Updated:
Exostar
Exostar runs the aerospace and defense industry's secure identity and supply-chain network, founded by Boeing, Lockheed Martin, and peers in 2000.
Exostar
Founded in 2000 by five of the world's largest aerospace and defense manufacturers — BAE Systems, Boeing, Lockheed Martin, Raytheon, and Rolls-Royce — Exostar was structured from inception as a neutral, industry-owned platform to resolve a structural problem. The defense supply chain required a way to securely share sensitive technical data, verify identities, and manage digital risk across thousands of suppliers without each prime contractor building a proprietary, incompatible portal. Exostar's initial focus was on providing secure identity federation and encrypted collaboration for the F-35 Joint Strike Fighter program, which demanded seamless, auditable data exchange across an unprecedented international partner network. Exostar's core offering spans three integrated domains: identity and access management, secure collaboration, and supply-chain risk management. Its identity-proofing service authenticates individual users against verifiable credentials, while its hosted Exchange Email service provides encrypted, regulatory-compliant communications for government contractors handling International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) controlled data. The platform's Supply Chain Risk Management module enables continuous monitoring of supplier financial health, cybersecurity posture, and compliance status — a function that became critical during the 2020 pandemic disruption and subsequent executive orders on supply-chain resilience. While Exostar does not publish a traditional allocation, its observed posture is one of a deeply embedded, specialist enterprise-software provider, rather than a generalizable venture or growth-equity platform; its scale is measured in community breadth—serving over 150,000 organizations across more than 175 countries, including the US Department of Defense and its entire tier-one contractor ecosystem. Exostar is headquartered in Herndon, Virginia, and operates as a privately held LLC. Its ownership remains concentrated among the founding consortium and related defense-sector stakeholders, with governance structured to prevent any single sponsor from dominating the platform. The organization underwent a leadership transition in 2024, elevating Richard Addi to CEO. Addi had previously served as the company's Vice President of Product and Technology, signaling an emphasis on platform evolution and data-driven innovation. Unlike defense-tech startups that pursue discontinuous venture-scale returns, Exostar's value proposition is orthogonal: it is a cooperative digital infrastructure play, where adoption depth and community stickiness define its moat rather than financial AUM. Exostar's structural differentiator is its unique consortium ownership model. It is neither a traditional enterprise-software company seeking to maximize shareholder return, nor a purely government-run utility; it is an industry-owned cooperative whose incentives are aligned with ecosystem security and interoperability. This design means the platform can impose security standards that individual firms could not enforce unilaterally without violating antitrust norms — effectively serving as a sanctioned trust broker for the defense-industrial base. Succession and governance are managed through a board comprised of representatives from the founding companies, ensuring the platform's neutrality endures even as individual corporate influencers evolve.
General information
Firm type
Asset Manager
Year founded
2000
AUM
Undisclosed
Location
Region
North America
Country
United States
City
Herndon
Corporate office
Herndon, VA, United States
Principals
Richard Addi
CEO
Sector focus
Frequently asked questions
Why was Exostar founded, and by whom?
Exostar was founded in 2000 as a joint venture between BAE Systems, Boeing, Lockheed Martin, Raytheon, and Rolls-Royce. The founding consortium faced an escalating operational problem: securely sharing sensitive engineering, procurement, and compliance data with a sprawling, multi-tiered global supply base. Each firm developing its own proprietary portal was inefficient and created fragmentation. Exostar was created as a shared, neutral platform to solve this collective-action problem, standardizing identity-proofing and encrypted collaboration while ensuring no single prime contractor controlled the access layer.
What does Exostar's identity and access management system actually do?
Exostar's identity management system serves as a federated credential exchange for the defense and aerospace industrial base. It verifies individual identity, organization affiliation, and clearance levels, then issues a trusted digital credential recognized across the entire participating network. This enables a supplier engineer, for example, to use one authenticated identity to access protected engineering data across Boeing, Lockheed Martin, and their sub-tier partners, eliminating redundant registration and compliance checks.
How does Exostar address supply-chain cybersecurity risk?
The platform's Supply Chain Risk Management module performs continuous, automated monitoring of supplier entities for cyber hygiene, financial stability, and regulatory sanctions. It aggregates signals from public and proprietary data sources to generate risk scores that prime contractors and government agencies use for compliance with DFARS and CMMC requirements. Exostar's model uniquely embeds this monitoring within the identity layer, so access authorization and risk are coupled — a supplier's digital access can be dynamically adjusted based on its current cyber posture.
Is Exostar a family office or a traditional venture capital firm?
No. Exostar is not a family office, and it does not function as a venture capital or institutional allocator. It operates as a specialist enterprise-software company providing identity and supply-chain security services to the aerospace-and-defense sector. Its ownership is consortium-based — originally formed by five competing defense primes — which gives it a unique quasi-utility character, but its primary activity is platform operation, not managing a diversified investment portfolio.
Who are Exostar's primary users and customers?
Exostar's community includes over 150,000 organizations spanning more than 175 countries. The core user base consists of the five founding aerospace-and-defense prime contractors, the US Department of Defense, and their extended global supply chains. Usage is concentrated among procurement professionals, engineers, compliance officers, and IT security staff who require auditable access to controlled technical data and who must demonstrate supply-chain risk management under federal regulation.
How is Exostar governed given its competitive founding membership?
Exostar is governed by a board of directors comprising representatives from its founding and subsequent industry stakeholders. This structure is designed to preserve platform neutrality and prevent any single defense contractor from exerting unilateral control over security policy or commercial terms. The governance model is a core part of its value proposition: the industry trusts Exostar because it is collectively owned, not captured by any one firm's strategic interests.
Does Exostar manage any investment funds or outside capital?
No public record indicates Exostar manages third-party capital or operates any investment funds. The entity is a private operating company focused on delivering its identity, collaboration, and risk-management platform to the defense-industrial base. Its scale is measured in community breadth, not AUM.
Profile maintained by Altss using OSINT (open-source intelligence), regulatory filings, licensed data partners, and verified direct submissions. Read the methodology. Last updated: . Continuous refresh with full update cycles at least every 30 days.
Need institutional-grade insight on asset managers?
Altss delivers:
Prefer a guided tour?
We’ll walk you through: