VirnetX’s software and technology solutions, including its Secure Domain Name Registry and Technology, VirnetX One™, War Room™, VirnetX Matrix™, and GABRIEL Connection Technology™, are designed to be device and location-independent, and enable a secure real-time communication environment for all types of enterprise applications, services, and critical infrastructures.

VirnetX’s software and technology solutions, including its Secure Domain Name Registry and Technology, VirnetX One™, War Room™, and VirnetX Matrix™ are designed to be device and location-independent, and enable a secure real-time communication environment for all types of enterprise applications, services, and critical infrastructures.

Our next-generation, VirnetX One™ platform builds upon our patented Secure Domain Name Registry and Technology and GABRIEL Connection Technology™ to further enhance the security and efficiency of our patented secure communication links. VirnetX One™ is a security-as-a-service platform that protects enterprise applications, services, and infrastructure from cyber-attacks.

Our next-generation, VirnetX One™ platform builds upon our patented Secure Domain Name Registry and Technology to further enhance the security and efficiency of our patented secure communication links. VirnetX One™ is a security-as-a-service platform that protects enterprise applications, services, and infrastructure from cyber-attacks.

We are actively engaged in pursuing additional licensing agreements with industry participants OEMs, service providers and system integrators within the IP-telephony, mobility, mobile-to-mobile communications, fixed-mobile convergence, and unified communications end-markets. • Highly experienced research and development team.

We are actively engaged in pursuing additional licensing agreements with industry participants OEMs, service providers and system integrators within the IP-telephony, mobility, mobile-to-mobile communications, fixed-mobile convergence, and unified communications end-markets. 4 Index • Highly experienced research and development team.

A complete list of our U.S. patents is available on our website located at http://www.virnetx.com. Each patent is publicly accessible on U.S. Patent and Trademark Office website at http://www.uspto.gov. Some of our issued U.S. and foreign patents expire at various times during the period from 2023 to 2034.

A complete list of our U.S. licensees is available on our website located at http://www.virnetx.com. Each patent is publicly accessible on U.S. Patent and Trademark Office website at http://www.uspto.gov. Some of our issued U.S. and foreign patents expire at various times during the period from 2024 to 2034.

We recorded the assignment from Leidos, with the U.S. Patent Office on December 21, 2006. 7 Index Key terms of these agreements are as follows: • Patent Assignment .

We recorded the assignment from Leidos, with the U.S. Patent Office on December 21, 2006. Key terms of these agreements are as follows: • Patent Assignment .

Key elements of our strategy are to: • Direct sales efforts with larger users, particularly those engaged in defense and others govermental or national initiatives. • Actively recruit partners in various vertical markets, including healthcare, finance, legal, government to help us expand our enterprise customer base. • Promote our next-generation VirnetX One™ platform as a solution for delivering ZTNA, and securing enterprise applications, services, and infrastructure. • Combine with VirnetX One™ platform with technologies from the companies we have invested in, namely OmniTeq and OPMedia, to enhance their offerings and provide supplemental sales channels for VirnetX One™ • Continue to grow our technology licensing program to commercialize our intellectual property, including our GABRIEL Connection Technology™. • Grow registration of VirnetX Secure Domain Names as the network segmentation component of our ZTNA solution.

Key elements of our strategy are to: • Direct sales efforts with larger users, particularly those engaged in defense and other governmental or national initiatives. • Actively recruit partners in various vertical markets, including critical infrastructure, intelligence, defense, healthcare, finance, legal, government to help us expand our enterprise customer base. • Promote our next-generation VirnetX One™ platform as a solution for delivering ZTNA, and securing enterprise applications, services, and infrastructure. • Combine with VirnetX One™ platform with technologies from the companies we have invested in, namely OmniTeq and OPMedia, to enhance their offerings and provide supplemental sales channels for VirnetX One™ • Continue to grow our technology licensing program to commercialize our intellectual property. • Grow registration of VirnetX Secure Domain Names as the network segmentation component of our ZTNA solution.

Although there can be no assurance in this regard, the Company believes that there are opportunities for Company products' sales directly to, resale arrangements with and/or adoption as vendor standards by, one or more of these third parties. We have signed Patent License Agreements with Aastra USA, Inc.

Although there can be no assurance in this regard, we believe that there are opportunities for Company products' sales directly to, resale arrangements with and/or adoption as vendor standards by, one or more of these third parties. We have Patent License Agreements with Aastra USA, Inc.

Our strategy is to become the market leader in securing real-time communications over the Internet and to establish our VirnetX One™ and GABRIEL Connection Technology™ as the industry standard security platforms.

Our strategy is to become the market leader in securing real-time communications over the Internet and to establish our VirnetX One™ as the industry standard security platforms.

Customers We have undertaken activities to commercialize our products and intellectual property in and outside the United States including VirnetX One TM , War Room TM , VirnetX Matrix TM , GABRIEL Connection Technology TM and our Secured Domain Name Registry and Technology.

Customers and Market Development We have undertaken activities to commercialize our products and intellectual property in and outside the United States including VirnetX One TM , War Room TM , VirnetX Matrix TM , and our Secured Domain Name Registry and Technology.

All forward moving licenses have adhered to these guidelines and have met or exceeded these rates and we will use these rates and guidelines in all future license negotiations. Marketing and Sales We employ a leveraged, partner-oriented marketing and sales strategy for software product and services offerings.

We have published our royalty rates and guidelines on our website. All forward moving licenses have adhered to these guidelines and have met or exceeded these rates and we will use these rates and guidelines in all future license negotiations. Marketing and Sales We employ a leveraged, partner-oriented marketing and sales strategy for software product and services offerings.

Our unique solutions combine industry standard encryption methods and communication protocols with our patented techniques for automated DNS lookup mechanisms. Our technology and patented approach enable users to create a secure communication link by generating secure domain names. We currently own approximately 205 total patents and pending applications, including 72 U.S. patents/patent applications and 133 foreign patents/validations/pending applications.

Our unique solutions combine industry standard encryption methods and communication protocols with our patented techniques for automated DNS lookup mechanisms. Our technology and patented approach enable users to create a secure communication link by generating secure domain names. We currently own U.S. and foreign patents/validations/pending applications.

The team has continued its research and development work to refine our unique network security technology and make it more secure and easy to deploy. Our portfolio of intellectual property is the foundation of our business model. We currently own approximately 205 total patents and pending applications, including 72 U.S. patents/patent applications and 133 foreign patents/validations/pending applications.

The team has continued its research and development work to refine our unique network security technology and make it more secure and easy to deploy. Our portfolio of intellectual property is the foundation of our business model. We currently own U.S. and foreign patents/validations/pending applications.

On September 29, 2006, the U.S. Department of Commerce extended its delegation of authority by entering into a new agreement with the Internet Corporation for Assigned Names and Numbers, or ICANN, a California non-profit corporation headquartered in Marina Del Rey, California.

Department of Commerce extended its delegation of authority by entering into a new agreement with the Internet Corporation for Assigned Names and Numbers, or ICANN, a California non-profit corporation headquartered in Marina Del Rey, California.

Intellectual Property and Patent Rights Our intellectual property is primarily comprised of trade secrets, patented know-how, issued and pending patents, copyrights and technological innovation. We currently own approximately 205 total patents and pending applications, including 72 U.S. patents/patent applications and 133 foreign patents/validations/pending applications.

Intellectual Property and Patent Rights Our intellectual property is primarily comprised of trade secrets, patented know-how, issued and pending patents, copyrights and technological innovation. We currently own U.S. and foreign patents/validations/pending applications.

We added a Chief Operating Officer to our Japanese team to further our technology licensing efforts in Japan. We have signed a non-exclusive Distribution and Service Agreement with IP Dream, a Japanese based strategic technology developer and service provider, to sell our software products as well as VirnetX’s Secure Domain Name technology to its clients in Japan and greater Asia.

We have signed a non-exclusive Distribution and Service Agreement with IP Dream, a Japanese based strategic technology developer and service provider, to sell our software products as well as VirnetX’s Secure Domain Name technology to its clients in Japan and greater Asia.

We believe our product portfolio to secure devices and systems are suitable in areas such as City, County and State Governments, Healthcare, Finance, Legal, Oil and Gas, Medical, Law Enforcement, National Defense and related support industries.

We believe our product portfolio to secure devices and systems are suitable in areas such as national defense, local, state, Federal and foreign governments, critical infrastructure, law enforcement, healthcare, finance, legal, oil and gas, medical, and related support industries.

In addition to our regular employees, we also engage with consultants on a regular basis. These consultants can be involved in our product development, customer relations, legal, and/or regulatory compliance and reporting. We have experienced low employee turnover rates over the years with both employees and consultants participating in our equity incentive plan.

These consultants can be involved in our product development, customer relations, legal, and/or regulatory compliance and reporting. We have experienced low employee turnover rates over the years with both employees and consultants participating in our equity incentive plan.

Our patent portfolio is primarily focused on securing real-time communications over the Internet, and related services, and is used in all our technology and products, some of which were acquired by our principal operating subsidiary; VirnetX, Inc., from Leidos, Inc., or Leidos, (f/k/a Science Applications International Corporation, or SAIC) in 2006.

We are exploring creating a marketplace of applications secured by our VirnetX One platform. This approach will allow us to offer a portfolio of certified applications that can be deployed by the enterprise customers in their business networks with confidence in keeping their confidential data and communications secure.

This approach will allow us to offer a portfolio of certified applications that can be deployed by the enterprise customers in their business networks with confidence in keeping their confidential data and communications secure.

ZTNA facilitates security around remote work, because Zero Trust policies enable granular access control, end-to-end encryption of network communications and remove application visibility from the public Internet which reduces the potential attack surface. Cloud computing growth has rapidly expanded as enterprises continue to move applications and services to the cloud.

Establish VirnetX as the exclusive, universal registry of secure domain names and enable our customers to act as registrars for their users and broker secure communication between devices. • Promote War Room TM video conferencing product in the general market for sale to end-user enterprises, directly and with partners, with targeted promotions and other marketing programs to assist remote workers and offer an industry leading secure meeting solution. • Promote VirnetX Matrix™ enterprise applications, services, and infrastructure.

Establish VirnetX as the exclusive, universal registry of secure domain names and enable our customers to act as registrars for their users and broker secure communication between devices. • Promote War Room TM video conferencing product in the general market for sale to end-user enterprises, directly and with partners, with targeted promotions and other marketing programs to assist remote workers and offer an industry leading secure meeting solution. • Promote VirnetX Matrix TM applications, services, and infrastructure. • Integrate advanced AI/ML algorithms and models into the VirnetX One TM platform for enhancements. • Explore quantum cryptographic solutions and blockchain applications to improve zero-trust security, to future-proof our software.

