Red Cat Selects SpiderOak to Conduct Blue UAS Cybersecurity Assessment for Black Widow™ Platform

Rhea-AI Summary

Red Cat Holdings (NASDAQ: RCAT) selected SpiderOak to perform a comprehensive Blue UAS cybersecurity assessment of its Black Widow™ Short-Range Reconnaissance (SRR) platform, announced Dec 16, 2025. As a Defense Innovation Unit Recognized Assessor, SpiderOak will conduct vulnerability analysis, penetration testing, and Foreign Ownership, Control, or Influence (FOCI) evaluations to support Black Widow's inclusion on the Blue UAS Cleared List.

The assessment maps to NIST 800-171, NIST 800-53 and Executive Order 14028 and aims to validate cyber resilience, supply chain integrity, and faster fielding into Department of War operations.

Key Figures

NIST standard 800-171 Cybersecurity compliance framework referenced for assessments

NIST standard 800-53 Security and privacy controls framework cited in methodology

Executive Order 14028 U.S. cybersecurity-focused order guiding assessment requirements

Market Reality Check

$6.89 Last Close

Volume Volume 6,487,181 is roughly in line with 20-day average of 6,359,120. normal

Technical Price $7.48 is trading below the 200-day MA at $8.21, indicating pre-news weakness.

Peers on Argus 1 Down

RCAT was down 6.97% pre-news while key peers like LUNR (-7.72%), RDW (-8.62%), and EH (-4.93%) also traded lower, but MOBBW rose 19.69%, suggesting mixed, stock-specific dynamics rather than a clean sector move.

Historical Context

Date	Event	Sentiment	Move	Catalyst
Dec 02	Leadership changes	Neutral	-0.1%	COO promotion and new CFO appointment to support growth execution.
Nov 11	Veterans initiative	Positive	-5.3%	Raised over $13,000 for veteran charities via limited-edition wine.
Nov 04	Swarming partnership	Positive	-7.6%	Apium joins Red Cat Futures Initiative to advance swarming autonomy.
Nov 04	Earnings & conferences	Neutral	-7.6%	Scheduled Q3 2025 results release and upcoming investor conferences.
Oct 30	Blue UAS listing	Positive	-7.2%	FANG™ FPV drone added to Department of War Blue UAS Cleared List.

Pattern Detected

Recent positive operational and certification updates have frequently been followed by negative price reactions, suggesting a pattern of selling into good news.

Recent Company History

Over the last few months, Red Cat has focused on leadership, operational execution, and defense certifications. On Oct 30, 2025, its FANG™ FPV drone was added to the Department of War Blue UAS Cleared List, yet the stock fell 7.21%. A swarming autonomy partnership announced on Nov 4, 2025 and a veterans outreach initiative on Nov 11, 2025 also coincided with declines of 7.6% and 5.35%, respectively. Today’s cybersecurity assessment step for the Black Widow™ platform fits this broader push into secure, Blue UAS‑aligned capabilities.

Regulatory & Risk Context

Active S-3 Shelf Registration 2025-09-15

An active S-3 shelf registration filed on 2025-09-15 allows Red Cat to offer securities under predefined terms. The shelf is currently marked as not effective and shows 2 recent usages via 424B5 prospectus supplements, indicating the company has tapped this structure for capital raising.

Market Pulse Summary

This announcement highlights Red Cat’s effort to harden its Black Widow™ SRR platform via a Blue UAS cybersecurity assessment by a DIU Recognized Assessor. The work targets compliance with standards like NIST 800-171, NIST 800-53, and Executive Order 14028, supporting potential inclusion on the Blue UAS Cleared List. In recent months the company emphasized Blue UAS certifications and autonomy partnerships, so investors may watch for concrete contract wins and further regulatory milestones tied to these capabilities.

