What changed in Cycurion, Inc.'s 10-K — 2024 vs 2025
vs
Paragraph-level year-over-year comparison of Cycurion, Inc.'s 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.
+364 added−544 removedSource: 10-K (2026-03-31) vs 10-K (2025-04-17)
Top changes in Cycurion, Inc.'s 2025 10-K
364 paragraphs added · 544 removed · 156 edited across 7 sections
- Item 1A. Risk Factors+178 / −273 · 71 edited
- Item 1. Business+70 / −130 · 40 edited
- Item 7. Management's Discussion & Analysis+72 / −99 · 36 edited
- Item 1C. Cybersecurity+26 / −18 · 4 edited
- Item 3. Legal Proceedings+1 / −17
Item 1. Business
Business — how the company describes what it does
40 edited+30 added−90 removed23 unchanged
Item 1. Business
Business — how the company describes what it does
40 edited+30 added−90 removed23 unchanged
2024 filing
2025 filing
Biggest changeOn January 24, 2025, Western Acquisition Ventures Corp., a Delaware Corporation (“Western”), held the Special Meeting, at which the Western stockholders considered and adopted, among other matters, a proposal to approve a business combination (“Business Combination”) pursuant to the terms of that certain Agreement and Plan of Merger, dated April 26, 2024, as amended on December 31, 2024 and February 13, 2025 (the “Merger Agreement”), by and among Western, WAV Merger Sub, Inc., a Delaware corporation and a wholly-owned subsidiary of Western (“Merger Sub”), and Cycurion Sub, Inc., a Delaware corporation (“Cycurion Sub”).
Biggest changeOn February 14, 2025, Cycurion completed the business combination and transactions (the "Business Combination") as set forth in an Agreement and Plan of Merger, dated November 21, 2022, as amended on April 26, 2024, December 31, 2024 and February 13, 2025 (the "Merger Agreement"), by and among Western Acquisition Ventures Corp.
Our managed IT services include: (i) project and license management; (ii) network infrastructure; (iii) systems engineering and administration; (iv) voice and data infrastructure engineering and management; (iv) application development; (v) IT help desk support; and (vi) staff augmentation. 5 Managed Security Services We are a professional and trusted provider of managed security services.
Our managed IT services include: (i) project and license management; (ii) network infrastructure; (iii) systems engineering and administration; (iv) voice and data infrastructure engineering and management; (iv) application development; (v) IT help desk support; and (vi) staff augmentation. Managed Security Services We are a professional and trusted provider of managed security services.
Our key human capital objectives are to attract, retain, engage, reward and develop our highly talented existing and future employees, while cultivating an inclusive workforce and culture to achieve exceptional business results. We are committed to fostering a community of talented individuals from all backgrounds and perspectives by implementing the following. ● Compensation and benefits.
Our key human capital objectives are to attract, retain, engage, reward and develop our highly talented existing and future employees, while cultivating an inclusive workforce and culture to achieve exceptional business results. We are committed to fostering a community of talented individuals from all backgrounds and perspectives by implementing the following.
We, through our operating subsidiaries and strategic partnerships, have numerous prime and subcontracts with key government agencies. Our growth engine is driven by organic business solutions and strategic acquisitions of cybersecurity services and technology providers. We leverage our highly skilled workforce to access, secure and advise our clients to improve their cyber security posture.
We, through our operating subsidiaries and strategic partnerships, have numerous prime and subcontracts with key government agencies. Our growth engine is driven by organic business solutions and strategic acquisitions of cybersecurity services and technology providers. We leverage our highly skilled workforce to access, secure and advise our clients to improve their cybersecurity posture.
Government Government entities face a number of compliance and certification challenges. With constantly changing legislation, meeting government mandate and expectations in the IT environment is often a challenge. We leverage our historical knowledge and extensive experience on the federal level to continue to fulfill all of IT needs across the government organization.
Industries We Serve Government Government entities face a number of compliance and certification challenges. With constantly changing legislation, meeting government mandate and expectations in the IT environment is often a challenge. We leverage our historical knowledge and extensive experience on the federal level to continue to fulfill all of IT needs across the government organization.
Our managed security services include: (i) managed detection and response; (ii) external attack surface management; (iii) threat hunting and threat intelligence; (iv) end point detection and response; (v) firewall management; (vi) threat and vulnerability management; (vii) vulnerability and penetration testing; (viii) 24/7/365 security monitoring; and (ix) digital forensic and incident response.
Our MSS include: (i) managed detection and response; (ii) external attack surface management; (iii) threat hunting and threat intelligence; (iv) end point detection and response; (v) firewall management; (vi) threat and vulnerability management; (vii) vulnerability and penetration testing; (viii) 24/7/365 security monitoring; and (ix) digital forensic and incident response.
Our comprehensive security management solution is designed to help organizations protect their digital assets against various cyber threats. Our managed security services include 24/7 monitoring, threat detection, incident response and remediation. Our Security Operations Center (SOC) as a service offers organizations with a team of security professionals dedicated to monitoring and managing their security infrastructure.
We have designed comprehensive security management solution to help organizations protect their digital assets against various cyber threats. Our managed security services include 24/7 monitoring, threat detection, incident response and remediation. Our Security Operations Center ("SOC") as a service offers organizations with a team of security professionals dedicated to monitoring and managing their security infrastructure.
The key competitive factors in our markets include: ● ability to prepare for, detect and mitigate cybersecurity threats; ● ability to respond to customer needs quickly; ● ability for products to facilitate customer needs; ● total cost and ease-of-use of our products; ● brand awareness and reputation; and ● ability to attract and retain employees.
The key competitive factors in our markets include: • ability to prepare for, detect and mitigate cybersecurity threats; • ability to respond to customer needs quickly; • ability for products to facilitate customer needs; • total cost and ease-of-use of our products; • brand awareness and reputation; and 8 Table of Contents • ability to attract and retain employees.
Some of our competitors are more established and have greater name recognition, longer operating histories, more established customer relationships, larger marketing budgets and significantly greater resources than we do. Customers We have over 41 customers across a variety of industries, including enterprise businesses, small and medium businesses, government agencies, healthcare and higher education.
Some of our competitors are more established and have greater name recognition, longer operating histories, more established customer relationships, larger marketing budgets and significantly greater resources than we do. Customers We have customers in a variety of industries, including enterprise businesses, small and medium businesses, government agencies, healthcare and higher education.
Our ability to identify and implement customized solutions is core to driving continued growth. Our Services Consulting and Advisory Services Our consulting services perform a detailed review of our customers’ IT security to identify and address vulnerabilities.
Our ability to identify and implement customized solutions is core to driving continued growth. 5 Table of Contents Our Services Consulting and Advisory Services Our consulting services perform a detailed review of our customers' IT security to identify and address vulnerabilities.
Managed security services (“MSS”) are a crucial component of a robust security program. Managed security service providers (“MSSPs”) specialize in protecting businesses from cyber threats and deliver a range of security services including, but not limited to, intrusion detection, vulnerability assessments and network security services.
Managed security services ("MSS") are a crucial component of a robust security program. Managed security service providers ("MSSPs") specialize in protecting businesses from cyber threats and deliver a range of security services including, but not limited to, intrusion detection, vulnerability assessments and network security services.
Our Industries Enterprise Business Enterprise level organizations face a litany of challenges when curating and implementing a successful IT environment.
Enterprise Business Enterprise level organizations face a litany of challenges when curating and implementing a successful IT environment.
Web Application Firewall (“WAF”) protection inspects requests in real-time and filters out harmful traffic, while application programing interfaces (“API”) protection is a defense mechanism involving a two-step process of authenticating the data sender and inspecting the data to ensure no malicious data injections have occurred. ● Endpoint Protection .
Web Application Firewall ("WAF") protection inspects requests in real-time and filters out harmful traffic, while application programming interfaces ("API") protection is a defense mechanism involving a two-step process of authenticating the data sender and inspecting the data to ensure no malicious data injections have occurred. • Endpoint Protection .
(formerly Cycurion, Inc., until February 14, 2025), and three indirectly wholly-owned second-tier subsidiaries: (i) Axxum Technologies LLC (“Axxum”), a Virginia limited liability company formed in December 2006, (ii) Cloudburst Security LLC (“Cloudburst”), a Virginia limited liability company formed in January 2007, and (iii) Cycurion Innovation, Inc., a Delaware corporation formed in September 2021, in connection with our acquisition of assets from Sabres Security Ltd.
We have two first-tier wholly-owned subsidiaries, Cycurion Sub (formerly Cycurion, Inc., until February 14, 2025) and Cycurion Crypto Inc., a Delaware corporation formed in July 2025, and three indirectly wholly-owned second-tier subsidiaries: (i) Axxum Technologies LLC ("Axxum"), a Virginia limited liability company formed in December 2006, (ii) Cloudburst Security LLC ("Cloudburst"), a Virginia limited liability company formed in January 2007, and (iii) Cycurion Innovation, Inc., a Delaware corporation formed in September 2021, in connection with our acquisition of assets from Sabres Security Ltd.
On April 8, 2025, Cycurion announced an expanded partnership with Journal Technologies. Together, the companies have been awarded a $22 million multi-year contract to deliver a criminal justice case management system to a state police agency. On April 9, 2025, Cycurion increased the size of its board of directors through the appointment of Irving Minnaker.
Together, the companies have been awarded a $22 million multi-year contract to deliver a criminal justice case management system to a state police agency. On April 9, 2025, Cycurion increased the size of its board of directors through the appointment of Irving Minnaker.
This countermeasure ensures that devices follow compliance and security policies, preventing intrusion from particular vectors. ● Bot Hunter . Our proprietary algorithm provides detection and protection against non-human activity. This can prevent low-level threats like unwanted scraping, and high-level threats like attempted system breaches.
This countermeasure ensures that devices follow compliance and security policies, preventing intrusion from particular vectors. • Bot Hunter Protection . Our proprietary algorithm provides detection and protection against non-human activity. This can prevent low-level threats like unwanted scraping, and high-level threats like attempted system breaches. Competitors The IT and cybersecurity solutions market is fragmented, competitive and always evolving.
Managed IT services is a services model in which a managed service provider (“MSP”) remotely manages the day-to-day IT offerings for a client under a service level agreement (“SLA”). This includes remote monitoring and management of servers, disaster recovery, infrastructure as a service (“IaaS”), platform as a service (“PaaS”), and software as a service (“SaaS”).
Managed IT services is a services model in which a managed service provider ("MSP") remotely manages the day-to-day IT offerings for a client under a service level agreement ("SLA"). This includes remote monitoring and management of servers, disaster recovery, infrastructure as a service ("IaaS"), platform as a service ("PaaS"), and software as a service ("SaaS").
The SEC maintains an internet site that contains reports, proxy and information statements and other information regarding issuers that file electronically with the SEC at www.sec.gov. The information contained on the websites referenced in this Annual Report is not incorporated by reference into this filing.
Axxum's website address is www.axxumtech.com. Cloudburst's website address is www.cloudburstsecurity.com. The SEC maintains an internet site that contains reports, proxy and information statements and other information that we file electronically with the SEC at www.sec.gov. The information contained on the websites referenced in this Annual Report is not incorporated by reference into this filing.
We are committed to hiring the most knowledgeable professionals in order to expand and reinforce our team of experts, leveraging world-class talent to improve and expand upon our already vast understanding of this environment.
We are built on a foundation of experts in network communications and information technology who possess unrivaled security expertise and experience. We are committed to hiring the most knowledgeable professionals in order to expand and reinforce our team of experts, leveraging world-class talent to improve and expand upon our already vast understanding of this environment.
Challenges generally evolve from multiple points, such as finding experienced and deeply knowledgeable IT staff that is prepared for all security eventualities, to creating a comprehensive, functional, and compliant interface tends to create a high cost, knowledge deficient, and overwhelmed staff that often lacks in providing a positive ROI, and at times a cost-prohibitive scenario.
Challenges generally evolve from multiple points, such as finding experienced and deeply knowledgeable IT staff that is prepared for all security eventualities, to creating a comprehensive, functional, and compliant interface tends to create a high cost, knowledge deficient, and overwhelmed staff that often lacks in providing a positive return on investment, and at times a cost-prohibitive scenario. 7 Table of Contents As digitization of operations becomes a necessity in the current environment, we plan to help our customers hire the right personnel and implement proper protocols in a time- and cost-efficient manner.
We offer an evolutionary solution for this knowledge gap by providing deeply knowledgeable experts and highly trained analysts directly to our customers’ organization as a service.
We will take the responsibility from initial analysis to full spectrum implementation of our services, duly optimizing our customers’ organization and digital environment for the future. We offer an evolutionary solution for this knowledge gap by providing deeply knowledgeable experts and highly trained analysts directly to our customers' organization as a service.
Our company will lead healthcare organizations through the demands of HIPAA / HITECH security and privacy compliance requirements. We offer healthcare IT services to augment and refine an organization through auditing and assessment of the organization, staff, applications, compliance, risk, vulnerability and infrastructure in order to improve the entity’s ability to better serve the healthcare needs of the organization’s clients.
We offer healthcare IT services to augment and refine an organization through auditing and assessment of the organization, staff, applications, compliance, risk, vulnerability and infrastructure in order to improve the entity’s ability to better serve the healthcare needs of the organization’s clients. We understand the key drivers of the healthcare market, and continually create focused, innovative and repeatable solutions.
Human Capital As of the date of this Annual Report, we have 46 full-time employees and 0 part-time employees. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement.
Human Capital As of December 31, 2025, we have 74 employees, of which 66 were full-time employees. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement.
On February 14, 2025, the Business Combination closed, and, as contemplated by the Merger Agreement, Merger Sub merged with and into Cycurion Sub with Cycurion Sub surviving the merger as a wholly-owned subsidiary of Western.
("Western"), Western Acquisition Merger Inc., a Delaware corporation and a wholly-owned subsidiary of Western ("Merger Sub"), and Cycurion Sub, Inc., a Delaware corporation formerly known as Cycurion, Inc. ("Cycurion Sub"). As contemplated by the Merger Agreement, Merger Sub merged with and into Cycurion Sub with Cycurion Sub as surviving the merger as a wholly-owned subsidiary of Western.
This reverse proxy server makes geographic restrictions easy, thus reducing unwanted traffic. ● DDoS Protection . This distributed denial-of-service (“DDOC”) protection mitigates the threat from malicious actors attempting to flood the entry point of an application. ● WAF and API Protection .
This denial-of-service ("DoS") protection mitigates the threat from malicious actors attempting to flood the entry point of an application. • WAF and API Protection .
We achieve this goal by providing Network Communications and Information Technology Security services and solutions that are custom-tailored to your environment, as well as your level of need. We are built on a foundation of experts in Network Communications and Information Technology who possess unrivaled security expertise and experience.
We are committed to surpassing expectations and delivering incomparable value to our clients and partners. We achieve this goal by providing network communications and information technology security services and solutions that are custom-tailored to your environment, as well as your level of need.
Our end-to-end managed cybersecurity solutions include: (i) IT and cybersecurity audit, consulting and advisory services; (ii) Security Operation Center (SOC) Network services; (iii) virtual chief information security officers; and (iv) cyber awareness and threat intelligence training services. We have over 150 years of experience on our management team and have served over 275,000 students.