Based on the collective knowledge and experience of our development team, we believe that we have one of the most experienced and sophisticated groups of security experts researching vulnerability and threats to real-time communication over the Internet and developing solutions to mitigate these problems. 5 Index License and Service Offerings We offer a diversified portfolio of licenses, software and service offerings focused on securing real-time communications over the Internet.

All the existing customers and partners have been notified of this announcement. We have undertaken activities to commercialize our products and intellectual property in and outside the United States including VirnetX One™, War Room™, VirnetX Matrix™, GABRIEL Connection Technology™ and our Secured Domain Name Registry and Technology.

We have undertaken activities to commercialize our products and intellectual property in and outside the United States including VirnetX One™, War Room™, VirnetX Matrix™ and our Secured Domain Name Registry and Technology.

Assignment of Patents Some of our issued patents and pending patent applications were acquired by our principal operating subsidiary, VirnetX, Inc., from Leidos, pursuant to an Assignment Agreement dated December 21, 2006, and a Patent License and Assignment Agreement dated August 12, 2005, as amended on November 2, 2006, including documents prepared pursuant to the November amendment, and as further amended on March 12, 2008.

We do not warrant the accuracy, completeness or adequacy of the USPTO website, and expressly disclaim liability for errors or omissions on such website. 6 Index Assignment of Patents Some of our issued patents and pending patent applications were acquired by our principal operating subsidiary, VirnetX, Inc., from Leidos, pursuant to an Assignment Agreement dated December 21, 2006, and a Patent License and Assignment Agreement dated August 12, 2005, as amended on November 2, 2006, including documents prepared pursuant to the November amendment, and as further amended on March 12, 2008.

Although it is possible to create and manage other DNS root directories privately without accreditation from ICANN, the possibility of conflicting name and number assignments makes it less likely that users would widely adopt a top-level domain name associated with an alternative DNS root directory provided by a non-ICANN- accredited registry service. 8 Index Employees and Human Capital As of December 31, 2023, we had 27 full and part time employees, most of whom work remotely from our corporate offices.

The Zero Trust concept treats all networks like the Internet, where all users and devices are untrusted by default. Their location within the network is not a factor for deciding trust. Each user and device on the network requires authentication and authorization, based on policy, prior to accessing any applications or resources on the network.

Their location within the network is not a factor for deciding trust. Each user and device on the network requires authentication and authorization, based on policy, prior to accessing any applications or resources on the network.

We have successfully signed several Resellers & Managed Service Provider Agreements in various market segments, including healthcare, finance, legal, government, etc., to assist us in selling our software products to their customers. We plan to directly market our software products, domain name registry services to large enterprises and government organizations along with our service provider and system integrator customers.

However, shifting critical data to the cloud has resulted in security concerns and the need for enterprises to control access and gain visibility into how information is being used, who is accessing it and where it is going. We believe our scalable technology allows enterprises to secure applications and services regardless of whether hosting is on-premise or in the cloud.

We plan to directly market our software products, domain name registry services to large enterprises and government organizations along with our service provider and system integrator customers. 6 Index We believe significant opportunities exist for our VirnetX One™, War Room™, VirnetX Matrix™ products and services in areas such as Local and State Governments, Power and Energy generation, Healthcare, Finance, Legal, Oil and Gas, Medical, Law Enforcement, National Defense and related support industries.

We believe significant opportunities exist for our VirnetX One™, War Room™, VirnetX Matrix™ products and services in areas such as Local and State Governments, Power and Energy generation, Healthcare, Finance, Legal, Oil and Gas, Medical, Law Enforcement, National Defense and related support industries.

The U.S. government has controlled the authoritative domain name system, or DNS, root server since the inception of the Internet. On July 1, 1997, the President of the United States directed the U.S. Secretary of Commerce to privatize the management of the domain name system in a manner that increases competition and facilitates international participation in its management.

The U.S. government has controlled the authoritative domain name system, or DNS, root server since the inception of the Internet. On July 1, 1997, the President of the United States directed the U.S.

The cloud technology adoption is expected to continue to increase quite significantly in industries where the work-from-home initiative is helped to sustain enterprise business functions.

The cloud offers scalability, operations and development efficiency and remote access benefits for their workforce. The cloud technology adoption is expected to continue to increase quite significantly in industries where the work-from-home initiative is helping to sustain enterprise business functions.

We believe our scalable technology allows enterprises to secure applications and services regardless of whether hosting is on-premise or in the cloud. As billions of connected Internet of Things (“IoT”) devices come online in support of enterprise operations, products, and industrial controls they will need to be secured and integrated into the enterprise.

As billions of connected Internet of Things (“IoT”) devices come online in support of enterprise operations, products, and industrial controls they will need to be secured and integrated into the enterprise.

Our employees include the core development team behind our inventions, technology, and software. Some members of this team have worked together for over twenty years and were on the same team that invented and developed this technology while working at Leidos.

Some members of this team have worked together for over twenty years and were on the same team that invented and developed this technology while working at Leidos, Inc., or Leidos, (f/k/a Science Applications International Corporation, or SAIC).

We believe that the market opportunity for our software and technology solutions is large and expanding as secure domain names are now an integral part of securing the next generation 5G and 4G/LTE Advanced wireless networks and IoT communications. 3 Index Our Approach & Strategy We believe that VirnetX One™ software products are positioned to help enterprises adapt to the rapidly evolving threat landscape in work environments and the growing need to secure communications regardless of a user’s location, network, or device.

Enterprises can move towards more granular network access control to protect their network at the edge and away from legacy VPN technologies. VirnetX One family of software products enables remote employees to securely interact with on-premise and cloud-based applications, regardless of their location.

Enterprises can quickly deploy VirnetX One software products to protect legacy applications, secure new cloud-based services and remove application visibility from the public Internet. Enterprises can move towards more granular network access control to protect their network at the edge and away from legacy VPN technologies.

Enterprises can use VirnetX One platform to secure open-source applications powering communications, data and analytics, infrastructure, and business services with a focus on making those applications easier to secure, access and manage. We believe our software products and technologies provide the foundation for securing real-time communications and collaboration applications for the enterprise remote workforce.

VirnetX One family of software products enables remote employees to securely interact with on-premise and cloud-based applications, regardless of their location. Enterprises can use VirnetX One platform to secure open-source applications powering communications, data and analytics, infrastructure, and business services with a focus on making those applications easier to secure, access and manage.

We believe software products will allow enterprises to seamlessly integrate ZTNA protection into their networks to secure their applications, services, virtualized resources, and data as it moves into the cloud. Enterprises can quickly deploy VirnetX One software products to protect legacy applications, secure new cloud-based services and remove application visibility from the public Internet.

License and Service Offerings We offer a diversified portfolio of licenses, software and service offerings focused on securing real-time communications over the Internet. We believe software products will allow enterprises to seamlessly integrate ZTNA protection into their networks to secure their applications, services, virtualized resources, and data as it moves into the cloud.

We have had a work-from-home workforce since our inception. The emphasis of our employees is on our technology research and product development with 14 employees focused on this effort. Our team has been working on enhancing our products and adding new functionality along with successfully filing several new patent applications in 2022.

Employees and Human Capital As of December 31, 2024, we had 23 full and part time employees, most of whom work remotely. We have had a work-from-home workforce since our inception. The emphasis of our employees is on our technology research and product development with 15 employees focused on this effort.

We also continue building our sales and marketing teams to expand our product-lines and customer base.

Our team has been working on enhancing our products and adding new functionality. We also continue building our sales and marketing teams to expand our product-lines and customer base. In addition to our regular employees, we also engage with consultants on a regular basis.

We continue to actively pursue new sales opportunities in and outside of United States. 2 Index During 2023, we actively engaged in discussions with certain third-parties to pitch the capabilities of VirnetX One™. As a result of our efforts, we made a series of announcements with Solution Synergy, WeSecure, Samsung, Envoy Data Corporation, and Object Security.

Throughout 2024, we continued to actively engage in discussions with certain third-parties to pitch the capabilities of VirnetX One TM . We have continued our engagement with Solution Synergy, WeSecure, Samsung, Every Data Corporation, and Object Security and are working on a number of projects to deploy our VirnetX Matrix TM product.

Our Approach & Strategy We believe that VirnetX One™ software products are positioned to help enterprises adapt to the rapidly evolving threat landscape in work environments and the growing need to secure communications regardless of a user’s location, network, or device using our GABRIEL Connection Technology™. 4 Index VirnetX One™ products deliver ZTNA, allowing enterprises to secure their information, control access and gain visibility into how information is being used, who is accessing it and where it is going.

VirnetX One™ products deliver ZTNA, allowing enterprises to secure their information, control access and gain visibility into how information is being used, who is accessing it and where it is going.

Avaya, Inc., Microsoft Corporation, Mitel Networks Corporation, NEC Corporation and NEC Corporation of America, Siemens Enterprise Communications GmbH & Co. KG, and Siemens Enterprise Communications Inc. to license certain of our patents, for a one-time payment and an ongoing royalty for all future sales through the expiration of the licensed patents with respect to certain current and future IP-encrypted products.

Avaya, Inc., Microsoft Corporation, Mitel Networks Corporation, NEC Corporation and NEC Corporation of America, Siemens Enterprise Communications GmbH & Co.

Removed

Our GABRIEL Collaboration Suite™ is a set of communication applications and tools that use our GABRIEL Secure Communication Platform™. It enables seamless and secure cross platform communications between devices that are enrolled in our “VIRNETX SECURED” network and have our software installed. Effective May 31, 2023 we have ended the support for our GABRIEL Collaboration Suite™.

Added

We continue to augment our product strategy to provide secure AI to the marketplace.

Removed

We also announced new deployments of our VirnetX Matrix™ product at City of Bridgeport, International Association of Certified ISAOs (IACI) and SkinWalker Ranch.

Added

In addition to our investments with L2 Holdings, LLC (“OmniTeq”), an artificial intelligence and machine learning (AI/ML) solutions provider and OP Media, Inc, a dynamic software platform provider, we participated in a Cooperative Research and Development Agreement (CRADA) with the Air Force (AF) Research Laboratory Intelligence Systems Directorate (AFRL/RI) to facilitate collaboration on cybersecurity and Zero Trust technologies to support integrated surveillance and reconnaissance operations as well as AF and joint targeting processes.

Removed

Added

This CRADA continues through 2030 and allows VirnetX to apply for security clearances for its employees. We are also beginning to integrate AI/ML capabilities into VirnetX Matrix™ to enhance its zero-trust security, threat detection, and network resilience by enabling autonomous threat response, adaptive access control, and self-healing network architectures.