Key Terms

zero-trust technical

"SpiderOak, a leader in zero-trust cybersecurity solutions for space, aerospace, and defense"

Zero-trust is a cybersecurity approach that treats every user, device and network connection as potentially risky and requires verification before granting access to data or systems. Like checking ID at every door instead of assuming people inside are safe, it limits what each user can reach and records access. Investors care because it lowers the chance and cost of breaches, supports regulatory compliance, and can protect a company’s reputation and financial value.

short-range reconnaissance (srr) technical

"Black Widow™ Short-Range Reconnaissance (SRR) platform"

Short-range reconnaissance (SRR) is the use of sensors, small vehicles, drones or personnel to gather timely information about nearby areas, objects or activities. For investors, SRR matters because demand for these capabilities influences defense and security companies’ sales, product development and contract awards—similar to how a neighborhood watch’s tools and staffing affect local safety and the value of services that support it.

foreign ownership, control, or influence (foci) regulatory

"will conduct vulnerability analysis, penetration testing, and Foreign Ownership, Control, or Influence (FOCI) evaluations"

Foreign ownership, control, or influence (FOCI) describes situations where investors, managers, or other parties based in another country can own, direct, or heavily affect a company’s decisions or access to sensitive assets. Think of it like a foreign landlord or coach who can change how a business runs or who can enter its most important rooms. For investors, FOCI matters because it can trigger regulatory restrictions, security reviews, limits on contracts, or shifts in strategy that affect a company’s value and risk profile.

nist 800-171 regulatory

"meet or exceed requirements under NIST 800-171, NIST 800-53, and Executive Order 14028"

NIST 800-171 is a U.S. government guidance document that lists practical security steps organizations must take to protect sensitive, non-classified government information stored or processed on non-government computer systems. Think of it as a checklist of locks, alarms and rules companies must install to keep certain government data safe; compliance matters to investors because it affects a company’s ability to win or keep government contracts, avoid penalties, and limit cybersecurity-related financial and reputational risks.

nist 800-53 regulatory

"meet or exceed requirements under NIST 800-171, NIST 800-53, and Executive Order 14028"

NIST 800-53 is a widely used government-issued framework that lists security and privacy safeguards organizations can apply to their computer systems and data. Think of it as a building code for digital security: it helps companies reduce the chance of hacks, meet legal or contract requirements, and demonstrate they manage cyber risk. Investors watch compliance with NIST 800-53 because it can influence a firm’s regulatory exposure, business continuity, and long-term value.

executive order 14028 regulatory

"meet or exceed requirements under NIST 800-171, NIST 800-53, and Executive Order 14028"

An executive order directing the federal government to raise and standardize cybersecurity defenses, improve how agencies find and respond to breaches, and set stricter rules for the software and services they buy — think of it as a new nationwide building code for digital security. For investors, it matters because it changes what government contractors and technology vendors must deliver, can shift costs or create new revenue opportunities for security-focused firms, and can influence regulatory risk and disclosure expectations across affected industries.

supply chain forensics technical

"methodology integrates advanced threat modeling, secure-by-design analysis, and supply chain forensics"

Supply chain forensics is the investigative work that traces where products, parts, or materials come from and why breakdowns, delays, fraud, or contamination occurred—like a detective following crumbs back to their source. For investors it matters because these findings reveal hidden risks to production, costs, reputation, and legal exposure, helping assess whether a company’s operations are reliable, compliant, and likely to sustain profits or face unexpected losses.

AI-generated analysis. Not financial advice.

Services strengthen cyber resilience for Army's Short-Range Reconnaissance (SRR) program and future unmanned systems across all domains

RESTON, Va., Dec. 16, 2025 /PRNewswire/ -- SpiderOak, a leader in zero-trust cybersecurity solutions for space, aerospace, and defense, announced today that Red Cat Holdings (NASDAQ: RCAT), a recognized industry leader in advanced all-domain drone and robotic solutions for defense and national security, has selected SpiderOak to perform a comprehensive Blue UAS cybersecurity assessment of its Black Widow™ Short-Range Reconnaissance (SRR) platform.

As part of the Defense Innovation Unit's (DIU) Blue UAS framework, SpiderOak—an official Recognized Assessor—will conduct vulnerability analysis, penetration testing, and Foreign Ownership, Control, or Influence (FOCI) evaluations to support Red Cat's inclusion of the Black Widow™ on the Blue UAS Cleared List.

Strengthening Cyber Resilience Through Blue UAS Assessments

As a Defense Innovation Unit (DIU) Recognized Assessor, SpiderOak delivers a suite of independent cybersecurity evaluation services under the Blue UAS framework—designed to verify and enhance the cyber resilience of unmanned systems before they enter the Department of War supply chain.

For Red Cat's Black Widow™ platform, SpiderOak's team will perform a comprehensive Blue UAS assessment, including vulnerability analysis, penetration testing, and Foreign Ownership, Control, or Influence (FOCI) evaluations. These services provide critical validation that the platform meets stringent U.S. Government cybersecurity, supply chain, and compliance standards.