Higher Education We offer cybersecurity services and solutions for universities and higher education and protect our customers' systems, information and students from cyber threats and attacks. Our end-to-end managed cybersecurity solutions include: (i) IT and cybersecurity audit, consulting and advisory services; (ii) SOC network services; (iii) virtual chief information security officers; and (iv) cyber awareness and threat intelligence training services.
MSS plays a critical role in safeguarding businesses from cyber threats in today’s digital landscape, making them an essential partner for organizations across industries. MSSPs work with clients ranging from small businesses to large enterprises and are often partnered with internet service providers to provide comprehensive security solutions.
MSS plays a critical role in safeguarding businesses from cyber threats in today's digital landscape, making them an essential partner for organizations across industries.
We assess, secure and advise your organization by leveraging our government proven, cutting edge techniques, custom tools and extensively knowledgeable personnel to revolutionize the client’s cybersecurity posture. We are committed to surpassing expectations and delivering incomparable value to our clients and partners.
Our Business We provide innovative custom solutions for our clients by adapting our knowledge base and government-level experience to create dynamic solutions to best serve our client's IT and cybersecurity needs. We assess, secure and advise your organization by leveraging our government proven, cutting edge techniques, custom tools and extensively knowledgeable personnel to revolutionize the client’s cybersecurity posture.
Our team has developed research tools to help improve efficiency and effectiveness in processes such as reverse engineering, code debugging, web app security and visibility into cloud-based tools. Intellectual Property Not applicable. Recent Developments On January 15, 2025, Cycurion issued a $50,000 promissory note to an unaffiliated investor for $50,000 in proceeds.
Our team has developed research tools to help improve efficiency and effectiveness in processes such as reverse engineering, code debugging, web app security and visibility into cloud-based tools. 9 Table of Contents 2025 Developments On April 8, 2025, Cycurion announced an expanded partnership with Journal Technologies.
Managed security services can also help organizations meet compliance requirements and reduce the risk of data breaches, which can be costly in terms of lost data, damaged reputation, and regulatory penalties. Additionally, MSSPs can provide SaaS solutions, allowing businesses to access security tools and services on-demand without having to invest in expensive hardware and software.
Additionally, MSSPs can provide SaaS solutions, allowing businesses to access security tools and services on-demand without having to invest in expensive hardware and software.
Backlog We define backlog as contractually committed orders to be invoiced under our existing agreements that are not included in deferred revenue on our consolidated balance sheets. We expect the amount of backlog to change from period to period due to the timing of billings for our solutions and professional services.
During the years ended December 31, 2025 and 2024, purchases from our four largest end-customers accounted for approximately 64.5% and 63.8% of our total revenue, respectively. Backlog We define backlog as contractually committed orders to be invoiced under our existing agreements that are not included in deferred revenue on our consolidated balance sheets.
At December 31, 2024 and 2023, we had committed backlog of $16 million and $15 million, respectively. We expect the majority of the backlog at December 31, 2024 to be invoiced within the following 12 months. 10 Government Regulation Our business and operations are subject to extensive federal and state governmental regulation and supervision.
We expect the amount of backlog to change from period to period due to the timing of billings for our solutions and professional services. As of December 31, 2025 and 2024, we had committed backlog of approximately $80.0 million and $16.0 million, respectively. Government Regulation Our business and operations are subject to extensive federal and state governmental regulation and supervision.
We encourage an environment where individuality is embraced regardless of age, gender, identity, race, sexual orientation, physical or mental ability, ethnicity and perspective and where each employee is accepted. Research and Development Rapidly changing technologies, evolving industry standards, changing customer requirements, supply constraints and continuing developments in communications service offerings characterize the markets for our products.
Research and Development Rapidly changing technologies, evolving industry standards, changing customer requirements, supply constraints and continuing developments in communications service offerings characterize the markets for our products.
In addition, in connection with the consummation of the Business Combination, Western Acquisition Ventures Corp. was renamed “Cycurion, Inc.” On February 18, 2025, Cycurion’s common stock began trading on The Nasdaq Global Market and warrants began trading on The Nasdaq Capital Market under the symbols “CYCU” and “CYCUW”, respectively.
In addition, in connection with the consummation of the Business Combination, Western was renamed "Cycurion, Inc." Following the closing of the Business Combination, our shares of common stock and warrants commenced trading on The Nasdaq Stock Market LLC ("Nasdaq") under the ticker symbols "CYCU" and "CYCUW," respectively.
We understand the key drivers of the healthcare market, and continually create focused, innovative and repeatable solutions. We provide technology services to improve service delivery with a focus on system integration, process reengineering, cloud/web / mobile development, solutions for coordinated community care and case management applications.
We provide technology services to improve service delivery with a focus on system integration, process reengineering, cloud/web/mobile development, solutions for coordinated community care and case management applications. We have extensive experience providing management consulting from strategic planning, IT assessment, project management, application rationalization, enterprise architecture, organizational change management and training.
We provide roadmaps to successful integration, streamlining the businesses’ operation for maximum effectiveness by developing comprehensive IT solutions to navigate the modern cyber environment.
We provide roadmaps to successful integration, streamlining the businesses’ operation for maximum effectiveness by developing comprehensive IT solutions to navigate the modern cyber environment. We leverage our expertise and experience from our work in the federal environment, custom tailoring these solutions to your business, no matter the size, while focusing on our customers’ business needs and budget.
ITEM 1. BUSINESS General Cycurion, Inc. (collectively with its subsidiaries, the “Company,” “Cycurion,” “we,” “us” or “our”) was originally incorporated as KAE Holdings, Inc., under the laws of the State of Delaware in October 2017, with the purpose of acquiring and holding operating entities in the cybersecurity industry.
We were originally incorporated as KAE Holdings, Inc. under the laws of the State of Delaware in October 2017, with the purpose of acquiring and holding operating entities in the cybersecurity industry. On July 14, 2020, we changed our corporate name from KAE Holdings, Inc. to Cyber Secure Solutions, Inc., and, on February 24, 2021, to Cycurion, Inc.
Cycurion ARx Platform The Cycurion ARx platform is a turnkey web application protection and managed security solution that combines the essential cybersecurity layers in a comprehensive, customizable platform. This platform offers: (i) Geo Gate Protection; (ii) DDoS Protection; (iii) WAF and API Protection; (iv) Endpoint Protection; and (v) Bot Hunter Protection. ● Geo Gate Protection .
We have over 150 years of experience on our management team and have served over 275,000 students. Cycurion ARx Platform The Cycurion ARx platform is a turnkey web application protection and managed security solution that combines the essential cybersecurity layers in a comprehensive, customizable platform.
Subsequent Events.” Corporate Information Our principal executive office is located at 1640 Boro Place, Fourth Floor, McLean, Virginia 22102, and our telephone number is (703) 854-1652. Our website address is www.cycurion.com. Axxum’s website address is www.axxumtech.com. Cloudburst’s website address is www.cloudburstsecurity.com.
The awards include a multi-year engagement with a large healthcare government agency and an expanded relationship with the National Association of County and City Health Officials. 11 Table of Contents Corporate Information Our principal executive office is located at 1640 Boro Place, Suite 420C, McLean, Virginia 22102. Our telephone number is (703) 854-1652 and our website address is www.cycurion.com.
Removed
On July 14, 2020, we changed our corporate name from KAE Holdings, Inc. to Cyber Secure Solutions, Inc., and, on February 24, 2021, to Cycurion, Inc. On February 14, 2025, the date of closing of our de-SPAC transaction, we merged into Western Acquisition Ventures Corp. and changed that company’s name to Cycurion, Inc.
Added
Item 1. Business General Cycurion, Inc. (collectively with its subsidiaries, the "Company," "Cycurion," "we," "us" or "our") is a publicly traded, cybersecurity and artificial intelligence ("AI")-powered IT solutions provider headquartered in McLean, Virginia.
Removed
We have one first-tier wholly-owned subsidiary, Cycurion Sub, Inc.
Added
("Sabres"), a leading Israeli-based cybersecurity provider. In addition, we also integrated SLG Innovation, Inc. ("SLG"), which provides data modernization and technology services to state and local government agencies, expanding our footprint in public-sector IT modernization.
Removed
(“Sabres”), a leading Israeli-based cyber security provider. Our Business We provide innovative custom solutions for our clients by adapting our superior knowledge base and government-level experience to create dynamic solutions to best serve our client’s information technology (“IT”) and cybersecurity needs.
Added
MSSPs work with clients ranging from small businesses to large enterprises and are often partnered with internet service providers to provide comprehensive security solutions. 6 Table of Contents Managed security services can also help organizations meet compliance requirements and reduce the risk of data breaches, which can be costly in terms of lost data, damaged reputation, and regulatory penalties.
Removed
As digitization of operations becomes a necessity in the current environment, we plan to help our customers hire the right personnel and implement proper protocols in a time- and cost-efficient manner. We will take the responsibility from initial analysis to full spectrum implementation of our services, duly optimizing our customers’ organization and digital environment for the future.
Added
Healthcare We understand that healthcare organizations must manage a vast array of rapidly evolving complexities. Our company will lead healthcare organizations through the demands of HIPAA / HITECH security and privacy compliance requirements.
Removed
We leverage our expertise and experience from our work in the federal environment, custom tailoring these solutions to your business, no matter the size, while focusing on our customers’ business needs and budget. 6 Healthcare We understand that healthcare organizations must manage a vast array of rapidly evolving complexities.
Added
This platform offers: (i) Geo Gate Protection; (ii) DoS Protection (defined below); (iii) WAF (defined below) and API (defined below) Protection; (iv) Endpoint Protection; and (v) Bot Hunter Protection. • Geo Gate Protection . This reverse proxy server makes geographic restrictions easy, thus reducing unwanted traffic. • DoS Protection .
Removed
We have extensive experience providing management consulting from strategic planning, IT assessment, project management, application rationalization, enterprise architecture, organizational change management and training. Higher Education We offer cybersecurity services and solutions for universities and high education and protect our customers’ systems, information and students from cyber threats and attacks.
Added
On April 29, 2025, Cycurion issued a press release announcing that the Company has been awarded a $6 million contract by a major municipal agency.
Removed
Key Performance Indicators 2024 Margin 2023 Margin Gross Profit ($) 3,634,743 20.5 % 2,643,060 13.7 % Operating Income ($) 2,416,113 13.6 % 326,411 1.7 % Net Income/(Loss) ($) 1,229,601 6.9 % (2,097,013 ) (10.8 )% Total Total Number of Customers 41 38 Our Subsidiaries Cycurion Sub, Inc.
Added
From April 1 to May 30, 2025, otherwise unaffiliated persons converted 2,999.3 shares of the Company's Series B Preferred Stock into 200,000 shares of the Company’s common stock and 5,000 shares of the Company’s Series D Preferred Stock into 5,000 shares of the Company's common stock.
Removed
Our operating subsidiaries are wholly owned by Cycurion Sub., Inc., a Delaware corporation that, until the closing date of the de-SPAC, was known as “Cycurion, Inc.” We continue to conduct our business through the three below-described entities, which are now indirectly wholly-owned second-tier subsidiaries by virtue of the recent closing of the de-SPAC transaction.
Added
On July 2, 2025,the Company issued a press release announcing that the Company had partnered with AgileBlue, an AI-powered security operations platform provider. On July 10, 2025,the Company issued a press release announcing its diamond level partnership with the National Association of County and City Officials ("NACCHO").
Removed
Axxum Technologies LLC Organized in the Commonwealth of Virginia on December 29, 2006, Axxum is a cybersecurity provider with successful assignments within the multiple sub-agencies of the Department of Homeland Security. We acquired Axxum in November 2017.
Added
On July 23, 2025,the Company issued a press release announcing its attendance at the NACCHO Annual Conference as a Diamond Affiliate Partner, showcasing its Cyber Shield solution. On August 7, 2025,the Company issued a press release announcing that it had entered into a memorandum of understanding with iQSTEL Inc. ("iQSTEL") for a stock-for-stock exchange.
Removed
Following our acquisition, we continued Axxum’s core operations of providing contractor services to its existing federal government customer base, while leveraging our existing processes and tools to expand its commercial footprint. Axxum has the specialized skills and experience to provide a strategy and tactics to help organizations defend against cyber-attacks and implement a secure network infrastructure.
Added
On September 2, 2025,the Company entered into a stock-for-stock exchange agreement (the "Stock-for-Stock Exchange Agreement") with iQSTEL. Under the terms of the agreement, Cycurion and iQSTEL will issue $1,000,000 worth of its common stock to the other company, with the number of shares being calculated by dividing $1,000,000 by the applicable per-share price of the issuing company's common stock.
Removed
Our team has extensive experience implementing cybersecurity solutions against internal and external threats to the health of our clients’ networks.
Added
On September 26, 2025,the Company entered into an amendment to the Stock-for-Stock Exchange Agreement with iQSTEL to, among other things, (i) allow each party, at its sole discretion, to satisfy the $500,000 dividend obligation to its shareholders by distributing either (a) up to 50% of the shares received from the other party (i.e., up to 75,529 shares of iQSTEL common stock for Cycurion, based on 151,058 shares issued to Cycurion, and up to 1,933,488 shares of Cycurion Common Stock for iQSTEL, based on 3,866,976 shares issued to iQSTEL), or (b) an equivalent value of its own authorized common stock, calculated using the valuation methodology set forth in the Stock-for-Stock Exchange Agreement; and (ii) extend the timeline for the issuance and delivery of shares from 30 business days to 60 business days following the effective date of the Stock-for-Stock Exchange Agreement (September 2, 2025) and establish a firm deadline of December 15, 2025 to complete all necessary regulatory filings (e.g., SEC filings, FINRA submissions, and Nasdaq notifications) to facilitate the dividend distribution by December 31, 2025.
Removed
Axxum’s information security focus produces several key benefits: ● Agile Client Focus : Axxum’s projects are overseen directly by its program managers, all of whom have information security backgrounds and are fully authorized to promptly implement client requirements throughout the performance life cycle. ● Streamlined and Process Focused : Axxum’s streamlined infrastructure leverages ISO quality standards integrated with emerging and established technologies, allowing it to engineer innovative solutions without building in excessive overhead. ● Outstanding Personnel : Axxum has a reputation of employing cybersecurity experts. 7 Cloudburst Security LLC Organized in the Commonwealth of Virginia on January 12, 2007, Cloudburst specializes in providing a full spectrum of high-quality, innovative cybersecurity services to both government and commercial organizations, such as banking and financial; education and schools; energy; critical infrastructure and supervisory control and data acquisition; healthcare; and manufacturing.
Added
On November 25, 2025, the Company and iQSTEL announced that each company plans to distribute $500,000 worth of its own shares as a one-time, pro-rata dividend to its own respective shareholders and security holders, while preserving the full $1,000,000 in cross-ownership shares.
Removed
Cloudburst’s mission is to help our clients — of all sizes and mission types — protect their integral data and information assets, so that they can focus on their core competencies. We focus on providing tailored solutions that leverage the industry’s best minds and technologies to predict, protect, detect, respond, and sustain our clients from the latest evolving cyber threats.
Added
On December 5, 2025, the Company announced that it plans to distribute a special dividend valued at $500,000 in the form of its shares of Common Stock shares to all of its shareholders of record as of December 15, 2025 on a pro-rata basis. The dividend is payable on or about December 30, 2025.