Removed

We invested in two companies in the artificial intelligence (“AI”) sector partnering with them to augment the Company’s strategy to provide secure AI to the marketplace. The first investment was with L2 Holdings, LLC (“OmniTeq”), an AI, machine learning (“ML”) and predictive analytics-based solutions provider with a primary focus on selling into the space and defense sectors.

Added

We continue to actively pursue new sales opportunities in and outside of the United States. 2 Index Our employees include the core development team behind our inventions, technology, and software.

Removed

Under the terms of our agreement, OmniTeq will deploy and integrate our VirnetX One™ family of products at SkinWalker Ranch to secure their data and protect against cyber hackers.

Added

Industry Overview & Trends We have seen an exponential increase in dynamic and persistent cyber threats to the U.S. national security operational framework, and critical infrastructure from state-sponsored adversaries, organized cybercriminal groups, and rogue actors employing advanced cyber capabilities. These threats include denial-of-service (DoS), signal jamming, data spoofing, malware injection, and direct attacks on ground and satellite-based communication networks infrastructure.

Removed

Our second investment was with OP Media, Inc, a dynamic software platform provider, addressing a critical market requirement for transforming static infrastructure processes and knowledgebases into digital processes that can be continuously optimized using AI, ML, and blockchain technologies for making informed decisions and creating streamlined workflows in real-time, without requiring coding or programming skills.

Added

In the commercial sector, satellite networks that provide communication, navigation, and imagery services are vulnerable to exploitation, posing risks to critical infrastructure and civilian services. For government systems, adversaries have been targeting vulnerabilities in proliferated constellations, mission-critical data streams, and multi-domain integration efforts.

Removed

Further, under the terms of our respective agreements, both OmniTeq and OP Media have agreed to integrate our VirnetX One™ family of products and services into their solutions and to resell them to their current and future customers. Both companies have committed to using VirnetX as their exclusive global cybersecurity solution provider and go-to-market partner.

Added

We believe that our proven proactive, integrated approach to cybersecurity ensures the resilience of defense architectures across the entire conflict continuum. The shift to remote work and expansion of the enterprise network perimeter has driven the growth of ZTNA solutions. The Zero Trust concept treats all networks like the Internet, where all users and devices are untrusted by default.

Removed

We have an ongoing licensing program under which we offer licenses to our technology, software, and some of our patented inventions, including our secure domain name registry service, to domain infrastructure providers, communication service providers as well as to system integrators.

Added

We believe our software products and technologies provide the foundation for securing real-time communications and collaboration applications for the enterprise remote workforce. We are exploring creating a marketplace of applications secured by our VirnetX One platform.

Removed

Our GABRIEL Connection Technology™ License is offered to OEM customers who want to adopt the GABRIEL Connection Technology™ as their solution for establishing secure connections using secure domain names within their products. We have developed GABRIEL Connection Technology™ Software Development Kit to assist with rapid integration of these techniques into existing software implementations.

Added

During 2024, due to exponential increase in dynamic and persistent cyber threats to the U.S. national security operational framework, we decided to increase our focus on offering our VirnetX One TM platform and its family of products and solutions to the Department of Defense for addressing these challenges using our proven proactive, integrated approach to cybersecurity that ensures the resilience of defense architectures across the entire conflict continuum.

Removed

We expect to continue to launch new and enhanced security platforms, software products, and services based on our GABRIEL Connection Technology™. We will provide updates to new and existing customers as they are released to the public. Many small and medium businesses have installed our software products in their corporate networks.

Added

As a part of this effort, we engaged in several significant actions: • We established an advisory board comprised of four retired senior U.S.

Removed

We intend to continue to expand our customer base with targeted promotions and direct sales initiatives to large enterprise and governmental organizations. Industry Overview & Trends We believe that the rapid growth in remote work has accelerated digital business transformation initiatives that would have taken years, into a matter of months.

Added

Air Force leaders to assist and advise on business development and operational direction of VirnetX’s Zero Trust Network Access security technology as a necessary layer of security for defense communications and data management to Department of Defense government officials and commercial contractors. • We participated in the U.S.

Removed

The demand to work remotely, explosive growth of video conferencing tools and rapid growth in the cloud has created an opportunity to secure communications regardless of a user’s location, network, or BYOD (bring your own device). 3 Index The shift to remote work and expansion of the enterprise network perimeter has driven the growth of ZTNA solutions.

Added

Navy Expeditionary Combat Command (NECC) sponsored technology demonstrations during the Rim of the Pacific (RIMPAC) 2024, a large-scale international maritime exercise at Ford Island, Oahu, Hawaii, and successfully demonstrated our VirnetX One Matrix and VirnetX’s War Room secure video conferencing from ship to shore environments.

Removed

Based on our estimates, using publicly available market data, we believe that the Zero Trust security market size is projected to grow from $24.8 billion in 2022 to over $60 billion by 2027, at a Compound Annual Growth Rate (CAGR) of 19.4% during the forecast period.

Added

We believe our technology and solutions can fill defense needs for security, stealth, and flexibility in myriad day-to-day static situations to the most challenging operations in conflict or humanitarian assistance. • We participated in a Cooperative Research and Development Agreement (CRADA) with the Air Force (AF) Research Laboratory Intelligence Systems Directorate (AFRL/RI) to facilitate collaboration on cybersecurity and Zero Trust technologies to support integrated surveillance and reconnaissance operations as well as AF and joint targeting processes.

Removed

We believe Zero Trust represents a growing market and an ideal fit for our technology and products. Cloud computing growth has rapidly expanded as enterprises continue to move applications and services to the cloud. The cloud offers scalability, operations and development efficiency and remote access benefits for their workforce.

Added

The work conducted under this CRADA is expected to provide the avenue to secure and obfuscate AF targeting, processing, dissemination, and intelligence technology, enabling AF to take advantage of the latest research and developments in commercially available cybersecurity technology and reduce its IT attack surface in a joint, all-domain environment. • We hired Dr.

Removed

Based on our estimates, using publicly available market data, we believe that the global cloud computing security market size is expected to grow from approximately $43.6 billion in 2022 to over $92.7 billion by 2028, at a CAGR of 13.4% during the forecast period.

Added

John Anthony Jamison as new VirnetX Chief Technical Officer (CTO). Dr.

Removed

Based on our estimates, using publicly available market data, we believe that the size of the global Industrial IoT security market size is projected to grow from $4.76 billion in 2022 to approximately $23.17 billion by 2028 at a CAGR of 30.2% during the forecasted period with a growing investment in securing the infrastructure around these devices.

Added

Jamison brings a wealth of technology experience in the intelligence community and will be instrumental as expand our participation in national defense projects and initiatives. • We successfully conducted a rigorous functional and penetration testing of our VirnetX One Matrix solution by Pacific Northwest National Laboratory (PNNL) with support from Johns Hopkins University Applied Physics Laboratory (JHU-APL) at the request of The United States Space Force (USSF).

Removed

During 2023, we actively engaged in discussions with certain third-parties to pitch the capabilities of VimetX One TM .

Added

Secretary of Commerce to privatize the management of the domain name system in a manner that increases competition and facilitates international participation in its management. 7 Index On September 29, 2006, the U.S.

Removed

As a result of our efforts, we made a series of announcements with Solution Synergy, WeSecure, Samsung, Every Data Corporation, and Object Security We also announced new deployments of our VimetX Matrix TM product at City of Bridgeport, International Association of Certified ISAOs (IACI) and SkinWalker Ranch.

… 2 more changes not shown on this page.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

60 edited+21 added−9 removed83 unchanged

2023 filing

2024 filing

Biggest changeThe following include some of the factors that may cause our operating results to fluctuate: • Time and resources required to accelerate transition to new product development and sales strategies targeting large enterprises and government customers; • Customer adoption of our VirnetX One TM platform and software products and services; • The number of product license sales of VirnetX Warroom, VirnetX Matrix and associated services; • Adoption of VirnetX One TM platform by third party application providers of secure communications; • Intensely competitive market with established brands that have larger customer bases, and greater resources than we do; • Prolonged economic uncertainties or downturns, globally or in certain regions or industries, could materially adversely affect our business; • Government export and import control regulations on selling products with encryption technology in certain international markets; These fluctuations may make our business particularly difficult to manage, adversely affect our business and operating results, make our operating results difficult for investors to predict and, further, cause our results to fall below investor’s expectations and adversely affect the market price of our common stock.

Biggest changeOur operating results have fluctuated in the past due to several factors and may fluctuate in the future due to the same or similar factors, which include but are not limited to the following: 8 Index • Time and resources required to accelerate transition to new product development and sales strategies targeting large enterprises, government customers, service provider partnerships and grant funding; • Our success depends in part on establishing and maintaining relationships with third parties to integrate our family of cybersecurity products and services into their operations and develop solutions key to the defense market, critical infrastructure and threat intelligence service; • Customer adoption of our VirnetX One™ platform and software products and services; • The number of product license sales of VirnetX War Room™, VirnetX Matrix™ and associated services; • Adoption of VirnetX One TM platform by third party application providers of secure communications; • Intensely competitive market with established companies that have larger customer bases, and greater resources than we do; • Prolonged economic uncertainties or downturns, globally or in certain regions or industries, could materially adversely affect our business; and • Government export and import control regulations on selling products with encryption technology in certain international markets.

Consequently, if customer orders are not realized or delayed, our revenues and results of operations could be materially and adversely affected. We have limited technical resources and are at an early stage in commercialization of our VirnetX One™ platform and software products. Part of our business includes the internal development of commercial products we seek to monetize.

Consequently, if customer orders are delayed or not realized, our revenues and results of operations could be materially and adversely affected. We have limited technical resources and are at an early stage in commercialization of our VirnetX One™ platform and software products. Part of our business includes the internal development of commercial products we seek to monetize.

Along with the advance notice requirements described above, this provision also gives our Board of Directors and management more time to react to proposed stockholder actions. • Super majority requirement for stockholder amendments to the bylaws: Stockholder proposals to alter or amend our bylaws or to adopt new bylaws can only be approved by the affirmative vote of at least 66 2/3% of the outstanding shares of our common stock. • No ability of stockholders to call a special meeting of the stockholders: A special meeting of the stockholders, other than as required by statute, may be called at any time by the Board of Directors, or by the chairman of the board, or by the president, and any power of stockholders to call a special meeting of stockholders is specifically denied.