SpiderOak's methodology integrates advanced threat modeling, secure-by-design analysis, and supply chain forensics to help partners like Red Cat meet or exceed requirements under NIST 800-171, NIST 800-53, and Executive Order 14028. Through its role as a Recognized Assessor, SpiderOak supports the rapid fielding of trusted, mission-ready systems that advance U.S. defense and intelligence operations across all domains.

Support for Secure All-Domain Operations

"Red Cat is an industry leader pushing the boundaries of all-domain defense operations, and the Black Widow™ platform plays a critical role in ensuring our warfighters maintain situational advantage," said Michael Carlson, Senior Director of Business Development for SpiderOak. "Our Blue UAS assessment services are designed to deliver outcomes quickly for the warfighter—helping trusted partners like Red Cat validate cyber readiness, achieve certification, and get critical capabilities into the field sooner. By bringing zero-trust principles and a rigorous, data-driven assessment methodology to the forefront, we're enabling faster, more secure deployment of mission-critical UAS across the Department of War."

"Cybersecurity is foundational to trust and mission assurance," said Jason Gunter, VP of Tech and Innovation at Red Cat Holdings. "Working with SpiderOak ensures that Black Widow™ not only meets Blue UAS standards but sets a new benchmark for how defense-grade UAS platforms should approach cyber protection and supply chain integrity."

Enabling Secure UAS Integration into the DoD Supply Chain

This engagement reinforces the continued importance of the DIU Blue UAS program in accelerating access to secure and compliant unmanned systems across the Department of War. Through its role as a Recognized Assessor, SpiderOak supports industry partners in meeting stringent cybersecurity and compliance requirements while enhancing the resilience of command, control, and telemetry links across contested environments.

About SpiderOak

SpiderOak is a 100% U.S.-owned and operated software and services company dedicated to solving the computer security challenges of the 21st century. Our technology allows applications to secure all interactions between each other, providing strong assurances of authority and identity, as well as the flexibility to integrate with existing systems, software, and devices beyond centralized cloud services and data centers to the far reaches of the tactical edge. For more information about SpiderOak products, services, or business development opportunities, visit www.spideroak.com.

About Red Cat Holdings, Inc.

Red Cat (Nasdaq: RCAT) is a U.S.-based provider of advanced all-domain drone and robotic solutions for defense and national security. Through its wholly owned subsidiaries, Teal Drones and FlightWave Aerospace, Red Cat develops American-made hardware and software that support military, government, and public safety operations across air, land, and sea. Its Family of Systems, led by Black Widow™, delivers unmatched tactical capabilities in small, unmanned aircraft systems (sUAS). Expanding into the maritime domain through Blue Ops, Inc., Red Cat is also innovating in uncrewed surface vessels (USVs), delivering integrated platforms designed to enhance safety and multi-domain mission effectiveness. Learn more at www.redcat.red.

For media inquiries: 
press@spideroak.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/red-cat-selects-spideroak-to-conduct-blue-uas-cybersecurity-assessment-for-black-widow-platform-302643051.html

SOURCE SpiderOak Inc.

FAQ

What did Red Cat (RCAT) announce on December 16, 2025 about Black Widow security?

Red Cat said it selected SpiderOak to perform a Blue UAS cybersecurity assessment of the Black Widow SRR platform, including vulnerability analysis, penetration testing, and FOCI evaluations.

How will the SpiderOak Blue UAS assessment affect RCAT's Black Widow inclusion on the Blue UAS Cleared List?

The assessment provides the vulnerability and FOCI evaluations required to support Black Widow's inclusion on the Blue UAS Cleared List.

Which cybersecurity standards will SpiderOak use for the RCAT Black Widow assessment?

SpiderOak's methodology references NIST 800-171, NIST 800-53, and Executive Order 14028 for secure-by-design analysis and supply chain forensics.

Who is performing the Blue UAS assessment for Red Cat (RCAT)?

SpiderOak, a Defense Innovation Unit Recognized Assessor for Blue UAS, will perform the assessment.

What tests are included in the Blue UAS cybersecurity assessment for RCAT's Black Widow?

The assessment includes vulnerability analysis, penetration testing, and Foreign Ownership, Control, or Influence (FOCI) evaluations.