Removed
We acquired Cloudburst in April 2019. Cycurion Innovation, Inc. Our Cycurion Security Platform’s line of products allows our customers to improve their cyber posture with its Multi-Dimensional Protection (“MDP”) SaaS platform. This platform efficiently bundles and easily implements the external protection of a Web Application Firewall (WAF) and the internal protection of Bot Mitigation.
Added
On December 11, 2025, the Company announced an updated dividend distribution ratio of 0.0180 per share of Common Stock to its shareholders and security holders. On August 20, 2025,the Company issued a press release providing additional information regarding its then current $69 million backlog.
Removed
Bot Mitigation is the reduction of risk to applications, Application Program Interfaces (APIs), and backend services from malicious bot traffic that fuels common automated attacks, such as Distributed Denial of Service (DDoS) campaigns and vulnerability probing.
Added
On August 28, 2025,the Company's board of directors amended and restated the Amended and Restated Bylaws, effective immediately, to conform them to the provisions in the Second Amended and Restated Certificate of Incorporation and certain provisions of the Delaware General Corporation Law with respect to the election of directors.
Removed
The costs of single-layer security can be measured in terms of money, time, and risk, as well as the damage wrought by a data breach, which millions of businesses experience each year.
Added
On September 10, 2025,the Company issued a press release announcing an additional $4.6 million in new contracts to be earned over the next year, building on the previously announced $69 million in contracts for a then current total of $73.6 million in AI-powered growth across multiple sectors.The Company announced several key initiatives beginning in September 2025 driving the expanded growth including delivering AI-powered IT and cybersecurity assessment services for a major county government. 10 Table of Contents On September 25, 2025,the Company's board of directors waived the Series A Convertible Preferred Stock lock-up restrictions.
Removed
Through this interaction of the WAF and Bot Mitigation, the MDP is able to reinforce these layers of security and generate new security layers in real time in response to emerging threats. This process is directed by our Cycurion Security Platform’s proprietary, cloud-based artificial intelligence (“AI”) algorithm.
Added
The holders of the Company's Series A Convertible Preferred Stock (and the underlying securities for which the holders have conversion rights) were previously subject to a one-year lock-up of their securities that commenced on the closing of the Business Combination with Western on February 14, 2025, subject to release from the lock-up after six months from the closing if, thereafter, the daily trading value of shares of the Company's common stock is greater than $150,000 for 30 consecutive trading days and the 30-day VWAP for shares of the Company's common stock is greater than $5.00.
Removed
Crucially, the AI underpinning the MDP platform is constantly evolving to counter new threats. Through a crowdsourcing process, the cloud-based MDP learns from every threat to any protected application and uses that newly acquired knowledge to protect all MDP clients better. Our Subcontractor Relationship SLG Innovation, Inc.
Added
As the Company's common stock does not meet the conditions set forth above to release the holders of the Series A Convertible Preferred Stock from the lock-up restrictions after six months from the closing of the Business Combination,the Company's board of directors deemed it in the best interests to waive such lock-up restrictions as the Series A Convertible Preferred Stock accrues approximately $120,000 per year in stock or cash payments.
Removed
We are currently a subcontractor for several keystone contracts held by SLG Innovation, Inc. (“SLG”). The SLG team has an average of over 25 years of experience in the development, planning, implementation, and management of information systems. SLG’s leadership team offers years of combined success in answering the needs of government agencies and healthcare organizations across the country.
Added
If the holders of the Series A Convertible Preferred Stock convert such preferred stock into common stock,the Company could save approximately $120,000 in costs on its income statement, which is part of its strategic recapitalization to strengthen its balance sheet and support growth initiatives.
Removed
The SLG team has worked nationally, as it has served over 25 Department of Health and Human Services agencies, all 50 state governments and over 250 local governments. Since SLG’s inception, it has primarily focused on customers in the middle of the country.
Added
On October 29, 2025,the Company announced its selection as an approved vendor under the Florida State Term Contract for Information Technology Staff Augmentation Services. On October 30, 2025,the Company announced a comprehensive three-part webinar series with NACCHO designed to empower healthcare organizations with critical threat intelligence and defensive strategies.
… 80 more changes not shown on this page.
Item 1A. Risk Factors
Risk Factors — what could go wrong, per management
71 edited+107 added−202 removed7 unchanged
Item 1A. Risk Factors
Risk Factors — what could go wrong, per management
71 edited+107 added−202 removed7 unchanged
2024 filing
2025 filing
Biggest changeAs of December 31, 2024, Cycurion had approximately $20.2 million of indebtedness and other liabilities outstanding. ● It will need to use a substantial portion of available cash flow to pay interest and principal on existing debt, which will reduce the amount of money available to finance its operations and other business activities; ● its debt level increases its vulnerability to general economic downturns and adverse industry conditions; ● its debt level could limit its flexibility in planning for, or reacting to, changes in its business and in its industry in general; ● its leverage could place Cycurion at a competitive disadvantage compared to its competitors that have less debt; and ● its failure to comply with the financial and other restrictive covenants in our debt instruments which, among other things, may require us to maintain specified financial ratios and will limit its ability to incur debt and sell assets, could result in an event of default that, if not cured or waived, could have a material adverse effect on its business or prospects.
Biggest changeOur debt level increases our vulnerability to general economic downturns and adverse industry conditions, could limit our flexibility in planning for or reacting to changes in our business, could place us at a competitive disadvantage compared to our competitors that have less debt, and our failure to comply with financial and other restrictive covenants in our debt instruments could result in an event of default that, if not cured or waived, could have a material adverse effect on our business or prospects.
This is often referred to as a “short squeeze.” With the recent substantial increase in volume of our shares being traded and trading price, the proportion of our common stock that may be traded in the future by short sellers may increase the likelihood that our common stock will be the target of a short squeeze.
This is often referred to as a "short squeeze." With the recent substantial increase in volume of our shares being traded and trading price, the proportion of our common stock that may be traded in the future by short sellers may increase the likelihood that our common stock will be the target of a short squeeze.
If it is unable to continue as a going concern, it may have to liquidate its assets and may receive less than the value at which those assets are carried on its financial statements; accordingly, it is likely that stockholders will lose all or a part of their investment.
If we are unable to continue as a going concern, we may have to liquidate our assets and may receive less than the value at which those assets are carried on our financial statements; accordingly, it is likely that stockholders will lose all or a part of their investment.
Upon liquidation, holders of our debt securities and shares of preferred stock and lenders with respect to other borrowings will receive distributions of our available assets prior to the holders of our common stock.
Upon liquidation, holders of our debt securities and shares of preferred stock and lenders with respect to other borrowings would receive distributions of our available assets prior to the holders of our common stock.
Without additional financing, these conditions raise substantial doubt about Cycurion’s ability to continue as a going concern, meaning that it may be unable to continue operations for the foreseeable future or realize assets and discharge liabilities in the ordinary course of operations.
Without additional financing, these conditions raise substantial doubt about our ability to continue as a going concern, meaning that we may be unable to continue operations for the foreseeable future or realize assets and discharge liabilities in the ordinary course of operations.
If Cycurion seeks additional financing to fund its business and potential acquisition activities in the future and there remains doubt about its ability to continue as a going concern, investors or other financing sources may be unwilling to provide additional funding on commercially reasonable terms or at all.
If we seek additional financing to fund our business and potential acquisition activities in the future and there remains doubt about our ability to continue as a going concern, investors or other financing sources may be unwilling to provide additional funding on commercially reasonable terms or at all.
Since our decision to issue securities in any future offering will depend on market conditions and other factors beyond our control, we cannot predict or estimate the amount, timing or nature of our future offerings. Thus, our stockholders bear the risk of our future offerings reducing the market price of our common stock.
Since our decision to issue securities in any future offering will depend on market conditions and other factors beyond our control, we cannot predict the amount, timing or nature of our future offerings, and our stockholders bear the risk that future offerings may reduce the market price of our common stock.
Most members of the Company’s management team have limited experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws, rules and regulations that govern public companies.
Our historical management team members have limited experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws, rules and regulations that govern public companies.
A “short squeeze” due to a sudden increase in demand for shares of our common stock that largely exceeds supply and/or focused investor trading in anticipation of a potential short squeeze have led to, may be currently leading to, and could again lead to, extreme price volatility in shares of our common stock.
A "short squeeze" due to a sudden increase in demand for shares of our common stock that largely exceeds supply and/or focused investor trading in anticipation of a potential short squeeze have led to, and may lead to, extreme price volatility in the price of our common stock.
In addition, any preferred stock we may issue could have a preference on liquidating distributions or a preference on distribution payments that could limit our ability to make a distribution to the holders of our common stock.
Any preferred stock we may issue could have a preference on liquidating distributions or distribution payments that could limit our ability to make distributions to common stockholders.
As a public company, Cycurion will incur significant costs related to legal, accounting, listing, hiring of external consultants and advisors, and other expenses.
We incur significant costs related to legal, accounting, listing, hiring of external consultants and advisors, and other expenses of being a public company.
If Cycurion is unable to obtain sufficient funding, its business, prospects, financial condition, and results of operations will be materially and adversely affected, and it may be unable to continue as a going concern.
If we are unable to obtain sufficient funding, our business, prospects, financial condition, and results of operations will be materially and adversely affected, and we may be unable to continue as a going concern.
If we fail to maintain proper and effective internal control over financial reporting in the future, our ability to produce accurate and timely financial statements could be impaired, which could harm our operating results, investors’ views of us, and, as a result, the value of our common stock.
Risks Related to Legal, Regulatory, and Compliance Matters If we fail to maintain proper and effective internal control over financial reporting, our ability to produce accurate and timely financial statements could be impaired, which could harm our operating results, investors' views of us, and the value of our common stock.
In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. Stockholder activism, which could take many forms or arise in a variety of situations, has been increasing recently.
In the past, plaintiffs have often initiated securities class action litigation against a company following periods of volatility in the market price of its securities. Stockholder activism, which could take many forms or arise in a variety of situations, has been increasing recently. We may in the future be the target of similar litigation or activism.
We cannot predict if investors will find our common stock less attractive because we may rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.
Investors may find our common stock less attractive because we rely on these exemptions, which may result in a less active trading market and more volatile stock price.
If there are significant changes to the terms and conditions of our license agreements, or if we are unable to renew these license agreements, we may be required to make changes to our vendors or information technology systems.
If there are significant changes to the terms and conditions of our license agreements, or if we are unable to renew these license agreements, we may be required to make changes to our vendors or information technology systems that could impact the solutions and services we provide to our clients or the processes we have in place to support our operations.
Nasdaq may delist our securities from trading on its exchange. Our common stock is listed on The Nasdaq Global Market and our warrants are listed on The Nasdaq Capital Market.
Our common stock is listed on The Nasdaq Global Market and our warrants are listed on The Nasdaq Capital Market.
We will require substantial additional funding in the future, which may not be available to us on acceptable terms, or at all, and, if not so available, may require us to delay, limit, reduce, or cease our operations. Our operations have consumed substantial amounts of cash since our inception.
Despite the existing level of indebtedness, we and our subsidiaries may incur additional indebtedness, which could further exacerbate these risks. We will require substantial additional funding in the future, which may not be available to us on acceptable terms, or at all, and, if not so available, may require us to delay, limit, reduce, or cease our operations.
When and if we are a “large accelerated filer” or an “accelerated filer” and are no longer an “emerging growth company” or “smaller reporting company,” each as defined in the Exchange Act, our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting.
When and if we are a "large accelerated filer" or an "accelerated filer" and are no longer an "emerging growth company" or "smaller reporting company," our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting.
As a public company, the Company is subject to significant obligations relating to reporting, procedures and internal controls, and its management team may not successfully or efficiently manage such obligations.
As a public company, we are subject to significant obligations relating to reporting, procedures and internal controls, and our management team may not successfully or efficiently manage such obligations, which could divert attention from the day-to-day management of our business.
On April 9, 2025, Cycurion received written notice received from the Listing Qualifications Department of Nasdaq stating that, for the prior 30 consecutive business days, the closing bid price of our common stock had been below the minimum of $1.00 per share required for continued listing on The Nasdaq Capital Market under Nasdaq Listing Rule 5550(a)(2).
As previously announced in a Current Report filed with the SEC, on April 15, 2025, the Staff notified us on April 9, 2025 that, for the prior 30 consecutive business days, the closing bid price of our common stock had been below the minimum of $1.00 per share required for continued listing on The Nasdaq Global Market under Nasdaq Listing Rule 5550(a)(2) ("Bid Price Rule").
Pursuant to Section 404 of the Sarbanes-Oxley Act, our management will be required to report upon the effectiveness of our internal control over financial reporting beginning with the annual report for our fiscal year ending December 31, 2024.
Pursuant to Section 404 of the Sarbanes-Oxley Act, our management is required to report upon the effectiveness of our internal control over financial reporting.
Further, we have invested and will continue to invest significant time, money, and resources to establish and maintain relationships with our strategic partners, but we have no assurance that any particular relationship will continue for any specific period of time, result in new offerings that we can effectively commercialize, or result in enhancements to our existing offerings.
Strategic partnerships require significant coordination, and we have invested and will continue to invest significant time, money, and resources to establish and maintain these relationships. There is no assurance that any particular relationship will continue, result in new offerings that we can effectively commercialize, or generate meaningful revenue.
These additional requirements may discourage broker-dealers from effecting transactions in securities that are classified as penny stocks, which could severely limit the market price and liquidity of such securities and the ability of purchasers to sell such securities in the secondary market.
These additional requirements may discourage broker-dealers from effecting transactions in our securities, which could severely limit the market price and liquidity of our common stock.
We currently maintain general liability, property, workers’ compensation, clinical study, products liability and directors’ and officers’ insurance, along with an umbrella policy. We may not be able to maintain existing insurance at current or adequate levels of coverage. Any significant uninsured liability may require us to pay substantial amounts, which would adversely affect our cash position and results of operations.
We carry insurance for most categories of risk that our business may encounter; however, we may not have adequate levels of coverage. We may not be able to maintain existing insurance at current or adequate levels of coverage. Any significant uninsured liability may require us to pay substantial amounts, which would adversely affect our cash position and results of operations.
In the future, we may attempt to increase our capital resources by making additional offerings of debt or preferred equity securities, including convertible or non-convertible senior or subordinated notes, convertible or non-convertible preferred stock, medium-term notes and trust preferred securities.
Future offerings of debt or preferred equity securities could adversely affect the market price of our common stock. In the future, we may attempt to increase our capital resources by making additional offerings of debt or preferred equity securities.
Following an acquisition, we may be subject to unforeseen liabilities arising from an acquired company’s past or present operations and these liabilities may be greater than the warranty and indemnity limitations that we negotiate. Any unforeseen liability that is greater than these warranty and indemnity limitations could have a negative impact on our financial condition.
Following an acquisition, we may be subject to unforeseen liabilities arising from the acquired company’s past or present operations that may exceed negotiated warranty and indemnity limitations.
However, for so long as we remain an emerging growth company or smaller reporting company, we intend to take advantage of an exemption available to emerging growth companies and smaller reporting companies from these auditor attestation requirements.