Along with the advance notice requirements described above, this provision also gives our Board of Directors and management more time to react to proposed stockholder actions. • Super majority requirement for stockholder amendments to the Restated Bylaws: Stockholder proposals to alter or amend our Restated Bylaws or to adopt new bylaws can only be approved by the affirmative vote of at least 66 2/3% of the outstanding shares of our common stock. • No ability of stockholders to call a special meeting of the stockholders: A special meeting of the stockholders, other than as required by statute, may be called at any time by the Board of Directors, the chairman of the Board of Directors, or the president, and any power of stockholders to call a special meeting of stockholders is specifically denied.

These factors include, but not limited to, the following: • Annual variations, actual or anticipated, in our operating results; • Significant changes in our management; • Large purchases or sales of common stock or derivative transactions related to our stock; • Actual or anticipated announcements of new products or services by us or competitors; • General conditions in the markets in which we compete; and • General social, political, economic, and financial conditions, including the significant volatility in the global financial markets.

These factors include, but are not limited to, the following: • Annual variations, actual or anticipated, in our operating results; • Significant changes in our management; • Large purchases or sales of common stock or derivative transactions related to our stock; • Actual or anticipated announcements of new products or services by us or competitors; • General conditions in the markets in which we compete; and • General social, political, economic, and financial conditions, including significant volatility in the global financial markets.

This gives our Board of Directors and management more time to react to stockholder proposals generally and could also permit us to disregard a stockholder proposal to the extent such proposal is not submitted in accordance with the bylaws. • No stockholder actions by written consent: No stockholder or group of stockholders may take action by written consent.

This gives our Board of Directors and management more time to react to stockholder proposals generally and could also permit us to disregard a stockholder proposal to the extent such proposal is not submitted in accordance with the Restated Bylaws. • No stockholder actions by written consent: No stockholder or group of stockholders may take action by written consent.

Our amended and restated bylaws designate a state or federal court located within the State of Delaware as the exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, or employees.

Our Restated Bylaws designate a state or federal court located within the State of Delaware as the exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, or employees.

We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new products and features could be limited. 16 Index The costs of compliance with and other burdens imposed by laws, regulations and standards may limit the use and adoption of our service and reduce overall demand for it, or lead to significant fines, penalties, or liabilities for any noncompliance.

We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new products and features could be limited. 14 Index The costs of compliance with and other burdens imposed by laws, regulations and standards may limit the use and adoption of our service and reduce overall demand for it, or lead to significant fines, penalties, or liabilities for any noncompliance.

Likewise, we may need to dedicate engineering and other resources to eliminate security vulnerabilities and may find it necessary or appropriate to repair or replace products already sold or licensed to our customers.

Likewise, we may need to dedicate engineering and other resources to mitigate or eliminate security vulnerabilities and may find it necessary or appropriate to repair or replace products already sold or licensed to our customers.

Our systems and operations will also be vulnerable to damage or interruption from, among other things: 12 Index • Power loss, transmission cable cuts and other telecommunications failures; • Damage or interruption caused by fire, earthquake, and other natural disasters; • Computer viruses, electronic break-ins, sabotage, vandalism or software defects; and • Physical or electronic break-ins, sabotage, intentional acts of vandalism, terrorist attacks and other events beyond our control.

Our systems and operations will also be vulnerable to damage or interruption from, among other things: 11 Index • Power loss, transmission cable cuts and other telecommunications failures; • Damage or interruption caused by fire, earthquake, and other natural disasters; • Computer viruses, electronic break-ins, sabotage, vandalism or software defects; and • Physical or electronic break-ins, sabotage, intentional acts of vandalism, terrorist attacks and other events beyond our control.

This ability to exercise significant influence could prevent or significantly delay another company from acquiring or merging with us. 17 Index Our protective provisions in our Amended and Restated Certificate of Incorporation and bylaws could make it difficult for a third party to successfully acquire us even if you would like to sell your stock to them.

This ability to exercise significant influence could prevent or significantly delay another company from acquiring or merging with us. 15 Index Our protective provisions in our amended and restated certificate of incorporation and amended and restated bylaws could make it difficult for a third party to successfully acquire us even if you would like to sell your stock to them.

If we do not manage our investments and business in a manner that meets the requirements for an exemption under the 1940 Act, we may be deemed to be an investment company under the 1940 Act and subject to additional limitations on operating our business including limitations on the issuance of securities, which may make it difficult for us to raise capital. 21 Index

Any decreased use of our products or limitation on our ability to export to or sell our products in international markets would likely adversely affect our business, financial condition, and results of operations. 15 Index Privacy and data security concerns, data collection and transfer restrictions and related domestic or foreign regulations may limit the use and adoption of our solutions and adversely affect our business.

Any decreased use of our products or limitation on our ability to export to or sell our products in international markets would likely adversely affect our business, financial condition, and results of operations. 13 Index Privacy and data security concerns, data collection and transfer restrictions and related domestic or foreign regulations may limit the use and adoption of our solutions and adversely affect our business.

To the extent outstanding stock options or warrants are exercised, additional shares of common stock will be issued, existing stockholders’ percentage voting interests will decline and the number of shares eligible for resale in the public market will increase. Such increase may have a negative effect on the value or market trading price of our common stock.

To the extent outstanding stock options or warrants are exercised and RSUs vest, additional shares of common stock will be issued, existing stockholders’ percentage voting interests will decline and the number of shares eligible for resale in the public market will increase. Such increase may have a negative effect on the value or market trading price of our common stock.

In addition, pricing pressures and increased competition could result in reduced sales, lower margins, losses or the failure of our services to achieve or maintain widespread market acceptance, any of which could harm our business. Many of our competitors are able to devote greater resources to the development, promotion and sale of their products or services.

In addition, pricing pressures and increased competition could result in reduced sales, lower margins, losses or the failure of our services to achieve or maintain widespread market acceptance, any of which could harm our business. 10 Index Many of our competitors are able to devote greater resources to the development, promotion and sale of their products or services.

If a court were to find this exclusive-forum provision in our amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving the dispute in other jurisdictions, which could harm our results of operations.

If a court were to find this exclusive-forum provision in our Restated Bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving the dispute in other jurisdictions, which could harm our results of operations.

The exercise of our outstanding stock options, warrants, and RSUs would result in a dilution of our current stockholders’ voting power and an increase in the number of shares eligible for future resale in the public market which may negatively impact the market price of our stock.

The exercise of our outstanding stock options and warrants, and the issuance of RSUs and restricted stock would result in a dilution of our current stockholders’ voting power and an increase in the number of shares eligible for future resale in the public market which may negatively impact the market price of our stock.

These events may also pose risks to our personnel and to physical facilities and operations, which could adversely affect our financial results. 20 Index Trading in our common stock is limited and the price of our common shares may be subject to volatility.

These events may also pose risks to our personnel and to physical facilities and operations, which could adversely affect our financial results. 18 Index Trading in our common stock is limited and the price of our common shares may be subject to volatility.

For example, disruptive technologies such as generative AI may fundamentally alter the market for our services in unpredictable ways and reduce customer demand. If we fail to compete effectively, our business will be harmed.

For example, disruptive technologies such as generative AI has and may continue to fundamentally alter the market for our services in unpredictable ways and reduce customer demand. If we fail to compete effectively, our business will be harmed.

If we are unable to protect our intellectual property rights or otherwise realize value from them, our business would be negatively affected. 13 Index If we experience security breaches or incidents, we could be exposed to liability and our reputation and business could suffer.

If we are unable to protect our intellectual property rights or otherwise realize value from them, our business would be negatively affected. 12 Index If we experience security breaches or incidents, we could be exposed to liability and our reputation and business could suffer.

If one or more of these companies is unable or unwilling to supply or expand its levels of service to us in the future, our operations could be severely interrupted.

If one or more of these companies is unable or unwilling to supply or expand their levels of service to us in the future, our operations could be severely interrupted.

We have protective provisions in our Amended and Restated Certificate of Incorporation and bylaws that could delay, discourage, or prevent a third party from acquiring control of us without the approval of our Board of Directors.

We have protective provisions in our amended and restated certificate of incorporation (“Restated Charter”) and amended and restated bylaws (“Restated Bylaws”) that could delay, discourage, or prevent a third party from acquiring control of us without the approval of our Board of Directors.

Investors may have limited influence because ownership of our common stock is limited. As of December 31, 2023, our executive officers and directors beneficially owned approximately 14% of our outstanding common stock. Because of their beneficial ownership interest, our officers and directors could significantly influence stockholder actions of which you disapprove or that are contrary to your interests.

Investors may have limited influence because ownership of our common stock is limited. As of December 31, 2024, our executive officers and directors beneficially owned approximately 18% of our outstanding common stock. Because of their beneficial ownership interest, our officers and directors could significantly influence stockholder actions of which you disapprove or that are contrary to your interests.

The United States federal and various state and foreign governments have adopted or proposed requirements regarding the collection, distribution, use, security and storage of personally identifiable information and other data relating to individuals, and federal and state consumer protection laws are being applied to enforce regulations related to the online collection, use and dissemination of data.

The United States federal, various state and foreign governments have adopted or proposed requirements regarding the collection, distribution, use, security, storage, and other processing of personal information and other data relating to individuals, and federal and state consumer protection laws are being applied to enforce regulations related to the online collection, use and dissemination of data.

Our business may be adversely affected by instability, disruption, or destruction in a geographic region in which we operate, regardless of cause, including war, terrorism, riot, civil insurrection, or social unrest, and natural or manmade disasters, including famine, flood, fire, earthquake, storm, or pandemic events and spread of disease, such as the COVID-19 pandemic.

Our business may also be adversely affected by further downturn in macroeconomic conditions, including inflation and rising interest rates, global political and economic uncertainty and tensions, such as the ongoing Russia-Ukraine and Israel-Hamas conflicts as well as any related political or economic response, counter responses or otherwise, financial services sector instability, a reduction in business confidence and activity, financial market volatility, and other factors.

Our business may also be adversely affected by further downturn in macroeconomic conditions, including inflation and rising interest rates, tariffs, trade wars, global political and economic uncertainty and tensions, such as the ongoing Russia-Ukraine and Israel-Hamas conflicts, as well as any related political or economic response, counter responses or otherwise, financial services sector instability, a reduction in business confidence and activity, financial market volatility, unexpected changes in tax law or policy, and other factors.

We may be required to incur substantial expense in order to make significant changes to our product and business operations in connection with obtaining and maintaining compliance with the GDPR and similar legislation, such as the UK GDPR and UK Data Protection Act, all of which may adversely affect our revenue and product sales.

We may be required to incur substantial expense in order to make significant changes to our products and operations to address compliance with the GDPR and similar legislation, such as the UK GDPR and UK Data Protection Act, all of which may adversely affect our revenue and product sales.

