Code Metal Raises $125 Million to Rewrite the Defense Industry’s Code With AI

It’s a problem that has quietly plagued the Pentagon for decades: millions of lines of code written in languages that are effectively dead, running on systems that are too critical to turn off and too complex to replace. For years, the only solution was brute-force manual labor—armies of engineers painstakingly rewriting software line by line, a process that is slow, expensive, and fraught with risk. Now, a Boston-based startup called Code Metal believes it has found a better way, and the venture capital world is betting big that it’s right.

On February 19, 2026, Code Metal announced it had secured a staggering $125 million in Series B funding, a sum that immediately positions the company as a heavyweight in the nascent field of AI-driven legacy modernization. The news, first reported by Wired, signals a tectonic shift in how the defense industry—and by extension, the broader critical infrastructure sector—approaches its most stubborn technical debt.

This is not just another funding round. It is a declaration that the era of treating legacy code as an immovable object is over. The question now is whether Code Metal’s AI can safely navigate the minefield of defense-grade security requirements, or if the promise of automation will collide with the harsh realities of national security.

The $125 Million Bet on a New Kind of Code Rewrite

To understand why Code Metal’s Series B is so significant, you have to appreciate the sheer scale of the problem it is trying to solve. The defense industry runs on software that was written in the 1980s and 1990s—COBOL, FORTRAN, Ada, and early versions of C++. These systems control everything from missile guidance to logistics chains to encrypted communications. They are, by modern standards, brittle, insecure, and nearly impossible to maintain.

The traditional approach to modernization is a nightmare. It involves reverse-engineering the original code, understanding its exact behavior, and then manually rewriting it in a modern language like Rust or Go. This process is not just labor-intensive; it is dangerous. A single subtle bug introduced during the rewrite could compromise a system that has been battle-tested for decades. As a result, many defense contractors simply choose to leave the old code running, patching it with layers of duct tape and hoping for the best.

Code Metal’s thesis is that AI can change this calculus. Instead of relying on human engineers to manually translate code, the company has built a platform that uses machine learning models to understand the logic, structure, and dependencies of legacy software. The AI can then generate functionally equivalent code in a modern language, while also flagging potential vulnerabilities and suggesting optimizations. It is, in essence, a supercharged, security-aware code translator.

The $125 million injection will likely be used to scale this platform, hire top-tier AI researchers, and—crucially—navigate the labyrinthine certification processes required to get any new tool approved for use in defense environments. This is a capital-intensive business, and the size of the round reflects the high bar for entry. For context, the investment dwarfs recent rounds in adjacent spaces; for example, African defense tech startup Terra Industries raised just $22 million earlier in February 2026. Code Metal’s haul suggests that investors see a winner-take-most dynamic emerging in this niche.

Why Legacy Code Is the Pentagon’s Most Dangerous Vulnerability

The conventional wisdom in Silicon Valley is that “move fast and break things” is a virtue. In the defense industry, it is a cardinal sin. This fundamental tension is what makes legacy modernization so uniquely difficult.

Consider the lifecycle of a typical defense software system. It might have been designed in the 1990s, deployed in the early 2000s, and has been running continuously ever since. Over that time, the original developers have retired or moved on. The documentation is incomplete or lost. The codebase has been patched so many times that no single person understands the entire system. Yet, it works. It is reliable. And it is deeply, intrinsically insecure.

Modern cybersecurity threats—from nation-state actors to ransomware gangs—are designed to exploit the very weaknesses that plague these old systems. Buffer overflows, unpatched libraries, and lack of memory safety are common. The only way to truly fix these vulnerabilities is to rewrite the code. But rewriting the code risks breaking the functionality. This is the classic “modernization paradox”: you cannot afford to change it, and you cannot afford not to.

Code Metal’s AI offers a potential escape hatch. By automating the translation process, the company claims it can reduce the time and cost of a rewrite by an order of magnitude. More importantly, because the AI can analyze the entire codebase holistically, it can ensure that the new code is not just a direct translation but also incorporates modern security best practices. This is where the technology gets interesting: it is not just about copying code; it is about improving it during the migration.

This approach aligns with a broader trend in the tech industry toward using AI for code generation. Tools like GitHub Copilot have already shown that AI can be a powerful assistant for developers. Code Metal is essentially trying to build the enterprise-grade, security-hardened version of that concept, specifically for the most demanding environments on the planet.