However, for so long as we remain an emerging growth company or smaller reporting company, we intend to take advantage of an exemption from these auditor attestation requirements. The rules governing management’s assessment of internal control over financial reporting are complex and require significant expenses, documentation, testing, and possible remediation.
We intend to grow our client base significantly through acquisitions of other service providers. If we fail to retain existing clients and attract new clients through acquisitions, we may never achieve profitability. Through acquisition of other service providers, we will inherit an increasingly larger client base, which creates cross-selling and up-selling opportunities.
Through acquisition of other service providers, we will also inherit an increasingly larger client base, which creates cross-selling and up-selling opportunities but also requires high-quality service and exemplary client management to retain and grow that base. If our marketing and integration efforts do not materialize, we may lose existing clients or fail to obtain new clients.
If we or, if required, our auditors are unable to conclude that our internal control over financial reporting is effective, investors may lose confidence in our financial reporting, and the trading price of our common stock may decline. 18 We are an emerging growth company, and the reduced reporting requirements applicable to emerging growth companies may make our common stock less attractive to investors.
If we or, if required, our auditors are unable to conclude that our internal control over financial reporting is effective, investors may lose confidence in our financial reporting, the trading price of our common stock may decline, and our ability to obtain additional financing, especially on favorable terms, could be adversely affected.
Revenue streams may be volatile due to the uncertainty in identifying attractive acquisition candidates and our ability to consummate new acquisitions. Unexpected expenses may be incurred during due diligence and post-acquisition.
In addition, our acquisition strategy may impose additional risks to the predictability of our operating results, as revenue streams may be volatile due to the uncertainty in identifying attractive acquisition candidates and our ability to consummate new acquisitions.
Together, these provisions may make more difficult the removal of management and may discourage transactions that otherwise could involve payment of a premium over prevailing market prices for our securities.
Together, these provisions may make more difficult the removal of management and may discourage transactions that otherwise could involve payment of a premium over prevailing market prices. These provisions include no cumulative voting in the election of directors, the right of our board of directors (the "Board") to fill vacancies, and a prohibition on stockholder action by written consent.
We may issue additional shares of Cycurion common stock or other equity securities of equal or senior rank in the future in connection with, among other things, future acquisitions, repayment of outstanding indebtedness or under the Equity Incentive Plan, without stockholder approval, in a number of circumstances.
If we raise additional funds by selling shares of our common stock or other equity-linked securities, the ownership interest of our current stockholders will be diluted. We may issue additional shares of Cycurion common stock or other equity securities without stockholder approval in connection with future acquisitions, repayment of outstanding indebtedness, or under the 2025 Equity Incentive Plan.
Our revenue and operating results may fluctuate if our sales targets are not met, new service offerings receive poor client response, or client acquisition costs increase due to competition. In addition to these factors, our acquisition strategy may impose additional risks to the predictability of our operating results.
Our operating results are dependent on a variety of factors, including purchasing patterns of our clients, competitive pricing, debt servicing, and general economic trends. Our revenue and operating results may fluctuate if our sales targets are not met, new service offerings receive poor client response, or client acquisition costs increase due to competition.
See the section titled “Registration Rights.” Such future sales of our shares of common stock by our existing stockholders, pursuant to and in accordance with the provisions of any registration statement, may have a depressive effect on the market price of our shares of common stock.
We have granted a number of our stockholders registration rights with respect to their shares of common stock. Such future sales by our existing stockholders pursuant to any registration statement, as well as sales by stockholders eligible to sell under Rule 144 under the Securities Act, may have a depressive effect on the market price of our shares.
Our charter provides that the Court of Chancery of the State of Delaware and the federal district courts of the United States of America will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.
Our charter also provides that the Court of Chancery of the State of Delaware will be the exclusive forum for substantially all disputes between us and our stockholders (subject to limited exceptions), and that the federal district courts of the United States will be the sole forum for Securities Act claims.
In addition, servicing the interest and principal repayment obligations under debt facilities could divert funds that would otherwise be available to support development of new programs and marketing to current and potential new clients.
If we raise additional funds through debt financing, we may have to grant a security interest on our assets, and servicing the interest and principal repayment obligations could divert funds that would otherwise be available to support development of new programs and marketing.
We cannot ensure that our professional services and solutions, or the third-party solutions that we offer to our clients, do not infringe on the intellectual property rights of third parties and, in the future, we may have infringement claims asserted against us or against our clients.
We cannot ensure that our professional services and solutions, or the third-party solutions that we offer to our clients, do not infringe on the intellectual property rights of third parties. Infringement claims, even if without merit, can be time-consuming and costly to defend, injure our reputation, and divert management’s attention and resources away from our business.
As such, Cycurion will be eligible for and intends to take advantage of certain exemptions from various reporting requirements applicable to other public companies that are not emerging growth companies for as long as it continues to be an emerging growth company, including (a) the exemption from the auditor attestation requirements with respect to internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act, (b) the exemptions from say-on-pay, say-on-frequency, and say-on-golden parachute voting requirements, and (c) reduced disclosure obligations regarding executive compensation in its periodic reports and proxy statements.
We qualify as an "emerging growth company" as defined in the Securities Act, as modified by the JOBS Act, and are eligible to take advantage of certain exemptions from various reporting requirements, including the auditor attestation requirements under Section 404(b) of the Sarbanes-Oxley Act, say-on-pay voting requirements, and reduced executive compensation disclosure obligations.
We cannot be sure that additional financing from any of these sources will be available when needed or that, if available, the additional financing will be obtained on favorable terms. If we raise additional funds by selling shares of our common stock or other equity-linked securities, the ownership interest of our current stockholders will be diluted.
We may seek to fund our operations through the sale of additional equity securities, debt financing, and/or strategic collaboration agreements. We cannot be sure that additional financing from any of these sources will be available when needed or that, if available, it will be obtained on favorable terms.
In addition, we may only be able to conduct limited due diligence on an acquired company’s operations or may discover that the products or technology acquired were not as capable as we thought based upon the initial or limited due diligence.
The environment for acquisitions in our industry is very competitive and acquisition candidate purchase prices will likely exceed what we would prefer to pay. We may only be able to conduct limited due diligence on an acquired company’s operations or may discover that products or technology acquired were not as capable as we initially assessed.
The loss of the services of our senior management, particularly Emmit McHenry, or other key employees for any reason could significantly delay or prevent the achievement of our development and strategic objectives and harm our business, financial condition, and results of operations.
The loss of the services of our senior management or other key employees for any reason could significantly delay or prevent the achievement of our development and strategic objectives. If any of our executive officers joins a competitor or forms a competing company, we may lose some or all of our customers.
A significant number of our currently issued and outstanding shares of common stock held by existing stockholders, including officers and directors and other principal stockholders are currently eligible for resale pursuant to and in accordance with the provisions of Rule 144.
A significant number of our currently outstanding shares held by existing stockholders, including officers, directors, and principal stockholders, are currently or will become eligible for resale, and the possible sale of these shares could further depress the price of our shares in the applicable trading marketplace.
Any business acquisition creates risks such as, among others: (i) the need to integrate and manage the businesses acquired with our own business; (ii) additional demands on our resources, systems, procedures, and controls; (iii) disruption of our ongoing business; and (iv) diversion of management’s attention from other business concerns.
We have completed the acquisition of certain complementary businesses, and we intend to consider additional potential strategic transactions that expand, complement, or otherwise relate to our business. Any business acquisition creates risks such as the need to integrate and manage the acquired business, additional demands on our resources and controls, disruption of our ongoing business, and diversion of management’s attention.
This could also make it more difficult for Cycurion to attract and retain qualified people to serve on its board of directors, its board committees or as executive officers.
Additionally, operating as a public company makes it more expensive to obtain director and officer liability insurance, which could also make it more difficult to attract and retain qualified people to serve on our Board or as executive officers.
If Cycurion is unable to raise capital when needed or on acceptable terms, it could be forced to delay, reduce, or eliminate certain products or professional service offerings or future marketing efforts, or reduce or discontinue its operations.
If we are unable to raise capital when needed or on acceptable terms, we could be forced to delay, reduce, or eliminate certain service offerings or future marketing efforts, or reduce or discontinue our operations. 15 Table of Contents Our allocation of capital to cryptocurrency investments involves speculative risk and may not align with the expectations of our shareholders or clients .
Cycurion will qualify as an “emerging growth company” within the meaning of the Securities Act, and if it takes advantage of certain exemptions from disclosure requirements available to emerging growth companies, it could make Cycurion’s securities less attractive to investors and may make it more difficult to compare Cycurion’s performance to the performance of other public companies.
We qualify as an "emerging growth company" and a "smaller reporting company," and if we take advantage of certain exemptions from disclosure requirements, it could make our securities less attractive to investors.
Although Cycurion was nominally profitable during the 2024 fiscal year, there is no assurance that it will not continue to generate operating losses and consume significant cash resources for the foreseeable future.
In addition, we have had net cash outflows from operating activities, all of which raise substantial doubt about our ability to continue as a going concern. Although we were nominally profitable during certain recent fiscal years, there is no assurance that we will not continue to generate operating losses and consume significant cash resources for the foreseeable future.
Further, higher interest rates would likely increase our borrowing costs and potentially decrease the cash available. Thus, higher market interest rates could cause the market price of our common stock to decline. 21 If securities or industry analysts do not publish research or reports about the Company, or publish negative reports, the Company’s share price and trading volume could decline.
If securities or industry analysts do not publish research or reports about us, or publish negative reports, our share price and trading volume could decline. The trading market for our common stock depends in part on the research reports and opinions published by securities or industry analysts.
These rules require additional disclosure by broker-dealers in connection with any trades involving a stock defined as a “penny stock” and impose various sales practice requirements on broker-dealers who sell penny stocks to persons other than established customers and accredited investors, generally institutions.
If our common stock were to be delisted from Nasdaq and become quoted on the over-the-counter market, and if the trading price were below $5.00 per share at the time of delisting, trading in our common stock would be subject to certain rules promulgated under the Exchange Act that require additional disclosure by broker-dealers in connection with trades involving “penny stocks” and impose various sales practice requirements on broker-dealers who sell penny stocks to persons other than established customers and accredited investors.
If the Company faces such litigation, it could result in substantial costs and a diversion of management’s attention and resources, which could harm its business.
Securities litigation could result in substantial costs and liabilities and could divert management's attention and resources regardless of the outcome.
Additionally, we cannot be certain that our insurance coverage will be adequate for data security liabilities actually incurred, will cover any indemnification claims against us relating to any incident, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim.
If we fail to update our solutions in a timely or effective manner to respond to these threats, our customers could experience security breaches. We cannot be certain that our insurance coverage will be adequate for data security liabilities actually incurred, or that insurance will continue to be available on economically reasonable terms.
A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our products may harm our business and operating results. 14 Many federal, state, and foreign governments have enacted laws requiring companies to notify individuals of data security breaches involving their personal data.
Many federal, state, and foreign governments have enacted laws requiring companies to notify individuals of data security breaches involving their personal data, and any association of us with such breaches may cause our customers to lose confidence in the effectiveness of our security solutions.
Potential future sales pursuant to registration rights granted by the Company and under Rule 144 may depress the market price for our shares of common stock. The Company has granted a number of its stockholders’ registration rights with respect to their shares of common stock.
Additionally, such securities litigation and stockholder activism could adversely affect our relationships with service providers and make it more difficult to attract and retain qualified personnel. 18 Table of Contents Potential future sales pursuant to registration rights and under Rule 144 may depress the market price for our shares of common stock.
An emerging growth company can therefore delay the adoption of certain accounting standards until those standards would otherwise apply to private companies. We have elected not to opt out of such extended transition period and, therefore, Cycurion may not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.
Even after we no longer qualify as an emerging growth company, we may still qualify as a "smaller reporting company," which would allow many of the same exemptions. We have elected not to opt out of the extended transition period for complying with new or revised accounting standards.
Accusations against us by third parties of infringement or other violations of their intellectual property rights, regardless of the accuracy of these assertions, could result in significant costs and harm our business and operating results.
At the state and local level, procurement reforms, vendor consolidation initiatives, and changes to cooperative purchasing arrangements could similarly affect our contract pipeline. Accusations of intellectual property infringement by third parties, regardless of accuracy, could result in significant costs and harm our business.
Investors may find our common stock less attractive because Cycurion will rely on these exemptions, which may result in a less active trading market for our common stock and its price may be more volatile. Our common stock price may be volatile and as a result you could lose all or part of your investment.
Our common stock price may be volatile and as a result you could lose all or part of your investment. Since our common stock began trading on Nasdaq following our de-SPAC transaction with Western, our stock price has experienced substantial volatility and significant decline.
Despite the existing level of indebtedness, Cycurion and its subsidiaries may incur additional indebtedness, which could further exacerbate the risks described above. Cycurion’s recurring losses, net working capital, and accumulated deficit resulting from substantial operating losses have raised substantial doubt regarding its ability to continue as a going concern.
Risks Related to Our Financial Condition and Capital Structure Our recurring losses, net working capital deficit, and accumulated deficit have raised substantial doubt regarding our ability to continue as a going concern. We have had a net working capital deficit and an accumulated deficit resulting from net income incurred during certain periods and from substantial losses during prior periods.
Our ability to raise additional funds may be adversely impacted by potential worsening global economic conditions and the recent disruptions to, and volatility in, the credit and financial markets in the U.S. As we require additional funds, we may seek to fund our operations through the sale of additional equity securities, debt financing, and/or strategic collaboration agreements.
Our operations have consumed substantial amounts of cash since our inception. Our business will require substantial additional capital for implementation of our long-term business plan and development of cybersecurity technology. Our ability to raise additional funds may be adversely impacted by potential worsening global economic conditions and disruptions to the credit and financial markets.
The market price of the Company’s shares of common stock is likely to be highly volatile and may be subject to wide fluctuations in response to a variety of factors, including the following: ● the inability to obtain or maintain the listing of the Company’s shares of common stock on Nasdaq; ● the inability to recognize the anticipated benefits of the recently closed de-SPAC transaction, which may be affected by, among other things, competition, Cycurion’s ability to grow and manage growth profitably, and retain its key employees; ● changes in applicable laws or regulations; ● risks relating to the uncertainty of Cycurion’s projected financial information; and In addition, the equity markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies.
Our stock price may continue to fluctuate significantly in response to a variety of factors, many of which are beyond our control, including: the inability to maintain the listing of our securities on Nasdaq; the inability to recognize the anticipated benefits of the de-SPAC transaction; decline in demand for, or the sale of a substantial number of, our shares of common stock; risks relating to the uncertainty of our projected financial information and downward revisions in analysts' estimates; technological innovations by competitors; changes in applicable laws or regulations; general economic trends; and broad market and industry factors unrelated or disproportionate to our operating performance.
Cycurion’s business and operations could be negatively affected if it becomes subject to any securities litigation or stockholder activism, which could cause Cycurion to incur significant expense, hinder execution of business and growth strategy and impact its stock price.
The thin trading volume in our shares may exacerbate price volatility and limit investors' ability to buy or sell shares at desired prices. Volatility in the price of our common stock may subject us to securities litigation, which could cause us to incur significant expense, hinder execution of business and growth strategy and impact our stock price.
The trading market for the Company’s shares of common stock will depend, in part, on the research and reports that securities or industry analysts publish about the Company. The Company does not have any control over these analysts.