Our primary competitors in the zero-trust network access market include Appgate, Cloudflare, and Illumio. In the enterprise market, our primary competitors include Zscaler (ZPA), Palo Alto Networks (Prisma Access), Cisco (Umbrella), Citrix (Secure Private Access), Netskope (Private Access for ZTNA) and Cato Networks.

In the enterprise market, our primary competitors include Zscaler (ZPA), Palo Alto Networks (Prisma Access), Cisco (Umbrella), Citrix (Secure Private Access), Netskope (Private Access for ZTNA) and Cato Networks.

Our secure domain name registry operations will also depend on our ability to maintain our computer and telecommunications equipment in effective working order and to reasonably protect our systems against interruption, and potentially depend on protection by other registrars in the shared registration system.

Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure, and security of data that identifies or may be used to identify or locate an individual, such as names, email addresses and, in some jurisdictions, IP addresses.

Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure, and security of data that identifies or may be used to identify or locate an individual.

Our amended and restated bylaws provide that, unless we consent in writing to the selection of an alternative forum, the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, stockholders, officers, or other employees to us or our stockholders, (3) any action arising pursuant to any provision of the Delaware General Corporation Law, or our amended and restated certificate of incorporation or amended and restated bylaws or (4) any other action asserting a claim that is governed by the internal affairs doctrine shall be the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, another State court in Delaware or the federal district court for the District of Delaware), in all cases subject to the court having jurisdiction over indispensable parties named as defendants.

Our Restated Bylaws provide that, unless we consent in writing to the selection of an alternative forum, the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, stockholders, officers, or other employees to us or our stockholders, (3) any action arising pursuant to any provision of the Delaware General Corporation Law, or our Restated Charter or Restated Bylaws or (4) any other action asserting a claim that is governed by the internal affairs doctrine shall be the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, another State court in Delaware or the federal district court for the District of Delaware), in all cases subject to the court having jurisdiction over indispensable parties named as defendants. 16 Index However, notwithstanding the exclusive forum provisions, our Restated Bylaws explicitly state that they would not preclude the filing of claims brought to enforce any liability or duty created under federal securities laws, including the Securities Act or the Exchange Act.

It is possible that we may have to expend additional financial and other resources to address such problems. The increase in remote work by our personnel and those of third parties in recent years has resulted in increased vulnerability to cyber-attacks.

It is possible that we may have to expend additional financial and other resources to address such problems. Remote work by our personnel and those of third parties has resulted in increased vulnerability to cyber-attacks. Additionally, geopolitical tensions and conflicts may create increased risks of cyber-attacks.

In addition, we are regularly involved in cooperative efforts with respect to the incorporation of our products into products of others and vice versa, research and development efforts, and marketing, distributor and reseller arrangements.

In addition, we are regularly involved in cooperative efforts with respect to the incorporation of our products into products of others and vice versa, collaborative research and development efforts with government and university laboratories, distributor and reseller arrangements and service provider partnerships.

Our products are highly technical and complex and, when deployed, may contain errors or defects. Despite testing, some errors in our products may only be discovered after a product has been installed and used by customers.

Our products are highly technical and may contain undetected errors, which could cause harm to our reputation and adversely affect our business. Our products are highly technical and complex and, when deployed, may contain errors or defects. Despite testing, some errors in our products may only be discovered after a product has been installed and used by customers.

Our business has been, and may continue to be, negatively affected by shareholders intent upon alternate business strategies. Responding to actions by activist shareholders is costly and time-consuming, has diverted the attention of management, our board of directors and our employees, and may be disruptive to our operations.

Responding to actions and communications by activist shareholders is costly and time-consuming, has diverted the attention of management, our Board of Directors and our employees, and may be disruptive to our operations.

Between January 1, 2023, and December 31, 2023, the adjusted closing price on the NYSE for our common stock ranged between $3.53 and $12.60, adjusted for a 1-for-20 reverse stock split effective October 26, 2023. The price of our common stock may continue to be volatile as a result of several factors, some of which are beyond our control.

Between January 1, 2024, and December 31, 2024, the adjusted closing price on the NYSE for our common stock ranged between $3.62 and $9.22. The price of our common stock may continue to be volatile as a result of several factors, some of which are beyond our control.

In addition, potential customers of our products include local, state, federal and foreign government authorities. Sales to government authorities can be extensive and unpredictable. Government authorities generally have complex budgeting, purchasing, and regulatory processes that govern their capital spending, and their spending is likely to be adversely impacted by economic conditions.

Sales processes to government authorities can be extensive and unpredictable. Government authorities generally have complex budgeting, purchasing, and regulatory processes that govern their capital spending, and their spending is likely to be adversely impacted by economic conditions.

Furthermore, some potential customers, particularly large enterprises, may elect to develop their own internal solutions. For any of these reasons, we may not be able to compete successfully against our competitors.

Our competitors may be able to respond more quickly and effectively to new or changing opportunities, technologies, standards or customer requirements. Furthermore, some potential customers, particularly large enterprises, may elect to develop their own internal solutions. For any of these reasons, we may not be able to compete successfully against our competitors.

Privacy, information security, and data protection concerns, whether valid or not valid, may inhibit market adoption of our platform, particularly in certain industries and foreign countries .

Privacy, information security, and data protection concerns, whether valid or not valid, may inhibit market adoption of our platform, particularly in certain industries and foreign countries . Our business has been, and may continue to be, negatively affected by activist shareholders.

In addition, many of our competitors have established marketing relationships and major distribution agreements with channel partners, consultants, system integrators and resellers. Competitors may offer products or services at lower prices or with greater depth than our services. Our competitors may be able to respond more quickly and effectively to new or changing opportunities, technologies, standards or customer requirements.

In addition, many of our competitors have established marketing relationships and major distribution agreements with government agencies, channel partners, consultants, system integrators and resellers. Competitors may offer products or services at lower prices or with greater depth than our services.

This delays the ability of stockholders to affect a change in control of us because it would take two annual meetings to effectively replace a majority of the Board of Directors. • Blank check preferred stock: Our Board of Directors has the authority to establish the rights, preferences, and privileges of our 10,000,000 authorized, but unissued, shares of preferred stock.

These protective provisions include: • A staggered Board of Directors: Only one or two of five directors will be up for election at any given annual meeting, delaying the ability of stockholders to affect a change in control of us because it would take two annual meetings to effectively replace a majority of the Board of Directors. • Blank check preferred stock: Our Board of Directors has the authority to establish the rights, preferences, and privileges of our 10,000,000 authorized, but unissued, shares of preferred stock.

Our products are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets .

Any of the foregoing matters could harm our business, operating results and financial condition. Our products are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets .

In addition, we believe there has been and may continue to be substantial trading in derivatives of our stock, including short selling activity or related similar activities, which are beyond our control, and which may be beyond the full control of the SEC and Financial Institutions Regulatory Authority or “FINRA.” While the SEC and FINRA rules prohibit some forms of short selling and other activities that may result in stock price manipulation, such activity may nonetheless occur without detection or enforcement.

We also expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection and information security in the United States, the EU, and other jurisdictions. For example, the European Commission maintains a General Data Protection Regulation (the “GDPR”) that imposes stringent data protection requirements and provides for substantial penalties for noncompliance.

We expect to retain certain confidential and proprietary customer information in our secure data centers and secure domain name registry, as well as personal data and other confidential and proprietary information relating to our business. It will be critical to our business strategy that our facilities and infrastructure remain secure and are perceived by the marketplace to be secure.

Additionally, any such data security incident, or the perception that one has occurred could also result in adverse publicity, harm to our reputation and competitive position, and therefore adversely affect the market’s perception of the security of electronic commerce and communications over IP networks as well as the security or reliability of our services, which could have a material adverse impact on our business, financial condition, and results of operation. 14 Index A security breach or other security incident, or the perception any such event has occurred, could require a substantial level of financial resources to address and otherwise respond to, may be difficult to identify or address in a timely manner, and could result in claims, investigations, inquiries, and other proceedings or actions by private parties or governmental entities that may divert management’s attention and require the expenditure of significant time and resources, and which may cause us to incur substantial fines, penalties, or other liability and related legal and other costs.

A security breach or other security incident, or the perception any such event has occurred, could require a substantial level of financial resources to address and otherwise respond to, may be difficult to identify or address in a timely manner, and could result in claims, investigations, inquiries, and other proceedings or actions by private parties or governmental entities that may divert management’s attention and require the expenditure of significant time and resources, and which may cause us to incur substantial fines, penalties, or other liability and related legal and other costs.

For example, Connecticut, Virginia, and Colorado have enacted legislation similar to the CCPA and CPRA that has taken effect in 2023; Utah has enacted such legislation that is effective as of December 31, 2023; Florida, Montana, Oregon, and Texas have enacted similar legislation that becomes effective in 2024; Delaware, Tennessee, and Iowa have enacted similar legislation that will take effect in 2025; and Indiana has enacted similar legislation that will become effective in 2026.

For example, Connecticut, Virginia, Utah and Colorado enacted legislation similar to the CCPA and CPRA that took effect in 2023; Florida, Montana, Oregon, and Texas have enacted similar legislation that has became effective in 2024; Delaware, Nebraska, Maryland, New Hampshire, New Jersey, Minnesota, Tennessee, and Iowa have enacted similar legislation that has or will become effective in 2025; and Indiana, Kentucky, and Rhode Island have enacted similar legislation that will become effective in 2026.

We expect that our sales cycles will be long and unpredictable due to several factors, including but not limited to: • The need to educate potential customers about our patent rights and our product and service capabilities; • Our customers’ willingness to invest potentially substantial resources and modify their network infrastructures to take advantage of our products; • Our customers’ budgetary constraints and timing of their budget cycles; • Delays caused by customers’ internal review processes; and • Long sales cycles may increase the risk that our financial resources are exhausted before we are able to generate significant revenue.

We expect that our sales cycles will be long and unpredictable due to several factors, including but not limited to: • The need to educate potential customers about our product and service capabilities; • Our customers’ budgetary constraints and timing of their budget cycles; • Delays caused by time-consuming internal review processes customary with potential customers including large governments agencies and institutions in the space and defense industries; and • Long sales cycles may increase the risk that our financial resources are exhausted before we are able to generate significant revenue. 9 Index In addition, potential customers of our products include local, state, federal and foreign government agencies, as well as institutions in the space and defense industries.

Our ability to obtain additional capital, if and when required, will depend on our business plans, investor demand, our operating performance, the condition of the capital markets, the terms of our current contractual obligations and other factors. 19 Index If we raise additional funds through the issuance of equity, equity-linked or debt securities, including those under our past and any future shelf registration statements, those securities may have rights, preferences, or privileges senior to the rights of our common stock, and our existing stockholders may experience dilution.