The Hidden Cost of Automation: Security, Privacy, and the Human Factor

For all its promise, the introduction of AI into the defense software supply chain is not without profound risks. The same technology that can automatically rewrite legacy code could, in theory, be used to introduce subtle backdoors or vulnerabilities. How do you trust an AI model with code that controls a missile system?

This is the central tension that Code Metal must resolve. The company’s platform will likely need to undergo a rigorous certification process, possibly involving the National Security Agency (NSA) or the Defense Information Systems Agency (DISA). Investors are betting that Code Metal can build an AI that is not only smart but also provably safe. This might involve techniques like formal verification, where the AI’s output is mathematically proven to be equivalent to the original code, or differential privacy, where the model is trained on sanitized data to prevent leakage of sensitive logic.

There is also the question of data privacy. To train its models, Code Metal needs access to legacy codebases. These codebases are some of the most sensitive intellectual property in the world. Defense contractors will be rightfully paranoid about sending their source code to a third-party cloud service, even one that promises encryption. Code Metal will almost certainly have to offer on-premise deployment options or air-gapped solutions to win the trust of its core customers.

Furthermore, the human element cannot be ignored. The promise of automation often leads to fears of obsolescence. For the engineers who have spent decades maintaining these legacy systems, the arrival of AI might feel like a threat. However, the reality is likely more nuanced. As with many AI-driven transformations, the role of the engineer will shift from manual code translation to high-level oversight, architecture design, and AI model validation. The demand for deep expertise in both legacy systems and modern AI will skyrocket, creating a new class of “hybrid” engineers who are fluent in both the old and the new.

The Bigger Picture: A Blueprint for Modernizing All Critical Infrastructure

While the defense industry is the immediate focus, the implications of Code Metal’s success extend far beyond the battlefield. The problem of legacy code is universal. Banks run on COBOL. Airlines run on decades-old reservation systems. The power grid is controlled by software that predates the internet. Every single one of these sectors faces the same modernization paradox.

If Code Metal can prove its approach works in the most stringent environment—defense—it will have a blueprint for tackling every other sector. The $125 million round is a bet that the company can build a platform that becomes the standard for all high-stakes legacy modernization. This is a massive addressable market, and the company’s valuation likely reflects that ambition.

However, the path is not without competition. While Code Metal’s funding is large, other players are emerging. Terra Industries, for example, is taking a different approach by focusing on defense tech specifically for the African market. The broader landscape also includes established IT services giants like Accenture and IBM, which have their own legacy modernization practices, though they are largely human-driven. Code Metal’s edge is its AI-native DNA, which allows it to operate at a speed and scale that traditional consultancies cannot match.

The Verdict: A High-Stakes Experiment in Trust and Technology

Code Metal’s $125 million Series B is more than just a financial milestone. It is a high-stakes experiment in whether we can trust AI to handle our most critical digital infrastructure. The company is betting that the answer is yes, and that the benefits—faster modernization, lower costs, and improved security—will outweigh the inherent risks.

For the defense industry, this could be transformative. It could mean the difference between spending a decade modernizing a single system and doing it in a year. For the engineers involved, it means learning to work with a new kind of partner: an AI that can understand code better than any human ever could.

But the road ahead is long. The company must navigate a thicket of regulatory hurdles, build trust with paranoid customers, and prove that its AI is not just a clever tool but a reliable partner. If it succeeds, Code Metal will have rewritten more than just code—it will have rewritten the rules of how we maintain the digital backbone of the modern world. If it fails, the cautionary tale will echo through the industry for a generation. The next few years will be critical.

---

References

[1] Rss — Original article — https://www.wired.com/story/vibe-coding-startup-code-metal-raises-series-b-fundraising/

[2] TechCrunch — African defensetech Terra Industries, founded by two Gen Zers, raises additional $22M in a month — https://techcrunch.com/2026/02/16/terra-industries-raises-22-million/

[3] Ars Technica — Tesla slashes Cybertruck prices as it tries to move (unpainted) metal — https://arstechnica.com/cars/2026/02/tesla-slashes-cybertruck-prices-as-it-tries-to-move-unpainted-metal/

[4] Wired — They Bet Against Trump’s Tariffs. Now They Stand to Make Millions — https://www.wired.com/story/they-bet-against-trumps-tariffs-now-they-stand-to-make-millions/