We do not have any control over whether analysts initiate, maintain, or discontinue coverage of our Company, nor over the content of any reports they publish. If analysts do not publish research about us, the market price and trading volume of our common stock could decline.
For example, it will be subject to the reporting requirements of the Exchange Act and will be required to comply with the applicable requirements of the Sarbanes-Oxley Act and the Dodd-Frank Wall Street Reform and Consumer Protection Act, as well as rules and regulations subsequently implemented by the SEC and Nasdaq, including the establishment and maintenance of effective disclosure and financial controls, changes in corporate governance practices and required filing of annual, quarterly and current reports with respect to its business and results of operations.
We are subject to the reporting requirements of the Exchange Act and must comply with the applicable requirements of the Sarbanes-Oxley Act, the Dodd-Frank Act, and SEC and Nasdaq rules, including the establishment and maintenance of effective disclosure and financial controls. We expect that compliance with these requirements will continue to increase our legal and financial compliance costs.
ITEM 1A. RISK FACTORS You should carefully consider the risks described below with respect to an investment in our shares. If any of the following risks actually occur, our business, financial condition, operating results or cash provided by operations could be materially harmed.
If any of the following risks actually occur, our business, financial condition, results of operations and prospects could be materially and adversely affected, in which case the trading price of our common stock could decline and you could lose all or part of your investment.
There is no guarantee that our products or professional services will detect all vulnerabilities, especially in light of the rapidly changing security landscape to which we must respond. Additionally, our products may falsely detect vulnerabilities or threats that do not actually exist. Our products may also contain undetected errors or defects.
Additionally, our products may contain undetected errors or defects, may falsely detect vulnerabilities or threats that do not actually exist, or may fail to detect vulnerabilities in our customers’ infrastructure, including due to the constantly evolving techniques used by attackers to access or sabotage data.
We believe that one of the elements of our success is our position as a prime contractor under GSA Schedule contracts and other IDIQ contracts, and we believe this position is important to our ability to sell our services to Federal government clients.
We believe our position as a prime contractor under GSA Schedule contracts and other IDIQ contracts is important to our ability to sell our services, but these vehicles require us to compete for each individual task order rather than having a predictable stream of activity. As a result, our contracted backlog may not be a reliable indicator of future revenue.
The notification letter stated that we would be afforded 180 calendar days (until October 6, 2025) to regain compliance. In order to regain compliance, the closing bid price of our common stock must be at least $1.00 for a minimum of ten consecutive business days.
If a company’s common stock trades for 30 consecutive business days below the $1.00 minimum closing bid price requirement, Nasdaq will send a deficiency notice to it, advising that it has been afforded a "compliance period" of 180 calendar days to regain compliance with the applicable requirements.
In order to attract and retain the number of employees Cycurion needs to grow our business, it may need to increase its compensation levels in the future. This could adversely affect its operating margins, which, in turn, could negatively affect its financial condition and operating results.
We compete for talent with larger, better-capitalized firms that can offer higher compensation, more extensive benefits, and broader career advancement opportunities. In order to attract and retain the employees we need, we may need to increase compensation levels, which could adversely affect our operating margins.
If we are unable to maintain compliance with all applicable listing standards, our common stock may no longer be listed on The Nasdaq Global Market or another national securities exchange and the liquidity and market price of our common stock may be adversely affected.
If we fail to comply with the continued minimum closing bid requirements of the Nasdaq Global Market or other requirements for continued listing, our common stock may be delisted and the price of our common stock and our ability to access the capital markets could be negatively impacted. Our common stock is listed for trading on the Nasdaq Global Market.
Our issuance of additional shares of Cycurion common stock or other equity securities of equal or senior rank could have the following effects: ● your proportionate ownership interest in the combined company decrease; ● the relative voting strength of each previously outstanding share of the combined company may be diminished; or ● the market price of our shares of the combined company stock may decline.
The issuance of additional shares could decrease your proportionate ownership interest, subordinate the rights of holders of common stock if preferred stock is issued with senior rights, or adversely affect the market price of our shares.
Any failure to achieve and maintain profitability would have a materially adverse effect on Cycurion’s ability to implement its business plan, its results and operations, and its financial condition, and could cause the value of its common stock to decline, resulting in a significant or complete loss of your investment. 12 Cycurion’s level of indebtedness and debt service obligations could adversely affect its financial condition and make it more difficult for management to fund its operations.
Our level of indebtedness and debt service obligations could adversely affect our financial condition and make it more difficult to fund our operations. We have significant indebtedness and other liabilities outstanding.
Removed
As a result, the trading price of our common stock could decline, and you might lose all or part of your investment. When evaluating an investment in our common stock, you should also refer to the other information in this Annual Report, including our consolidated financial statements and related notes.
Added
Item 1A. Risk Factors You should carefully consider the risks and uncertainties described below, together with all of the other information included in this Annual Report on Form 10-K and other documents we file with the SEC.
Removed
Risks Related to Our Business Generally Cycurion has a limited operating history upon which you can evaluate our future business and prospects. Cycurion has a limited operating history. It was incorporated in 2017. Since its incorporation, Cycurion has acquired two operating subsidiaries: Axxum in 2017 and Cloudburst in 2019. It also acquired certain technology assets of Sabres in September 2021.
Added
The risks and uncertainties described below are those that we have identified as material to our business, but they are not the only risks and uncertainties facing us. Additional risks and uncertainties not currently known to us or that we currently believe are immaterial also may adversely affect our business, financial condition, results of operations and prospects.
Removed
Accordingly, Cycurion and its subsidiaries have varying operating histories and, together as a consolidated company, has a limited operating history, which can make it difficult for investors to evaluate Cycurion’s operations and prospects and may increase the risks associated with an investment.
Added
Risks Related to Our Business and Operations We derive a substantial portion of our revenue from a limited number of contracts and clients, and the loss of any significant contract or client relationship could materially reduce our revenue and profitability.
Removed
There can be no assurance that Cycurion’s business plan can be realized in the manner contemplated, that it will ever realize any significant operating revenues, or that its operations will ever be profitable and, therefore, its stockholders may lose all or a substantial part of their investment.
Added
A significant portion of our revenue is concentrated among a small number of contracts and clients, primarily state and local government agencies including higher education institutions, law enforcement agencies, and municipal transportation authorities.
Removed
Cycurion has incurred net losses and cannot assure you that it will achieve or maintain profitable operations. Cycurion’s net income was $1,229,601 for the year ended December 31, 2024 and net loss was $(2,097,013) December 31, 2023.
… 300 more changes not shown on this page.
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
4 edited+22 added−14 removed0 unchanged
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
4 edited+22 added−14 removed0 unchanged
2024 filing
2025 filing
Biggest changeOur CISO and ISSO are responsible for developing, implementing, coordinating, and maintaining IT security policy and procedures. These individuals also fill the role of Computer Incident Response Team (CIRT) Leaders. They are responsible for the operations of the system and its applications, including reporting, responding to security incidents, and ensuring that adequate event logging is enabled.
Biggest changeThe CIO and ISSO also serve as leaders of Cycurion's Incident Response Team ("IRT"). These individuals are responsible for overseeing the response to cybersecurity incidents, coordinating remediation efforts, and ensuring that security monitoring and logging capabilities are enabled across applicable systems. Incident response procedures include processes for identifying, classifying, and responding to potential cybersecurity incidents.
ITEM 1C. CYBERSECURITY Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risks from cybersecurity threats. We have designed and implemented an Access Control Policy.
Item 1C. Cybersecurity Risk Management and Strategy Cycurion has established policies and processes for assessing, identifying, and managing material risks from cybersecurity threats. Cycurion has designed and implemented cybersecurity policies and procedures intended to protect its information systems and sensitive information assets.
Our cybersecurity program and policies is a collaborative effort, requiring commitment from all personnel, including management, internal employees and users of information systems, along with vendors, contractors, and other relevant third parties.
Our cybersecurity program is a collaborative effort requiring the participation of management, employees, contractors, vendors, and other relevant third parties. Personnel with access to Company systems are responsible for complying with Cycurion's information security policies and for reporting suspected security incidents or vulnerabilities.
As of the date of this Annual Report, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected the Company, its business strategy, results of operations or financial condition.
The VP of Operations is personally involved in, and responsible for, the risk assessment, identification, and management process described above. Cybersecurity Risk Impact As of the date of this Annual Report, Cycurion is not aware of any cybersecurity incidents that have materially affected its business strategy, results of operations, or financial condition.
Removed
The policy and supporting procedures encompass all information systems that are owned, operated, maintained, and controlled by the Company and all other information systems, both internally and externally, that interact with these systems.
Added
These policies encompass information systems that are owned, operated, maintained, or controlled by Cycurion, as well as external systems and service providers that interact with Company systems. Cycurion’s cybersecurity program includes safeguards designed to protect sensitive information, including Controlled Unclassified Information ("CUI"), where applicable.
Removed
Our Chief Information Security Officer (“CISO”) and Information System Security Officer (“ISSO”) are responsible for providing overall direction, guidance, leadership, and support for the entire information systems environment, while also assisting other applicable personnel in their day-to-day operations.
Added
Cycurion maintains a cybersecurity program designed to align with recognized industry standards and cybersecurity frameworks, including the National Institute of Standards and Technology ("NIST") cybersecurity guidance and of the CMMC framework established by the U.S. Department of Defense for the protection of CUI.
Removed
The CISO and ISSO are to report to other members of senior management on a regular basis regarding all aspects of the organization’s information systems posture. Our internal employees and users are responsible for adhering to the organization’s information security policies, procedures, practices, and not undertaking any measure to alter such standards on any information systems.
Added
Cycurion's cybersecurity policies, procedures, and operational safeguards incorporate security control objectives consistent with NIST and CMMC practices designed to protect sensitive information processed, stored, or transmitted within Company systems. 22 Table of Contents As part of its cybersecurity risk management processes, Cycurion performs periodic cybersecurity risk assessments designed to identify potential threats, vulnerabilities, and risks affecting the confidentiality, integrity, and availability of Company systems and data.
Removed
Additionally, end users are to report instances of non-compliance to senior authorities, specifically those by other users. End users – while undertaking day-to-day operations – may also notice issues that could impede the safety and security of our information systems and are to also report such instance immediately to senior authorities.
Added
Identified risks are evaluated and prioritized based on potential operational and financial impact and are addressed through remediation plans, technical safeguards, or operational controls. Cycurion maintains a vulnerability management program designed to help identify and remediate security weaknesses within its systems and infrastructure.
Removed
Our vendors, contractor and other third-party entities are responsible for adhering to the organization’s information security policies, procedures, practices, and not undertaking any measure to alter such standards on any such system components. We have also implemented an IT Security Incident Response Policy.
Added
The Company conducts periodic vulnerability scans and security assessments and remediation activities are prioritized based on the severity of the issue and the potential impact to operations of information security. Cycurion also employs continuous monitoring capabilities intended to detect and evaluate potential cybersecurity threats in a timely manner.
Removed
Incident response preparation comprises of how to respond to incidents and how to protect against and detect computer-related incidents. The process of providing incident response is identified by four distinct phases: (i) preparation; (ii) detection and analysis; (iii) containment, eradication and recovery; and (iv) post-incident activity.
Added
These monitoring activities may include log monitoring, endpoint detection tools, vulnerability scanning, and the analysis of security events by designated security personnel. To help protect endpoint devices, Cycurion uses endpoint protection technologies designed to detect, prevent, and respond to malicious activity. These tools provide monitoring and alerting capabilities that assist security personnel in identifying and responding to potential cybersecurity incidents.
Removed
Our ISSO is responsible for the security of the system and for ensuring incident response (IR) policy and plan are documented, followed, that the IR plan is tested annually, updated with lessons learned from training exercises and on-going incident handling activities, and periodically reviewed at least on an annual basis. This person also fills the role of Deputy CIRT Leader.
Added
Cycurion has implemented a formal Change Control Board ("CCB") process to review and approve system changes that could affect the security of Company systems. Proposed changes are evaluated by designated personnel prior to implementation to assess potential cybersecurity risks and to help ensure that appropriate safeguards remain in place.
Removed
Our CISO is responsible for information security within the organization and is responsible for the review and approval of the incident response policy and plan. General end-users and non-CIRT personnel are responsible for actively securing their systems and notifying the CIRT of any suspected information security incident (e.g., potential virus detection, phishing emails, potential malware infection, etc.).
Added
The Company also maintains a cybersecurity awareness and training program designed to educate employees and contractors about cybersecurity risks and their responsibilities in protecting Company systems and information. Training topics may include phishing awareness, password security, data protection practices, and incident reporting procedures. In addition, Cycurion may conduct periodic simulated phishing exercises to reinforce awareness and promote secure behavior.
Removed
Governance Management considers cybersecurity risk as part of its overall risk oversight function and reviews policies and procedures relative to both the systems and facility to ensure all requirements are within the Company’s purview to meet, and that appropriate resources have been dedicated or otherwise made available to accomplish, these requirements.
Added
Cycurion considers cybersecurity risks associated with third-party vendors, service providers, and contractors as part of its broader cybersecurity risk management efforts. The Company may assess the security posture of key third parties through contractual requirements, security questionnaires, and other risk management measures designed to reduce potential exposure. Company systems and services are hosted in secure cloud environments.
Removed
Our management team, including our CISO and ISSO, are responsible for day-to-day implementation, assessment, and management our cybersecurity risk assessment and management processes. The CISO and ISO have primary responsibility for our overall cybersecurity risk management program, including monitoring the prevention, detection, mitigation, and remediation of cybersecurity incidents, and works in partnership with our other business leaders.
Added
To protect these environments, Cycurion employs security controls such as identity and access management, network security protections, encryption technologies, and monitoring capabilities designed to safeguard cloud-based infrastructure and applications. Incident Response Cycurion has implemented an IT Security Incident Response Policy designed to support the preparation for, detection of, and response to cybersecurity incidents.
Removed
Our CISO and ISO supervise both our internal cybersecurity personnel and any retained external cybersecurity consultants. Our CISO and ISSO have served in various roles in information technology and information security for over 25 years each.
Added
The incident response process generally includes four phases: (i) preparation; (ii) detection and analysis; (iii) containment, eradication, and recovery; (iv) post-incident review. Our Chief Information Officer ("CIO") and Information System Security Officer ("ISSO") are responsible for developing, implementing, coordinating, and maintaining Cycurion's cybersecurity policies and procedures, including incident response activities.
Removed
The Board of Directors receives presentations and reports on cybersecurity, which address a range of topics including recent developments, evolving standards, the threat environment, cybersecurity systems testing and vulnerability assessments, and the Company’s practices and policies to manage risks. The CISO and ISSO report to the Board of Directors on cybersecurity matters and materials risks, if any, from cybersecurity threats.
Added
Security personnel may investigate suspected incidents, collect, and preserve relevant evidence, and coordinate remediation actions designed to restore normal system operations. Cycurion periodically reviews and updates its incident response procedures and may conduct internal exercises or simulations designed to evaluate incident response readiness.
Removed
The Board of Directors also receive notice of any significant cybersecurity incidents, as well as ongoing updates regarding any such incident until it has been addressed.