If we raise additional funds through the issuance of equity, equity-linked or debt securities, including those under our past and any future shelf registration statements, those securities may have rights, preferences, or privileges senior to the rights of our common stock, and our existing stockholders may experience dilution.

These provisions may prohibit large stockholders, particularly those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. 18 Index These and other provisions in our Amended and Restated Certificate of Incorporation, our bylaws and under Delaware law could discourage potential takeover attempts, reduce the price that investors might be willing to pay for shares of our common stock in the future and result in the market price being lower than it would be without these provisions.

These and other provisions in our Restated Charter, our Restated Bylaws and under Delaware law could discourage potential takeover attempts, reduce the price that investors might be willing to pay for shares of our common stock in the future and result in the market price being lower than it would be without these provisions.

We have invested in and we continue to seek to invest in or acquire businesses, technologies, or other assets that we believe could complement or expand our business.

Part of our business strategy is to enter into partnerships, strategic investments, and other cooperative arrangements with other companies and government agencies. We have invested in and we continue to seek to invest in or acquire businesses, technologies, or other assets that we believe could complement or expand our business.

Any actual or perceived security breach or other security incident may also harm our reputation, result in a loss of customers, and make it more difficult or impossible for us to successfully market to others. Any of the foregoing matters could harm our business, operating results and financial condition.

Cybersecurity risks pose a particularly significant risk to our business given our focus on providing internet security software and secure communications technology. Any actual or perceived security breach or other security incident may also harm our reputation, result in a loss of customers, and make it more difficult or impossible for us to successfully market to others.

General Risk Factors We may need to raise additional capital to support our business growth, and this capital may be dilutive, may cause our stock price to drop or may not be available on acceptable terms, if at all.

The perceived decrease in value of employee equity incentive awards may reduce their effectiveness in encouraging performance and retention. 17 Index We may need to raise additional capital to support our business growth, and this capital may be dilutive, may cause our stock price to drop or may not be available on acceptable terms, if at all.

If we lose third-party relationships, if these relationships are not commercially successful, or if we are unable to enter into third-party relationships on commercially reasonable terms in the future, our business could be negatively impacted. 11 Index Our products are highly technical and may contain undetected errors, which could cause harm to our reputation and adversely affect our business.

If we lose third-party relationships, if these relationships are not commercially successful, or if we are unable to enter into third-party relationships on commercially reasonable terms in the future, our business could be negatively impacted. We expect that we will experience long and unpredictable sales cycles, which may impact our operating results.

Risks Related to Our Business and Our Financial Reporting Our operating results may not be consistent and may be difficult to predict and we may not be able to achieve or sustain profitability in the future. Our operating results have fluctuated in the past due to several factors.

Risks Related to Our Business and Our Financial Reporting Our operating results may not be consistent and may be difficult to predict and we may not be able to achieve or sustain profitability in the future. We had a net loss of $6.2 million for the quarter ended December 31, 2024.

The exercise of our outstanding vested stock options, warrants, and RSUs would dilute the ownership interests of our existing stockholders. As of December 31, 2023, we had outstanding options, warrants and RSUs to purchase an aggregate of 348,717 shares of common stock representing approximately 10% of our total shares outstanding of which 287,503 were vested and therefore exercisable.

As of December 31, 2024, we had outstanding options, warrants and RSUs to purchase an aggregate of 265,040 shares of common stock representing approximately 6.25% of our total shares outstanding of which 242,352 were vested.

Accordingly, if we do not generate revenue as and when anticipated, our losses may be greater than expected and our operating results will suffer. 10 Index The market in which we participate is intensely competitive, and if we do not compete effectively, our operating results could be harmed.

In addition, a high percentage of our expenses are and will continue to be fixed. Accordingly, if we do not generate revenue as and when anticipated, our losses may be greater than expected and our operating results will suffer.

The secure domain name servers that we will operate will be critical hardware to our registry services operations. Additionally, we maintain confidential and proprietary business information, including trade secrets. We expect to have to expend significant time and money to maintain or increase the security of our products, facilities, and infrastructure.

We expect to have to expend significant time and money to maintain or increase the security of our products, facilities, and infrastructure.

If we fail to increase our revenue to offset any increases in our operating expenses, we may not achieve or sustain profitability in the future. 9 Index We expect that we will experience long and unpredictable sales cycles, which may impact our operating results.

If we fail to increase our revenue to offset any increases in our operating expenses, we may not achieve or sustain profitability in the future. Our success depends in part on establishing and maintaining relationships with third parties to incorporate our products and services into their operations.

The market for Zero Trust Network Access (“ZTNA”) security solutions is rapidly evolving and highly competitive as new entrants and traditional network solutions companies offer cloud-based cybersecurity solutions. Many of our competitors and potential competitors have established brand recognition, larger customer bases, and greater resources than we do.

The market in which we participate is intensely competitive, and if we do not compete effectively, our operating results could be harmed. The market for ZTNA security solutions is rapidly evolving and highly competitive as new entrants and traditional network solutions companies offer cloud-based cybersecurity solutions.

We expect that our future operating results may also fluctuate due to the same or similar factors. We had a net loss of $27.9 million for the year ended December 31, 2023. We had a net loss of $36.3 million for the year ended December 31, 2022. As of December 31, 2023, we had an accumulated deficit of $186 million.

We had a net loss of $18.2 million for the year ended December 31, 2024. As of December 31, 2024, we had an accumulated deficit of $204.7 million.

Removed

Summary Risk Factors An investment in our common stock involves a high degree of risk, and the following is a summary of key risk factors when considering an investment.

Added

These fluctuations may make our business particularly difficult to manage, adversely affect our business and operating results, make our operating results difficult for investors to predict and, further, cause our results to fall below investor’s expectations and adversely affect the market price of our common stock.

Removed

You should read this summary together with the more detailed description of each risk factor contained in the subheadings further below. • Long and unpredictable sales cycles. • We have limited technical resources and are at an early stage in commercialization of our products. • Intensely competitive market with established brand names. • Our business has been, and may continue to be, negatively affected by shareholders intent upon alternate business strategies. • Our products are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets. • If we are not able to adequately protect our patent rights and trade secrets, our business would be negatively impacted.

Added

Many of our competitors and potential competitors have established brand recognition, larger customer bases, and greater resources than we do. Our primary competitors in the ZTNA market include Appgate, Cloudflare, and Illumio.

Removed

In addition, a high percentage of our expenses are and will continue to be fixed.

Added

It will be critical to our business strategy that our facilities and infrastructure, including our secure domain name servers, remain secure and are perceived by the marketplace to be secure.

Removed

Our success depends in part on establishing and maintaining relationships with other companies to distribute our technology and products or to incorporate our products and services, into their technology or vice versa. Part of our business strategy is to enter into partnerships, strategic investments, and other cooperative arrangements with third parties.

Added

There can be no assurances our security measures or those of our service providers will prevent security breaches or incidents.

Removed

Additionally, several of our patents are currently, and other patents may in the future be, subject to USPTO post-grant inter partes review proceedings (“IPR”) which may result in all, or part of these patents being invalidated, or the claims of our patents being limited.

Added

Removed

Unfavorable or adverse outcomes in our litigation or IPRs or material leaks of trade secrets may result in losses, exhaustion of financial resources, reduction in our ability to protect our intellectual property rights, or other adverse effects, which could encumber our ability to develop and commercialize our products.

Added

The exercise of our outstanding vested stock options and warrants, and the vesting of RSUs and restricted stock dilutes the ownership interests of our existing stockholders.

Removed

For example, the European Commission adopted a General Data Protection Regulation (the “GDPR”) that became fully effective on May 25, 2018, superseding prior EU data protection legislation, imposing more stringent EU data protection requirements, and providing for greater penalties for noncompliance.

Added

These provisions may prohibit large stockholders, particularly those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time.

Removed

These protective provisions include: • A staggered Board of Directors: Only one or two directors (of our five-person Board of Directors) will be up for election at any given annual meeting.

Added

General Risk Factors Failure to meet the NYSE’s continued listing requirements could result in the suspension of trading of our common stock and a subsequent delisting of our common stock.

Removed

However, notwithstanding the exclusive forum provisions, our amended and restated bylaws explicitly state that they would not preclude the filing of claims brought to enforce any liability or duty created under federal securities laws, including the Securities Act or the Exchange Act.

Added

On August 28, 2024, we received a written notification from the NYSE that as of August 27, 2024, we were not in compliance with the continued listing standards set forth in Section 802.01B of the NYSE Listed Company Manual because the average global market capitalization over a consecutive 30 trading-day period and stockholders’ equity were both less than $50 million.

Added

In accordance with applicable NYSE procedures, we submitted a plan to the NYSE on October 11, 2024, and provide quarterly updates advising it of the definitive actions we have taken, are taking and plan to take that would bring us into conformity with the standard set forth in Section 801.01B within 18 months of receipt of the written notification.

Added

The written notification has no immediate impact on our ongoing business operations, reporting requirements with the SEC or the listing of our common stock on the NYSE at this time, subject to the Company’s continued compliance with the plan and NYSE’s other continued listing standards.

… 10 more changes not shown on this page.

Item 1C. Cybersecurity

Cybersecurity — threats and controls disclosure

13 edited+0 added−0 removed11 unchanged

2023 filing

2024 filing

Biggest changeThird-Party Risk Management We have implemented controls designed to identify and mitigate cybersecurity threats associated with our use of third-party service providers. Such providers are subject to security risk assessments at the time of onboarding, contract renewal, and upon detection of an increase in risk profile.

Biggest changeSuch providers are subject to security risk assessments at the time of onboarding, contract renewal, and upon detection of an increase in risk profile. We use a variety of inputs in such risk assessments, including information supplied by providers and third parties.

We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding such incidents can be made by management, the Board, and legal counsel in a timely manner. Risk Assessment We conduct cybersecurity risk assessments annually, quarterly and upon certain triggering events.

We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding such incidents can be made by management, the Board of Directors, and legal counsel in a timely manner. Risk Assessment We conduct cybersecurity risk assessments annually, quarterly and upon certain triggering events.

The results of the assessment are used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and inform a broader enterprise-level risk assessment that is presented to our Board and members of senior management.

Such risk assessments take into account information from internal stakeholders, known information security vulnerabilities, and information from external sources (e.g., reported security incidents that have impacted other companies, industry trends, and recommendations from our IT vendors).