Added
Employees and system users are responsible for reporting suspected cybersecurity incidents such as malware infections, phishing attempts, unauthorized access attempts, or other suspicious activities to designated security personnel. 23 Table of Contents If a cybersecurity incident occurs, management evaluates the nature, scope, and potential impact of the incident to determine whether the incident could materially affect Cycurion's business, operations, or financial condition.
Removed
As cybersecurity threats become more sophisticated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures.
Added
This evaluation may involve consultation with internal security personnel, senior management, and legal advisors. Governance Management considers cybersecurity risk as part of Cycurion's overall risk management and oversight processes. Cycurion's management team, including the CIO and ISSO, is responsible for the day-to-day implementation, assessment, and management of Cycurion's cybersecurity risk management processes.
Added
The CIO and ISSO oversee Cycurion's cybersecurity program and work with other members of management to implement and maintain cybersecurity policies, procedures, and safeguards designed to protect Company systems and data. The CIO and ISSO supervise internal cybersecurity personnel and may coordinate with external cybersecurity professionals or consultants who assist with security monitoring, risk assessments, and cybersecurity program improvements.
Added
The Board of Directors receives periodic updates regarding cybersecurity matters, including information related to cybersecurity risks, threat landscape developments, and cybersecurity program activities. Cybersecurity risk oversight is integrated into Cycurion's broader enterprise risk management processes. Management periodically provides the Board with updates regarding cybersecurity risk management activities and the effectiveness of cybersecurity controls.
Added
Our Information Security team, led by our Vice President of Operations, William (Eric) Singleton, is responsible for assessing and managing material cybersecurity risks.
Added
Certifications held by the Information Security team members include (ISC)² CISSP, (ISC)² CGRC, ISACA CISM, ISACA CRISC, CompTIA Security+, CompTIA Security X (CASP+), CompTIA PenTest+, CompTIA CNVP, EC-Council CEH, GIAC GWAPT, (ISC)² CAP, FITSI FITSP, CWAPT, IABF, and AWS Solutions Architect Associate. Mr.
Added
Singleton's background includes over 25 years of experience in IT and Information Security spanning federal government and commercial sectors, with expertise in cybersecurity strategy, risk management, compliance frameworks, penetration testing, vulnerability assessment, security control assessment, and FISMA/RMF program oversight. His formal education includes a Bachelor of Science in Computer Science from Northeastern University. Certifications held by Mr.
Added
Singleton include the (ISC)² Certified Authorization Professional (CAP), with additional specialized training in Incident Response and Threat Hunting, Offensive Operations, Penetration Testing, Red and BlueTeaming, Continuous Diagnostics and Mitigation (CDM), and Cloud Security.
Added
Our Vice President of Operations provides reports to the Audit Committee of our Board of Directors on a standing basis at each Audit Committee meeting, and as otherwise requested by the Chair of the Audit Committee or as determined necessary by the VP of Operations or other members of senior management.
Added
However, cybersecurity threats continue to evolve in sophistication and frequency. As a result, Cycurion may be required to devote additional resources to enhance its cybersecurity protections and maintain the effectiveness of its cybersecurity risk management processes.
Item 2. Properties
Properties — owned and leased real estate
2 edited+0 added−1 removed0 unchanged
Item 2. Properties
Properties — owned and leased real estate
2 edited+0 added−1 removed0 unchanged
2024 filing
2025 filing
Biggest changeDue to the nature of our business and the professional services we offer, a majority of our employees work on client sites or remotely. Our offices do not require any state or regulatory permits. We currently believe that our existing facilities are suitable, but we may need additional space in the future to accommodate our anticipated growth.
Biggest changeOur offices do not require any state or regulatory permits. We currently believe that our existing facilities are suitable, but we may need additional space in the future to accommodate our anticipated growth. We believe that such space will be available to us when required and on commercially reasonable terms. 24 Table of Contents
ITEM 2. PROPERTIES We do not own any properties. Our principal executive office is located at 1640 Boro Place, Fourth Floor, McLean, Virginia 22102. Our executive office is shared with our subsidiaries, and houses our management team, cybersecurity engineers, support staff, and sales and customer service teams.
Item 2. Properties We do not own any properties. Our principal executive office is located at 1640 Boro Place, Suite 420C, McLean, Virginia 22102. Our executive office is shared with our subsidiaries. Due to the nature of our business and the professional services we offer, a majority of our employees work on client sites or remotely.
Removed
We believe that such space will be available to us when required and on commercially reasonable terms.
Item 3. Legal Proceedings
Legal Proceedings — active lawsuits and investigations
0 edited+1 added−17 removed0 unchanged
Item 3. Legal Proceedings
Legal Proceedings — active lawsuits and investigations
0 edited+1 added−17 removed0 unchanged
2024 filing
2025 filing
Removed
ITEM 3. LEGAL PROCEEDINGS On October 30, 2020, the former owners of Cloudburst filed a Complaint in the Circuit Court of Fairfax County, Commonwealth of Virginia, styled, Andrea Suzara Bennett and Adam W. Bennett Plaintiffs v. KAE Holdings, Inc., Case No. 2020 17025.
Added
Item 3. Legal Proceedings Information required for Item 3. is incorporated by reference to the discussion under the heading "Legal Proceedings" in Note 22 "Commitments and Contingencies" to the consolidated financial statements included in Item 8. of this Form 10-K. Item 4. Mine Safety Disclosures Not applicable. PART II
Removed
In the Complaint, plaintiffs alleged the following counts: Breach of Contract — Andrea Bennett and Breach of Contract — Adam Bennett. Plaintiffs are seeking compensatory damages in the aggregate amount of approximately $1,000,000 plus interest.
Removed
On January 15, 2021, we answered the Complaint, denied the allegations, and alleged certain counterclaims: (i) Breach of Contract — all Counterclaim Defendants, (ii) Fraudulent Inducement — All Counterclaim Defendants, and (iii) Breach of Contract — Adam Bennett.
Removed
We are seeking damages in an amount to be determined at trial, but no less than $2,800,000, recission of the promissory notes that we issued in connection with our purchase of Cloudburst from the plaintiffs, punitive damages of $350,000, and temporary and permanent injunctive relief.
Removed
On April 20, 2022, we settled the litigation for a payment of $200,000 in exchange for the Counterclaim Defendants to us for cancellation (i) the $900,000 promissory notes and (ii) 186,048 shares of our common stock, which we had issued to them in connection with their sale of Cloudburst to us in April 2019.
Removed
As of the date of this Annual Report, this case has been settled. 24 On February 1, 2024, JPI Technologies, LLC filed a complaint in the Circuit Court of Fairfax County, Virginia, styled JPI Technology, LLC, Plaintiff, v. Axxum Technologies, LLC, Defendant , Case No. 2024-01774.
Removed
Plaintiff alleged the breach of a settlement agreement and sought damages in the amount of $126,000. Subsequent to the date of filing of the Complaint, Defendant (a wholly-owned subsidiary of ours) has made certain payments to Plaintiff in connection with the Settlement Agreement and denies that it owes the amount alleged in the Complaint.
Removed
In connection with the settlement agreement, Defendant executed and delivered a Judgment Order in the unpaid settlement amount, interest thereon at the annual rate of 6%, and attorneys’ fees and costs. As of the date of this Annual Report, this case has been settled.
Removed
On March 21, 2024, Unique Funding Solutions LLC filed a complaint in the Circuit Court of Fairfax County, Virginia, styled Unique Funding Solutions LLC, Plaintiff v. Cycurion, Inc., d/b/a fka Cyber Secure Solution, Axxum Technologies LLC, Cycurion Innovation, Inc., Cloudburst Security LLC, Emmit Jones McHenry, Kurt, McHenry, and Avin McCoy , Case No. CL2024-0004073.
Removed
Plaintiff alleged that the entity defendants entered into a future receipts/receivables agreement with Plaintiff, pursuant to which the entity Defendants became obligated to pay to Plaintiffs approximately $490,000. Plaintiff also alleged that the individual Defendants personally guaranteed the obligations of the entity Defendants.
Removed
Plaintiff further alleged that all Defendants defaulted in the performance of their respective agreements, which became the subject of a settlement agreement in the amount of approximately $430,000, with a weekly payment schedule. Defendants deny the allegations set forth in the complaint and the matter is now in the discovery phase of litigation.
Removed
As of the date of this Annual Report, this case has been settled. On July 29, 2024, Object3, LLC initiated an arbitration proceeding with the American Arbitration Association, styled Object3, LLC, Claimant, v. Cloudburst Security, LLC, Respondent , Case No. 01-24-0006-9906.
Removed
The Claimant made claims for unpaid consulting services and associated costs, fees, and interest for the prior 12-month period in the aggregate amount of approximately $228,000. Defendant (a wholly-owned subsidiary of ours) denies that it owes such amount to Claimant.
Removed
The arbitration is in the early stages and, as of the date of this Annual Report, we are in negotiations to settle this case.
Removed
We know of no other material pending legal proceedings to which we or any of our subsidiaries is a party or to which any of our assets or properties, or the assets or properties of any of our subsidiaries, are subject and, to the best of our knowledge, no adverse legal activity is anticipated or threatened.
Removed
In addition, we do not know of any such proceedings contemplated by any governmental authorities. We know of no material proceedings in which any of our directors, officers, or affiliates, or any registered or beneficial stockholder is a party adverse to us or any of our subsidiaries or has a material interest adverse to us or any of our subsidiaries.
Removed
ITEM 4. MINE SAFETY DISCLOSURES Not Applicable. PART II
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
3 edited+12 added−1 removed0 unchanged
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
3 edited+12 added−1 removed0 unchanged
2024 filing
2025 filing
Biggest changeIssuer Purchases of Equity Securities The Company did not repurchase any of its common stock during the year ended December 31, 2024.
Biggest changeIssuer Purchases of Equity Securities The Company did not repurchase any of its common stock during the year ended December 31, 2025. 25 Table of Contents 2025 Equity Incentive Plan In February 2025, we adopted the 2025 Equity Incentive Plan that provide for the issuance of up to 10,000,000 shares of Common Stock to our officers, directors and other employees.
ITEM 5. MARKET FOR OUR COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES. Market Information for Common Stock Our common stock is currently listed on The Nasdaq Global Market and our warrants on The Nasdaq Capital Market, under the symbols “CYCU” and “CYCUW”, respectively.
Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Our common stock is currently listed on The Nasdaq Global Market and our warrants on The Nasdaq Capital Market, under the symbols "CYCU" and "CYCUW", respectively.
Dividend Policy Cycurion does not anticipate paying any cash dividends in the foreseeable future. If Cycurion incurs indebtedness in the future to fund its future growth, its ability to pay dividends may be further restricted by the terms of such indebtedness. Unregistered Sales of Equity Securities None.
If Cycurion incurs indebtedness in the future to fund its future growth, its ability to pay dividends may be further restricted by the terms of such indebtedness.
Removed
On April 14, 2025, the closing sale price of our common stock was $0.50 per share. Holders of Record As of April 17, 2025, there were approximately 37 holders of record of our common stock. Such numbers do not include beneficial owners holding our securities through nominee names.
Added
Holders of Record As of December 31, 2025, there were approximately 56 holders of record of our outstanding shares of common stock. The number of holders on record is not representative of the number of beneficial owners due to the fact that many shares are held by depositories, brokers, or nominees.
Added
Dividends On November 25, 2025, the Company and iQSTEL, Inc. announced that each company plans to distribute $500,000 worth of its own shares as a one-time, pro-rata dividend to its own respective shareholders and security holders, while preserving the full $1,000,000 in cross-ownership shares.
Added
On December 5, 2025, the Company announced that it plans to distribute a special dividend valued at $500,000 in the form of its shares of common stock shares to all of its shareholders of record as of December 15, 2025 on a pro-rata basis.
Added
On December 11, 2025, the Company announced an updated dividend distribution ratio of 0.0180 per share of common stock to its shareholders and security holders. The dividend was paid on December 30, 2025. Cycurion does not anticipate paying any cash dividends in the foreseeable future.
Added
Unregistered Sales of Equity Securities On February 14, 2025, we entered into a pre-funded warrant ("Seward & Kissel Pre-Funded Warrant") with Seward & Kissel LLP ("Seward & Kissel") for up to 83,333 shares of common stock issuable to Seward & Kissel upon excise of the Seward & Kissel Pre-Funded Warrant.
Added
We chose to issue the Seward & Kissel Pre-Funded Warrant in consideration for Seward & Kissel's outstanding legal fees and expenses of approximately $1.3 million.
Added
On April 7, 2025, we entered into a pre-funded warrant ("Yield Point Pre-Funded Warrant") with Yield Point NY LLC ("Yield Point") for up to 150,000 shares of common stock issuable to Yield Point upon exercise of the Yield Point Pre-Funded Warrant.
Added
We chose to issue the Yield Point Pre-Funded Warrant in consideration for Yield Point's execution and delivery of the Equity Purchase Agreement, dated April 7, 2025, between us and Yield Point in lieu of paying Yield Point $1,800,000 in cash. On December 4, 2025, we entered into a securities purchase agreement Armistice Capital Master Fund Ltd.
Added
("Armistice"), pursuant to which we agreed to sell to Armistice an aggregate of 1,657,460 shares of common stock, or pre-funded warrants exercisable for $0.0001 per share in lieu thereof, and accompanying common warrants to purchase up to 3,314,920 shares of common stock in a private placement, for gross proceeds of approximately $6 million, before deducting the placement agent’s fees and other estimated offering expenses.
Added
On September 29, 2025, upon approval by a majority consenting stockholders, we increased the number of authorized shares issuable under the 2025 Equity Incentive Plan from 10,000,000 to 25,000,000 shares of Common Stock. AS of December 31, 2025, 371,020 shares have been issued to ten stockholders under the plan.
Added
Retention Packages On June 16, 2025, our board of directors approved a retention package for L. Kevin Kelly, Chief Executive Officer, and Alvin McCoy III, Chief Financial Officer, and issued each officer 100,000 shares of Common Stock under our 2025 Equity Incentive Plan on August 4, 2025.
Added
Outstanding Equity Awards at Fiscal Year-End We did not have any option awards or unvested stock awards outstanding as of December 31, 2025. ITEM 6. [RESERVED] 26 Table of Contents
Item 7. Management's Discussion & Analysis
Management's Discussion & Analysis (MD&A) — revenue / margin commentary
36 edited+36 added−63 removed14 unchanged
Item 7. Management's Discussion & Analysis
Management's Discussion & Analysis (MD&A) — revenue / margin commentary
36 edited+36 added−63 removed14 unchanged
2024 filing
2025 filing
Biggest changeOur Cycurion Security Platform’s constantly survey a client’s data to detect security issues in need of attention, send automatic updates, and provide the client with a complete database of rules and threats. ● Multi-Dimensional Protection (MDP) ● On-premises option ● Dual-Layered Defense (WAF/Bot Mitigation) ● Advanced Security Information and Event Management (SIEM) dashboard ● AI-enabled ● Ongoing reporting and alerts ● No delays for the end-user ● Can connect to any existing WAF ● Easy installation on all platforms ● Exceptional penetration testing results ● No downtime for updating ● No hardware required ● Cloud-based ● Biometric WAF We have integrated the technology assets that we acquired from Sabres (which now constitutes our Cycurion Security Platform) into our Managed Security Services Practice.
Biggest changeOur Cycurion Security Platform's constantly survey a client's data to detect security issues in need of attention, send automatic updates, and provide the client with a complete database of rules and threats. We have integrated the technology assets that we acquired from Sabres (which now constitutes our Cycurion Security Platform) into our Managed Security Services Practice.
The costs of single-layer security can be measured in terms of money, time, and risk, as well as the damage wrought by a data breach, which millions of businesses experience each year.
The costs of single-layer security can be measured in terms of money, time, and risk, as well as the damage wrought by a data breach, which millions of businesses experience each year.
These products provide solutions, whether a client is in need of a web application firewall to comply with regulations and ensure it has a first line of defense against the hazards that the internet can present or is in need of enterprise-level products that empower Security Operations Center (SOC) teams and security management.
These products provide solutions, whether a client is in need of a web application firewall to comply with regulations and ensure it has a first line of defense against the hazards that the internet can present or is in need of enterprise-level products that empower SOC teams and security management.
Our operating subsidiaries are wholly owned by Cycurion Sub., Inc., a Delaware corporation that, until the closing date of the de-SPAC, was known as “Cycurion, Inc.” We continue to conduct our business through the three below-described entities, which are now indirectly wholly-owned second-tier subsidiaries by virtue of the recent closing of the de-SPAC transaction.
Our Subsidiaries Cycurion Sub, Inc. We own our operating subsidiaries through Cycurion Sub., Inc., a Delaware corporation that, until the closing date of the de-SPAC, was known as "Cycurion, Inc." We continue to conduct our business through the three below-described entities, which are now indirectly wholly-owned second-tier subsidiaries by virtue of the recent closing of the de-SPAC transaction.
In connection with the transactions contemplated by the SLG Term Sheet, on April 25, 2023, Cycurion and RCR also entered into a term sheet (the “ RCR Term Sheet ”) for a distinct, but related transaction.
In connection with the transactions contemplated by the term sheet with SLG (the "SLG Term Sheet"), on April 25, 2023, Cycurion Sub and RCR also entered into a term sheet (the "RCR Term Sheet") for a distinct, but related transaction.
It operates our Cycurion Security Platform’s line of products allows our customers to improve their cyber posture with its MDP SaaS platform. This platform efficiently bundles and easily implements the external protection of a Web Application Firewall (WAF) and the internal protection of Bot Mitigation.
It operates our Cycurion Security Platform’s line of products allows our customers to improve their cyber posture with its MDP SaaS platform. This platform efficiently bundles and easily implements the external protection of a WAF and the internal protection of Bot Mitigation.
Cloudburst focuses on providing tailored solutions that leverage the industry’s best minds and technologies to predict, protect, detect, respond, and sustain our clients from the latest evolving cyber threats. Cycurion Innovation, Inc. Cycurion Innovation, Inc. was formed in connection with our acquisition of assets from Sabres, a leading Israeli-based cyber security provider.
Cloudburst focuses on providing tailored solutions that leverage the industry's best minds and technologies to predict, protect, detect, respond, and sustain our clients from the latest evolving cyber threats. 27 Table of Contents Cycurion Innovation, Inc. Cycurion Innovation, Inc. was formed in connection with our acquisition of assets from Sabres, a leading Israeli-based cybersecurity provider.
The foregoing brief summary description of certain terms and provisions of the RCR Term Sheet does not purport to be complete and is qualified in its entirety by reference to the full text of the RCR Term Sheet, a copy of which is attached to this Annual Report as Exhibit 10.13 and the full text of the RCR Term Sheet Amendments, a copy of each of which are attached to this Annual Report as Exhibit 10.13a, 10.13b and 10.13c.
The foregoing brief summary description of certain terms and provisions of the RCR Term Sheet does not purport to be complete and is qualified in its entirety by reference to the full text of the RCR Term Sheet, a copy of which is filed as an exhibit to this Annual Report on Form 10-K as Exhibit 10.13 and the full text of the RCR Term Sheet amendments, a copy of each of which are filed as an exhibit to this Annual Report on Form 10-K as Exhibit 10.13a, 10.13b, 10.13c and 10.13d.
Bot Mitigation is the reduction of risk to applications, Application Program Interfaces (APIs), and backend services from malicious bot traffic that fuels common automated attacks, such as Distributed Denial of Service (DDoS) campaigns and vulnerability probing.
Bot Mitigation is the reduction of risk to applications, Application Program Interfaces ("APIs"), and backend services from malicious bot traffic that fuels common automated attacks, such as DoS campaigns and vulnerability probing.
We intend to continue to seek additional debt or equity financing to continue our operations. Our consolidated financial statements have been prepared on a going concern basis, which implies we may not continue to meet our obligations and continue our operations for the next fiscal year.
Our consolidated financial statements have been prepared on a going concern basis, which implies we may not continue to meet our obligations and continue our operations for the next fiscal year.
This platform efficiently bundles and easily implements the external protection of a Web Application Firewall (WAF) and the internal protection of Bot Mitigation. Bot Mitigation is the reduction of risk to applications, Application Program Interfaces (APIs), and backend services from malicious bot traffic that fuels common automated attacks, such as Distributed Denial of Service (DDoS) campaigns and vulnerability probing.
This platform efficiently bundles and easily implements the external protection of a WAF and the internal protection of Bot Mitigation. Bot Mitigation is the reduction of risk to applications, APIs, and backend services from malicious bot traffic that fuels common automated attacks, such as DoS campaigns and vulnerability probing.
Crucially, the AI underpinning the MDP platform is constantly evolving to counter new threats. Through a crowdsourcing process, the cloud-based MDP learns from every threat to any protected application and uses that newly acquired knowledge to protect all MDP clients better. 26 Subcontractor — Prime contractor relationship SLG Innovation, Inc.
That version is in the testing and evaluation phase. Crucially, the AI underpinning the MDP platform is constantly evolving to counter new threats. Through a crowdsourcing process, the cloud-based MDP learns from every threat to any protected application and uses that newly acquired knowledge to protect all MDP clients better.
These estimates and assumptions primarily include, but are not limited to, the discount rate being the weighted average cost of capital (WACC) for the firm, terminal growth rates, earnings before depreciation and amortization, and capital expenditures forecasts. Due to the inherent uncertainty involved in making these estimates, actual results could differ from those estimates.
These estimates and assumptions primarily include, but are not limited to, the discount rate being the weighted average cost of capital ("WACC") for the firm, terminal growth rates, earnings before depreciation and amortization, and capital expenditures forecasts.
Through this interaction of the WAF and Bot Mitigation, the MDP is able to reinforce these layers of security and generate new security layers in real time in response to emerging threats. This process is directed by our Cycurion Security Platform’s proprietary, cloud-based artificial intelligence (“AI”) algorithm.
Through this interaction of the WAF and Bot Mitigation, the MDP is able to reinforce these layers of security and generate new security layers in real time in response to emerging threats. This process is directed by our Cycurion Security Platform's (formerly Sabres') proprietary, cloud-based AI algorithm. We do not have AI processing in the production version of the software.
The consummation of the transactions contemplated by the RCR Term Sheet is contingent upon the consummation of the transactions contemplated by the SLG Term Sheet.
The consummation of the transactions contemplated by the RCR Term Sheet is contingent upon the consummation of the transactions contemplated by the SLG Term Sheet. We consummated the transactions contemplated by the RCR Term Sheet on September 25, 2025.
Cloudburst Security LLC Cloudburst is a cybersecurity provider with successful assignments within highly sensitive government agencies and other commercial organizations. We acquired Cloudburst in April 2019. Following the acquisition, we continued Cloudburst’s core operations of providing mission-critical and highly sensitive government agencies and other commercial organizations with high-quality, innovative cybersecurity services.
Following the acquisition, we continued Cloudburst’s core operations of providing mission-critical and highly sensitive government agencies and other commercial organizations with high-quality, innovative cybersecurity services.
Readers are encouraged to read those Exhibits in full for a more comprehensive understanding of the transaction contemplated by the RCR Term Sheet. Acquisition of Technology Sabres SaaS Asset Purchase On August 17, 2021, we entered into an asset purchase agreement to acquire certain technology assets of Sabres, a leading Israeli-based cyber security provider.
Readers are encouraged to read those Exhibits in full for a more comprehensive understanding of the transaction contemplated by the RCR Term Sheet. 28 Table of Contents Acquisition of Technology On September 30, 2021, we acquired certain technology assets of Sabres, a leading Israeli-based cybersecurity provider.
The continuation of our Company as a going concern is dependent upon our ability to obtain necessary debt or equity financing to continue operations until we begin generating positive cash flow. 31 There is no assurance that we will ever be consistently profitable or, notwithstanding our recent financing activities, that debt or equity financing will be available to us in the amounts, on terms, and at times deemed acceptable to us, if at all.
There is no assurance that we will ever be consistently profitable or, notwithstanding our recent financing activities, that debt or equity financing will be available to us in the amounts, on terms, and at times deemed acceptable to us, if at all.
Based on our current capital resources as of December 31, 2024, including our unrestricted cash and accounts receivable (net) of $10.3 million, we expect to be able to continue our operations for a minimum of 12 months as of the date of these financial statements. We have added the following table that provides aging analysis of our accounts receivable.
Based on our current capital resources as of December 31, 2025, including our unrestricted cash and accounts receivable, net of $7.9 million, we expect to be able to continue our operations for a minimum of 12 months as of the date of this annual report.
The SLG team has worked nationally, as it has served over 25 Department of Health and Human Services agencies, all 50 state governments, and over 250 local governments. Since SLG’s inception, it has primarily focused on customers in the middle of the country.
SLG's leadership team offers years of combined success in answering the needs of government agencies and healthcare organizations across the country. The SLG team has worked nationally, as it has served over 25 Department of Health and Human Services agencies, all 50 state governments, and over 250 local governments.
Off-balance sheet arrangements We did not have any off-balance sheet arrangements during the periods presented, and we do not currently have any off-balance sheet arrangements, as defined in the SEC rules and regulations. Revenue Recognition We adopted the new revenue standard, ASC 606, on January 1, 2018, using the full retrospective approach.
Off-balance sheet arrangements We did not have any off-balance sheet arrangements during the periods presented, and we do not currently have any off-balance sheet arrangements, as defined in the SEC rules and regulations.
Following the acquisition, we continued Axxum’s core operations of providing contractor services to its existing federal government customer base while leveraging our existing processes and tools to expand its commercial footprint.
Following the acquisition, we continued Axxum's core operations of providing contractor services to its existing federal government customer base while leveraging our existing processes and tools to expand its commercial footprint. Cloudburst Security LLC Cloudburst is a cybersecurity provider with successful assignments within highly sensitive government agencies and other commercial organizations. We acquired Cloudburst in April 2019.
Readers are encouraged to read those Exhibits in full for a more comprehensive understanding of the transaction contemplated by the SLG Term Sheet. RCR Acquisition Agreement RCR Technology Corporation (“ RCR ”) performs certain services for SLG in its role as an SLG subcontractor and, in that context, became a creditor of SLG.
RCR Acquisition Agreement RCR Technology Corporation ("RCR") performs certain services for SLG in its role as an SLG subcontractor and, in that context, became a creditor of SLG.
We, through our operating subsidiaries and strategic partnerships, have numerous prime and subcontracts with key government agencies. Our growth engine is driven by organic business solutions and strategic acquisitions of cyber/ infrastructure service providers. For a description of our Business, please see “Item 1. Business.” Our Subsidiaries Cycurion Sub, Inc.
We deliver high-quality, cybersecurity solutions to federal government civilian, defense, and judiciary agencies in addition to commercial clients across a variety of industries. We, through our operating subsidiaries and strategic partnerships, have numerous prime and subcontracts with key government agencies. Our growth engine is driven by organic business solutions and strategic acquisitions of cyber/ infrastructure service providers.
For the year ended December 31, 2023, net cash used in investing activities was approximately $706,707. This was used in the purchase of equipment. Financing Activities For the year ended December 31, 2024, net cash provided by financing activities was $1,689,268.
Net Cash Provided By/(Used In) Investing Activities For the year ended December 31, 2025, net cash provided in investing activities was approximately $1.4 million, compared to a $0.9 million use of cash for the year ended December 31, 2024.
The following discussion contains forward-looking statements that involve certain risks and uncertainties. Our actual results could differ materially from those discussed in these statements. Factors that could cause or contribute to these differences include those discussed below and elsewhere in this annual report, particularly under the “Risk Factors” and “Disclosure Regarding Forward-Looking Statements” sections.
Our actual results could differ materially from those discussed in the forward-looking statements, and the discussion below is not necessarily indicative of future results. Factors that could cause or contribute to any differences include, but are not limited to, those discussed below and elsewhere in this Annual Report on Form 10-K, particularly in "Item 1A.
As part of the asset purchase agreement, we acquired Multi-Dimensional Protection, Web Application Firewall and Bot Mitigation SaaS platforms, and their associated intellectual property.
As part of the asset purchase agreement, we acquired Multi-Dimensional Protection ("MDP"), WAF and Bot Mitigation SaaS platforms, and their associated intellectual property. Our Cycurion Security Platform's (formerly Sabres') line of products allows our customers to improve their cyber posture with its MDP SaaS platform.
As of December 31, 2024, our total assets increased to approximately $25.7 million from approximately $20.8 million at December 31, 2023, primarily due to a $3.2 million increase in our accounts receivable and $1.8 million increase in investments held in trust.
As of December 31, 2025, our total assets increased to approximately $33.5 million from approximately $25.6 million as of December 31, 2024, primarily due to increases in goodwill.
Through a crowdsourcing process, the cloud-based MDP learns from every threat to any protected application and uses that newly acquired knowledge to protect all MDP clients better. Our Cycurion Security Platform’s (formerly Sabres’) line of products provides solutions for substantially all web application security needs.
Through a crowdsourcing process, the cloud-based MDP learns from every threat to any protected application and uses that newly acquired knowledge to protect all MDP clients better. Master Service Agreement with SLG Innovation, Inc. The SLG team has an average of over 25 years of experience in the development, planning, implementation, and management of information systems.
Accounts Receivable Aging Analysis without SLG ($) Current 30 days 60 days 90 days 90+ days 2024 3,332,464 1,121,062 1,482,192 1,130,038 1,904,536 2023 2,395,952 3,806,985 970,411 1,101,005 2,571,450 Nevertheless, our continuation as a going concern is dependent on our ability to obtain additional financing until we can generate sufficient, consistent cash flow from operations to meet the expected growth in our obligations.
Nevertheless, our continuation as a going concern is dependent on our ability to obtain additional financing until we can generate sufficient, consistent cash flow from operations to meet the expected growth in our obligations. We intend to continue to seek additional debt or equity financing to continue our operations.
Management’s plans and basis of presentation: We were incorporated in Delaware in 2017 as KAE Holdings, Inc, with the purpose of acquiring operating entities in the cybersecurity industry. Effective July 14, 2020, we changed our corporate name from KAE Holdings, Inc. to Cyber Secure Solutions, Inc., and, on April 24, 2021, to Cycurion, Inc.
On July 14, 2020, we changed our corporate name from KAE Holdings, Inc. to Cyber Secure Solutions, Inc., and, on February 24, 2021, to Cycurion, Inc. We have two first-tier wholly-owned subsidiaries, Cycurion Sub, Inc.