Such risk assessments take into account information from internal stakeholders, known information security vulnerabilities, and information from external sources (e.g., security incidents that have impacted other companies, industry trends, and recommendations from our IT vendors).

Incident Response and Recovery Planning We have established comprehensive incident response and management plans and continue to regularly test and evaluate the effectiveness of those plans. Our incident response and management plans address — and guide our employees, management, and Board on — our response to a cybersecurity incident.

We are committeed to safeguarding the confidentiality, integrity, and availability of all physical and electronic information assets to ensure that regulatory, operational, and contractual requirements are fulfilled. Our board of directors (the “Board”) and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component.

We are committed to safeguarding the confidentiality, integrity, and availability of all physical and electronic information assets to ensure that regulatory, operational, and contractual requirements are fulfilled. Our Board of Directors and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component.

Management’s Role Our chief technology officer (“CTO”), Director of IT (Information Technology), Director of SecDevOps (Security, Development Operations) (collectively, the “Security Team”) have primary responsibility for assessing and managing cybersecurity risks. The Security Team reviews security performance metrics, identifies security risks, and assesses the status of approved security enhancements.

Management’s Role Our Chief Technology Officer (“CTO”), Director of IT (Information Technology), and Vice President of Platform Engineering (collectively, the “Security Team”) have primary responsibility for assessing and managing cybersecurity risks. The Security Team reviews security performance metrics, identifies security risks, and assesses the status of approved security enhancements.

The Board receives regular updates from the Committee based on such oversight and communications with senior management regarding cybersecurity risk resulting from risk and control maturity assessments, progress of risk reduction initiatives, external auditor feedback and relevant internal and industry cybersecurity incidents. Our Board has technical and industry expertise in risk management, computer security and information technology matters.

The Board of Directors receives regular updates from the Committee based on such oversight and communications with senior management regarding cybersecurity risk resulting from risk and control maturity assessments, progress of risk reduction initiatives, external auditor feedback and relevant internal and industry cybersecurity incidents.

We use a variety of inputs in such risk assessments, including information supplied by providers and third parties. In addition, we encourage our providers to meet appropriate security procedures, controls and responsibilities and investigate security incidents that have impacted our third-party providers, as appropriate. Education and Awareness Our policies require each of our employees to contribute to our cybersecurity efforts.

In addition, we encourage our providers to meet appropriate security procedures, controls and responsibilities and investigate security incidents that have impacted our third-party providers, as appropriate. Education and Awareness Our policies require each of our employees to contribute to our cybersecurity efforts.

In the event of an incident, we intend to follow our incident response playbook, which outlines the steps to be followed from incident detection to mitigation, recovery and notification, including notifying functional areas (e.g., legal), as well as the Board of Directors and senior management, as appropriate. 20 Index Third-Party Risk Management We have implemented controls designed to identify and mitigate cybersecurity threats associated with our use of third-party service providers.

Specifically, the chairperson of the Committee has 39 years of experience in the cybersecurity field, is a former sub-chairman of the NIST Board of Assessment for Programs/National Research Council and holds CISSP and CRISC certifications.

Our Board of Directors has technical and industry expertise in risk management, computer security and information technology matters. Specifically, the chairperson of the Committee has 40 years of experience in the cybersecurity field, was a former sub-chairman of the NIST Board of Assessment for Programs/National Research Council and holds CISSP, CRISC and CDPSE certifications.

The Security Team also considers and makes recommendations on security policies and procedures, security service requirements, and risk mitigation strategies. Our CTO has served in various roles in information technology and information security for over 30 years, He holds a PhD in Information Technology and has been with VirnetX since 2007.

The Security Team also considers and makes recommendations on security policies and procedures, security service requirements, and risk mitigation strategies. Our CTO, holding a Doctorate in Strategic Intelligence, has served in various roles in technology research and military intelligence for 27 years.

Our Director of IT has served in various roles in information technology for 29 years. He holds degree in Computer Technology. Our SecDevOps Director has served in various roles in information technology and information security for over 33 years. 23 Index

Our Director of IT, holding a degree in Computer Technology, has served in various roles in information technology for 30 years. Our Vice President of Platform Engineering has served in various roles in information technology and information security for over 33 years.

Item 2. Properties

Properties — owned and leased real estate

2 edited+0 added−0 removed0 unchanged

2023 filing

2024 filing

Biggest changeThe space includes 28,970 square feet to be used for technical integration and training. The lease continues through April 2029. We believe that our office and facility leases are suitable and appropriately support our current business needs.

Item 2. Properties Our principal executive offices are located at 308 Dorla Court, Suite 206, Zephyr Cove, Nevada, 89448. We lease this property, which comprises approximately 2,090 square feet of office space, from a third party for a term that ends in October 2025. Additionally, we lease a facility in Farmington, Utah.

Item 2. Properties Our principal executive offices are located at 308 Dorla Court, Suite 206, Zephyr Cove, Nevada, 89448. We lease this property, which comprises approximately 2,090 square feet of office space, from a third party for a term that ends in October 2026. Additionally, we lease a facility in Farmington, Utah.

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

5 edited+0 added−5 removed0 unchanged

2023 filing

2024 filing

Biggest changeSince our founding as a public company in 2007, each time we have been successful in generating cash relating to the successful outcome of litigation, we have made a special distribution to common shareholders. In 2010, a distribution of $10 per common share closely followed a litigation outcome that resulted in our receipt of $200 million.

Biggest changeDividend Policy See Note 8 in the notes to our consolidated financial statements and our risk factor titled " We do not regularly pay dividends on our common stock and thus stockholders must look to appreciation of our common stock to realize a gain on their investments." Since our founding as a public company in 2007, each time we have been successful in generating cash relating to the successful outcome of litigation, we have made a special distribution to common shareholders.

Item 5. Market for the Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Market Information Our common stock currently trades under the symbol “VHC” on the NYSE. Holders of Record As of December 31, 2023, we had 41 stockholders of record.

Because many of our shares of common stock are held of record by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of beneficial stockholders represented by such record holders. Dividend Policy See Note 8 in the notes to our consolidated financial statements.

In 2020, a distribution of $20.00 per share closely followed a litigation outcome that resulted in our receipt of $454 million. In 2023, we paid a one-time capital dividend of $20 share of common stock, to shareholders. Over the course of VirnetX’s history as a public company VirnetX has distributed over $165.9 million in cash to shareholders.

In 2010, a distribution of $10 per common share closely followed a litigation outcome that resulted in our receipt of $200 million. In 2020, a distribution of $20 per share closely followed a litigation outcome that resulted in our receipt of $454 million. In 2023, we paid a one-time capital dividend of $20 per share of common stock, to shareholders.

Securities Authorized for Issuance under Equity Compensation Plan See Item 12, Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters for information regarding securities authorized for issuance.

Over the course of VirnetX’s history as a public company, VirnetX has distributed over $165.9 million in cash to shareholders. Securities Authorized for Issuance under Equity Compensation Plan See Item 12, Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters for information regarding securities authorized for issuance. Recent Sales of Unregistered Securities None.

Removed

Stock Performance Graph This performance graph shall not be deemed “filed” for purposes of Section 18 of the Exchange Act, or incorporated by reference into any filing of VirnetX Holding Corporation under the Securities Act or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.

Removed

The stock price performance reflected on this graph is not necessarily indicative of future stock price performance. See the disclosure in part I, Item 1A. “Risk Factors” for more information regarding the risks in investing in our common stock.

Removed

The graph below matches VirnetX Holding Corp’s cumulative 5-Year total shareholder return on common stock with the cumulative total returns of the S&P 500 index and the RDG Technology Composite index.

Removed

The graph tracks the performance of a $100 investment in our common stock and in each index (with the reinvestment of all dividends) from 12/31/2018 to 12/31/2023. 25 Index *$100 invested on 12/31/18 in stock or index, including reinvestment of dividends. Fiscal year ending December 31. Copyright© 2024 Standard & Poor’s, a division of S&P Global.

Removed

All rights reserved. 12/18 12/19 12/20 12/21 12/22 12/23 VirnetX Holding Corp 100.00 158.33 246.02 126.92 63.46 44.33 S&P 500 100.00 131.49 155.68 200.37 164.08 207.21 RDG Technology Composite 100.00 142.93 222.56 266.61 181.18 261.37 Recent Sales of Unregistered Securities None. Item 6. [Reserved]

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

27 edited+5 added−13 removed27 unchanged

2023 filing

2024 filing

Biggest changeOur Chief Executive Officer and Chief Administrative Officer are the managing partners of the LLC and control the equity interests of the LLC. We pay for the Company’s business usage of the aircraft at a rate of $8 per flight hour. In March 2024, we renewed our facility lease, used for corporate, promotional and marketing purposes.

Biggest changeWe pay for the Company’s business usage of the aircraft at a rate of $9.8 per flight hour. We have a facility lease in California, used for corporate, promotional and marketing purposes. The lease expires in 2035. Critical Accounting Policies and Estimates The preparation of financial statements in conformity with U.S.

We use valuation techniques, primarily the income and market approach, which maximizes the use of observable inputs and minimize the use of unobservable inputs for recurring fair value measurements. Stock-based Compensation We account for stock-based compensation using the fair value recognition method in accordance with U.S. GAAP.

We use valuation techniques, primarily the income and market approach, which maximizes the use of observable inputs and minimize the use of unobservable inputs for recurring fair value measurements. 25 Index Stock-based Compensation We account for stock-based compensation using the fair value recognition method in accordance with U.S. GAAP.

We expect that our cash and cash equivalents and short-term investments as of December 31, 2023, will be sufficient to fund our current level of selling, general and administration costs and provide related working capital for the foreseeable future.

We expect that our cash and cash equivalents and short-term investments as of December 31, 2024, will be sufficient to fund our current level of selling, general and administration costs and provide related working capital for the foreseeable future.

The team has continued its research and development work to refine our unique network security technology and make it more secure and easy to deploy. Our portfolio of intellectual property is the foundation of our business model. We currently own U.S. and foreign patents/validations/pending applications.

Income Taxes We account for income taxes using the asset and liability method. The asset and liability method require the recognition of deferred tax assets and liabilities for expected future tax consequences of temporary differences that currently exist between the tax basis and financial reporting basis of our assets and liabilities.

The asset and liability method require the recognition of deferred tax assets and liabilities for expected future tax consequences of temporary differences that currently exist between the tax basis and financial reporting basis of our assets and liabilities.

Positions previously recognized are derecognized when we subsequently determine the position no longer is more likely than not to be sustained. Evaluation of tax positions, their technical merits, and measurements using cumulative probability are highly subjective management estimates.