The review of impairment consists of using a qualitative approach to determine whether it is more than likely that the fair value of the assets is less than their respective carrying values or a one-step qualitative impairment test.
In testing goodwill for impairment, we first assess the qualitative factors to determine whether the existence of events or circumstances leads to a determination that it is more likely than not that the fair value of a reporting unit is less than its carrying value.
This decrease in the revenues for the year ended December 31, 2024 is attributed to the conclusion of key contracts with the federal government and state and local agencies, partially offset by new business segments and contracts.
We attribute this decrease in the revenues in 2025 compared to 2024 to delayed start dates of new federal, state and local contracts and the company’s focus on more profitable business. Cost of revenues The cost of revenue for the year ended December 31, 2025, was approximately $13.5 million, compared to $14.1 million for the year ended December 31, 2024.
The net cash provided includes $2,000,000 in proceeds from a private placement and $1,084,000 in proceeds from notes payables, offset by $193,305 used in the repayment of bank borrowings.
The net cash provided includes $7.0 million in proceeds from the equity line of credit, $4.8 million of proceeds from the private placement capital raise in December 2025, $3.7 million proceeds provided from the exercise of warrants, $2.4 million in proceeds from convertible notes payable, $0.5 million in proceeds provided from notes payable, partially offset by a cash outflow of $1.0 million cash used in redemption of common stock.
The decline was the result of net profits of $1,229,601 incurred during our fiscal year 2024. Furthermore, we expect possible, significant operating losses for the next few years. We also utilized cash in operations of approximately $1,371,281 in the twelve months ended December 31, 2024.
As of December 31, 2025, we had an accumulated deficit of approximately $26.9 million, as compared to our accumulated deficit of approximately $3.2 million as of December 31, 2024. The increase of our accumulated deficit was a result of our net losses for 2025. Furthermore, we expect continued, significant operating losses for the next few years.
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS Throughout this section, unless otherwise noted, “we,” “our,” “us,” “Cycurion” and the “Company” refer to Cycurion, Inc. You should read the following discussion of our financial condition and results of operations in conjunction with our financial statements and the notes included elsewhere in this annual report.
Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations This Management's Discussion and Analysis of Financial Condition and Results of Operations should be read together with our audited consolidated financial statements and the related notes thereto for the fiscal years ended December 31, 2025 and 2024, included in Item 8. Financial Statements and Supplementary Data.
Removed
On February 14, 2025, the date of closing of our de-SPAC transaction, we merged into Western Acquisition Ventures Corp. and changed that company’s name to Cycurion, Inc. Our Business We deliver high-quality, cybersecurity solutions to federal government civilian, defense, and judiciary agencies in addition to commercial clients across a variety of industries.
Added
The discussion below contains management's comments on our business strategy and outlook, and such discussions contain forward-looking statements. These forward-looking statements reflect the expectations, beliefs, plans, and objectives of management about future financial performance and assumptions underlying management's judgment concerning the matters discussed, and accordingly involve estimates, assumptions, judgments, and uncertainties.
Removed
Axxum’s information security focus produces several key benefits: ● Agile Client Focus: Axxum’s projects are overseen directly by its program managers, all of whom have information security backgrounds and are fully authorized to promptly implement client requirements throughout the performance life cycle. ● Streamlined and Process Focused: Axxum’s streamlined infrastructure leverages ISO quality standards integrated with emerging and established technologies, allowing it to engineer innovative solutions without building in excessive overhead. ● Outstanding Personnel: Axxum has a reputation of employing cybersecurity experts.
Added
Risk Factors" and in "Special Note Regarding Forward-Looking Statements" at the beginning of this Form 10-K. General and Business Overview We were originally incorporated as KAE Holdings, Inc., under the laws of the State of Delaware in 2017, with the purpose of acquiring and holding operating entities in the cybersecurity industry.
Removed
We are currently a subcontractor for several keystone contracts held by SLG. The SLG team has an average of over 25 years of experience in the development, planning, implementation, and management of information systems. SLG’s leadership team offers years of combined success in answering the needs of government agencies and healthcare organizations across the country.
Added
(formerly Cycurion, Inc., until February 14, 2025) and Cycurion Crypto, a Delaware corporation formed in July 2025, and three indirectly wholly-owned second-tier subsidiaries: (i) Axxum, a Virginia limited liability company formed in December 2006, (ii) Cloudburst, a Virginia limited liability company formed in January 2007, and (iii) Cycurion Innovation, Inc., a Delaware corporation formed in September 2021, in connection with our acquisition of assets from Sabres, a leading Israeli-based cybersecurity provider.
Removed
SLG Acquisition Agreement Our revenues from SLG in our 2024 and 2023 fiscal years were $14,703,887 and $13,837,042, respectively.
Added
Cycurion Crypto Inc. Our direct wholly-owned subsidiary, Cycurion Crypto, a Delaware corporation, was formed in July 2025 as part of our strategic initiative to position the Company within the expanding digital asset ecosystem and will manage a crypto treasury.
Removed
The types of agreements to which SLG is a party are discussed under the heading “Our Business — Key Clients and Historical Performance .” From our perspective, a major benefit to us of the potential transaction contemplated by the SLG Term Sheet, as described below, would be that we could “piggyback” on SLG’s historical relationships with the various contracting governmental agencies in our bidding on future potential agreements.
Added
Since SLG's inception, it has primarily focused on customers in the middle of the country.
Removed
It is axiomatic in the governmental contracting arena in which we are involved that past performance on customer assignments as the prime contractor is one of the more important qualifications in competing for new opportunities within the federal government. We believe that our acquisition of SLG, if that transaction is closed by us, would yield such “past performance” qualifications.
Added
Cycurion issued 248,006 shares of common stock to RCR as a result of the consummation of the transaction contemplated by the RCR Term Sheet pursuant to the Securities Purchase Agreement, dated September 25, 2025.
Removed
On April 25, 2023, Cycurion Sub executed a Term Sheet with SLG (the “SLG Term Sheet”), pursuant to which SLG agreed to be acquired by Cycurion Sub. The Term Sheet contained all of the material terms and conditions of two proposed interrelated transactions to be memorialized by the SLG Acquisition Agreeement.
Added
Our Cycurion Security Platform's (formerly Sabres') line of products provides solutions for substantially all web application security needs.
Removed
To effectuate the two transactions contemplated by the SLG Term Sheet, Cycurion Sub will form two subsidiaries, which, upon formation, will initially be wholly owned by Cycurion Sub.
Added
Our dedicated support team will manage the Sabres platform, provide real time reporting, response to security incidents, and will manage all data privacy needs from a single security information and event management SaaS platform dashboard. 29 Table of Contents Financial Overview A number of factors have contributed to our fiscal year 2025 results of operations, the most significant of which are described below.
Removed
If, when, and as the transactions contemplated by the SLG Term Sheet are consummated, SLG would merge with and into one of the subsidiaries and survive, thereby becoming a wholly-owned subsidiary of Cycurion Sub.
Added
More details on these changes are presented below within our "Results of Operations" section. • The execution of the SLG Innovation Inc. transaction. • The completion of the business combination with Western Acquisition Ventures Corp.
Removed
Because certain of the agreements to which SLG is the prime contractor require that the majority owner of the prime contractor be a resident of the City of Chicago or of Cook County (depending on the contract), contemporaneously with the consummation of the first of the two transactions, (i) SLG will divest itself of those agreements with the residency requirements, (ii) the second newly formed subsidiary will assume those agreements, (iii) Mr.
Added
Results of Operations Table MD&A 1: Consolidated Results of Operations For the Year Ended December 31, 2025 2024 Net revenues $ 15,133,647 $ 17,771,485 Cost of revenues 13,521,329 14,136,742 Gross profit 1,612,318 3,634,743 Gross profit percentage 10.7 % 20.5 % Operating expenses: Selling, general and administrative expenses 9,258,199 1,208,630 Stock compensation expenses 3,898,867 10,000 Business combination expenses 11,870,114 — Total operating expenses 25,027,180 1,218,630 Operating (loss)/income (23,414,862) 2,416,113 Interest income 27,538 20,211 Interest expense (1,763,831) (1,209,502) Gain on debt settlement, net 1,221,635 — Other (expense)/income (129,564) 2,779 Other expense, net (644,222) (1,186,512) (Loss)/income before income taxes (24,059,084) 1,229,601 Provision for income tax — — Net (loss)/income (24,059,084) 1,229,601 Less: Net loss attributable to non-controlling interest 393,376 — Net (loss)/income attributable to Cycurion $ (23,665,708) $ 1,229,601 Revenue Revenues for the year ended December 31, 2025 decreased $2.6 or 14.8% compared to the year ended December 31, 2024.
Removed
Ed Burns will become the owner of a 51% interest in that newly formed subsidiary, and (iv) we will enter into a Management Agreement with that subsidiary, the economic terms and management/ control terms of which are intended to be the equivalent of complete ownership of that the 49% owned subsidiary. Mr.
Added
The cost of revenue is driven by the costs incurred while delivering services to our customers, therefore the decrease in costs is due to the decrease in revenues.
Removed
Ed Burns is currently the 51% owner of SLG and a resident of the City of Chicago. The SLG Term Sheet provides that, if, when, and as the transactions contemplated thereby are consummated, the two current owners of SLG will be issued an aggregate of 996,355 shares of Cycurion common stock.
Added
Selling, general and administrative expenses Our selling, general and administrative ("SG&A") expenses increased in 2025 compared to 2024 due to additional expenses being recognized in 2025 due to increased costs associated with being a publicly traded company and the addition key individuals for the company's growth strategy. 30 Table of Contents Stock compensation expenses Stock compensation expenses increased in 2025 compared to 2024 as a result of new compensation agreements with executives.
Removed
SLG is fully bound by the terms and provisions of the SLG Term Sheet and the related Management Agreement structure, although Cycurion Sub is permitted to terminate the SLG Term Sheet and to abandon the transactions contemplated thereby any time for any reason or for no reason prior to April 11, 2025, with no further obligations on Cycurion Sub’s part.
Added
Business combination expenses Business combination expenses in 2025 are a result of the business combination with Western. Interest income Interest income was $27,538 and $20,211 for the year ended December 31, 2025 and 2024, respectively. The change in interest income is a result of the balance of the underlying interesting earning assets.
Removed
As of the date of this Annual Report, although we reserve the right to modify the terms and provisions of the SLG Acquisition Agreement, we do not currently expect to terminate it and currently expect to close the transactions contemplated during our current fiscal quarter.
Added
Interest expense Interest expense for the year ended December 31, 2025 and 2024, was $1.8 million and $1.2 million, respectively. The change in interest expense is a result of the underlying debt instruments. For further information refer to debt footnotes.
Removed
Substantially all of the agreements to which SLG is a party have a provision that provides the counterparty to such agreement with a right to approve an assignment or change in control of SLG prior to its effectiveness. If an approval is not forthcoming, then the provisions of the SLG Acquisition Agreement permit us to excise that specific agreement.
Added
Gain on debt settlement, net The $1.2 million gain on debt settlement, net for the year ended December 31, 2025 is the result of the conversion of debt to various equity instruments at a lower fair market value than the exchanged debt on the books.
Removed
Upon such occurrence, we reserve that right to reduce the consideration that we would otherwise tender to the equity owners of SLG. 27 As amended by the parties, initially effective as of November 29, 2023 and subsequently effective as of April 29, 2024, August 16, 2024 and December 31, 2024, the SLG Term Sheet expires on the soonest of (i) closing of the transactions contemplated thereby, (ii) April 11, 2025, if the transactions contemplated thereby have not closed by then, (iii) Cycurion Sub’s termination thereof, and (iv) the mutual termination by all of the parties thereto.
Added
Liquidity and Capital Resources Our primary sources of liquidity are cash on hand, cash from operations, borrowings under our debt financing arrangements and equity raises through our equity line. As of December 31, 2025, we had $5.3 million in cash and cash equivalents.
Removed
Notwithstanding anything to the contrary contained therein, Cycurion Sub may terminate its obligations under the SLG Term Sheet and the transactions contemplated hereby for any reason or for no reason without any further obligations and without any liability at any time through and including April 11, 2025.
Added
We believe that our current cash position, access to the capital markets and cash flow generated from operations should be sufficient for our operating requirements through the next several fiscal years.
Removed
The SLG Term Sheet, as amended, consensually superseded, as noted therein, Cycurion Sub’s previous “unidirectional” agreements with SLG.
Added
Cash Flow Table MD&A 2: Net Changes in Cash and Cash Equivalents For the Year Ended December 31, 2025 2024 Net cash used in operating activities $ (12,086,357) $ (1,371,281) Net cash provided by/(used in) investing activities 1,414,523 (885,066) Net cash provided by financing activities 15,886,279 1,689,268 Net increase/(decrease) in cash and cash equivalents $ 5,214,445 $ (567,079) Net Cash Used In Operating Activities For the year ended December 31, 2025, net cash used by operating activities was $12.1 million, compared to $1.4 million for the year ended December 31, 2024.
Removed
The foregoing brief summary description of certain terms and provisions of (i) the SLG Term Sheet does not purport to be complete and is qualified in its entirety by reference to the full text of the SLG Term Sheet, a copy of which is attached to this Annual Report as Exhibit 10.12, (ii) the SLG Term Sheet Amendments, a copy of each of which is attached to this Annual Report as Exhibit 10.12a, Exhibit 10.12b, Exhibit 10.12c, and Exhibit 10.12d, and (iii) the SLG Management Agreement does not purport to be complete and is qualified in its entirety by reference to the full text of the SLG Term Sheet, a copy of which is attached to this Annual Report as Exhibit 10.12e.
Added
The main drivers of this increase are the additional merger expenses incurred in 2025 and the additional corporate level costs to build out a management team and brand for organic growth and acquisitions.
Removed
Nevertheless, as a result of our entry into the SLG Management Agreement with SLG, we still currently intend to consummate the transactions contemplated by the RCR Term Sheet in the first half of our current fiscal year.
Added
The cash inflow in 2025 was a result of the Trust Account (as defined below) for redemption and cash released from the Trust Account to the Company. 31 Table of Contents Net Cash Provided by Financing Activities For the year ended December 31, 2025, net cash provided by financing activities was $15.9 million.
Removed
The RCR Term Sheet provides that, if, when, and as the transactions contemplated thereby are consummated, RCR will be issued shares of our common stock.
Added
For the year ended December 31, 2024, net cash provided by financing activities was $1.7 million. The Company received $1.0 million from a private placement. Going Concern We have incurred operating losses since inception through the period ended December 31, 2025, having had negative cash flow from operations.
Removed
Further, as amended by the parties, initially effective as of November 29, 2023, and subsequently effective as of April 29, 2024, August 16, 2024 and December 31, 2024, the RCR Term Sheet expires on the soonest of (i) closing of the transactions contemplated thereby, (ii) April 11, 2025, if the transactions contemplated thereby have not closed by then, (iii) Cycurion’s termination thereof, and (iv) the mutual termination by all of the parties thereto.
Added
We also utilized cash in operations of approximately $12.1 million for the year ended December 31, 2025. As of December 31, 2025, we had unrestricted cash of approximately $5.3 million, an increase of $5.2 million from approximately $38,742 as of December 31, 2024.
… 55 more changes not shown on this page.