Selling, General and Administrative Expenses 2023 2022 Selling, General and Administrative $ 21,739 $ 15,722 Selling, general and administrative expenses include compensation costs for management and administrative personnel, as well as expenses for outside legal, accounting, and consulting services. Our selling, general and administrative expenses in 2023 were $21,739 compared to $15,722 in 2022.

Selling, General and Administrative Expenses 2024 2023 Selling, General and Administrative $ 14,364 $ 21,739 Selling, general and administrative expenses include compensation costs for management and administrative personnel, as well as expenses for outside legal, accounting, and consulting services. Our selling, general and administrative expenses in 2024 were $14,364 compared to $21,739 in 2023.

Realized gains and losses are recorded in income in the period they are realized using specific identification of each security's cost basis. We invest our excess cash primarily in highly liquid debt instruments including corporate, government and federal agency securities, with contractual maturities less than two years. By policy, we limit the amount of credit exposure to any one issuer.

Realized gains and losses are recorded in income in the period they are realized using specific identification of each security’s cost basis. We invest our excess cash primarily in highly liquid debt instruments including corporate, government and federal agency securities, with contractual maturities less than two years.

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations 26 Index The Company We are an Internet security software and technology company with patented technology for Zero Trust Network Access (“ZTNA”) based secure network communications.

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations (Dollar amounts in this section are in thousand) The Company We are an Internet security software and technology company with patented technology for Zero Trust Network Access (“ZTNA”) based secure network communications.

Our employees include the core development team behind our inventions , technology, and software. Some members of this team have worked together for over twenty years and were on the same team that invented and developed this technology while working at Leidos.

Actual results could differ materially from these estimates. 29 Index Fair Value Fair value is the price that would result from an orderly transaction between market participants at the measurement date. A fair value hierarchy prioritizes the inputs used to measure fair value.

Fair Value Fair value is the price that would result from an orderly transaction between market participants at the measurement date. A fair value hierarchy prioritizes the inputs used to measure fair value.

Liquidity and Capital Resources As of December 31, 2023, our cash and cash equivalents totaled $26,289 and our short-term investments totaled $27,258 compared to $86,561 and $65,462, respectively, as of December 31, 2022.

Liquidity and Capital Resources As of December 31, 2024, our cash and cash equivalents totaled $23,296 and our short-term investments totaled $14,786 compared to $26,289 and $27,258, respectively, as of December 31, 2023.

Effective Income Tax Rate A reconciliation of the United States federal statutory income tax rate to our effective income tax rate is as follows: Year Ended December 31, 2023 Year Ended December 31, 2022 United States federal statutory rate 21.00 % 21.00 % State taxes, net of federal benefit (0.01 )% (0.55 )% Valuation allowance (20.31 )% (91.21 )% Stock based compensation (0.58 )% (9.44 )% R&D Credit 2.20 % 1.22 % Other (2.03 )% (0.29 )% Effective income tax rate 0.28 % (79.27 )% The Company’s effective tax rate for 2023 and 2022 was substantially lower than the statutory Federal income tax rate primarily due to our valuation allowance, additionally in 2022 our effective tax rate was further reduced by stock based compensation, including expiring options.

Effective Income Tax Rate A reconciliation of the United States federal statutory income tax rate to our effective income tax rate is as follows: 2024 2023 United States federal statutory rate 21.00 % 21.00 % State taxes, net of federal benefit (0.01 )% (0.01 )% Valuation allowance (20.50 )% (20.31 )% Stock based compensation (0.62 )% (0.58 )% R&D Credit 1.55 % 2.20 % Other (1.41 )% (2.02 )% Effective income tax rate 0.01 % 0.28 % 26 Index The Company’s effective tax rate for 2024 and 2023 was substantially lower than the statutory Federal income tax rate primarily due to our valuation allowance.

Our patent portfolio is primarily focused on securing real-time communications over the Internet, and related services, and is used in all our technology and products, some of which were acquired by our principal operating subsidiary, VirnetX, Inc., from Leidos in 2006. 23 Index Litigation We are subject to various legal proceedings, the outcomes of which are inherently uncertain.

See Note 12 in the notes to our consolidated financial statements for more information. Commitments and Related Party Transactions We lease our offices in Nevada under an operating lease with a third party expiring in October 2025. We recognize rent expense on a straight-line basis over the term of the lease.

Resolution of legal matters in a manner inconsistent with management’s expectations could have a material impact on our financial condition and operating results. See Note 12 in the notes to our consolidated financial statements for more information. Commitments and Related Party Transactions We lease our offices in Nevada under an operating lease with a third party expiring in October 2025.

Our research and development expenses in 2023 were $9,713 compared to $6,406 in 2022. The fluctuation in 2023 compared to 2022 was primarily due to changes in engineering compensation costs, including bonuses.

Research and development costs are expensed as incurred. Our research and development expenses in 2024 were $6,038 compared to $9,713 in 2023. The decrease in 2024 was primarily due to a reduction in engineering compensation costs.

For these investments, we adjust the carrying value for any purchases or sales of our ownership interests. Periodically, we evaluate these investments for impairment. If we identify an impairment, we reduce the carrying value for the impairment loss with a charge to earnings. We have not identified any impairment as of December 31, 2023.

If we identify an impairment, we reduce the carrying value for the impairment loss with a charge to earnings. We have not identified any impairment as of December 31, 2024. Income Taxes We account for income taxes using the asset and liability method.

We have elected the investment measurement alternative for other investments without readily determinable fair values. During 2023, we invested $2,000 in L2 Holdings LLC and $500 in OP Media Inc. These investments are carried at our initial cost less any impairment, because we do not have the ability to exercise significant influence over operating and financial matters.

By policy, we limit the amount of credit exposure to any one issuer. 24 Index We have elected the investment measurement alternative for other investments without readily determinable fair values. During 2023, we invested $2,000 in L2 Holdings LLC and $500 in OP Media Inc.

Licensing Costs 2023 2022 Licensing costs $ — $ (4 ) Research and Development Expenses 2023 2022 Research and Development $ 9,713 $ 6,406 Research and development costs include expenses paid to outside development consultants and compensation-related expenses for our engineering staff. Research and development costs are expensed as incurred.

Results of Operations Revenue 2024 2023 Revenue $ 5 $ 7 Revenue generated in 2024 was $5, compared to $7 in 2023. Research and Development Expenses 2024 2023 Research and Development $ 6,038 $ 9,713 Research and development costs include expenses paid to outside development consultants and compensation-related expenses for our engineering staff.

We record a liability when it is probable that a loss has been incurred and the amount is reasonably estimable, the determination of which requires significant judgment. Resolution of legal matters in a manner inconsistent with management’s expectations could have a material impact on our financial condition and operating results.

We record any potential gains related to legal proceedings only after cash is collected. We record a liability when it is probable that a loss has been incurred and the amount is reasonably estimable, the determination of which requires significant judgment.

We have a facility lease in Utah to be used for technical integration and as a training facility. This lease requires monthly payments and expires in April 2029. We have a 12-month non-exclusive service agreement, for the use of an aircraft from K2 Investment Fund LLC (“LLC”) for business travel for our employees.

We recognize rent expense on a straight-line basis over the term of the lease. We have a facility lease in Utah to be used for technical integration and as a training facility. This lease requires monthly payments and expires in April 2029.

The increase in selling, general and administrative expenses was primarily due to outside services and additional compensation costs, including bonuses. 30 Index Interest and Other Income, net 2023 2022 Interest and Other Income $ 3,495 $ 1,848 Interest and other income in 2023 was $3,495 compared to $1,848 in 2022, due to higher interest rates.

The decrease in 2024 was primarily due to a reduction in legal and outside services as well as reduced compensation costs. Interest and Other Income, net 2024 2023 Interest and Other Income $ 2,225 $ 3,495 Interest and other income in 2024 was $2,225 compared to $3,495 in 2023, due to decrease in investments.

Removed

Added

We continue to augment our product strategy to provide secure AI to the marketplace.

Removed

During 2023, we actively engaged in discussions with certain third-parties to pitch the capabilities of VirnetX One™. As a result of our efforts, we made a series of announcements with Solution Synergy, WeSecure, Samsung, Envoy Data Corporation, and Object Security.

Added

Removed

We also announced new deployments of our VirnetX Matrix™ product at City of Bridgeport, International Association of Certified ISAOs (IACI) and SkinWalker Ranch.

Added

Removed

Although there can be no assurance in this regard, the Company believes that there are opportunities for Company products’ sales directly to, resale arrangements with and/or adoption as vendor standards by, one or more of these third parties. 27 Index We invested in two companies in the artificial intelligence (“AI”) sector partnering with them to augment the Company’s strategy to provide secure AI to the marketplace.

Added

We have a non-exclusive service agreement for the use of an aircraft from K2 Investment Fund LLC (“LLC”) for business travel for our employees. Our Chief Executive Officer and Chief Administrative Officer are the managing partners of the LLC and control the equity interests of the LLC.

Removed

The first investment was with L2 Holdings, LLC (“OmniTeq”), an AI, machine learning (“ML”) and predictive analytics-based solutions provider with a primary focus on selling into the space and defense sectors. Under the terms of our agreement, OmniTeq will deploy and integrate our VirnetX One™ family of products at SkinWalker Ranch to secure their data and protect against cyber hackers.

Added

These investments are carried at our initial cost less any impairment because we do not have the ability to exercise significant influence over operating and financial matters. For these investments, we adjust the carrying value for any purchases or sales of our ownership interests. Periodically, we evaluate these investments for impairment.

Removed

We intend to continue to expand our customer base with targeted promotions and direct sales initiatives to large enterprise and governmental organizations. Litigation We are subject to various legal proceedings, the outcomes of which are inherently uncertain. We record any potential gains related to legal proceedings only after cash is collected.

Removed

The renewal period begins in 2025, continues for 10 years through 2035, requires either a single payment of $6,000, or annual payments each March, beginning in 2025 starting at $600 and increasing annually for a total commitment of approximately $7,500. 28 Index Critical Accounting Policies and Estimates The preparation of financial statements in conformity with U.S.

Removed

Results of Operations (all amounts in this section are expressed in thousands) Revenue 2023 2022 Revenue $ 7 $ 48 Revenue generated in 2023 was $7, compared to $48 in 2022. The change in revenue from 2022 to 2023 was the expiration of contracts with NEC and Mitel.

Top changes in VirnetX Holding Corp's 2024 10-K

Item 1. Business

Item 1A. Risk Factors

Item 1C. Cybersecurity

Item 2. Properties

Item 5. Market for Registrant's Common Equity

Item 7. Management's Discussion & Analysis

Other VHC 10-K year-over-year comparisons