Ask an industrial engineer how their plant would recover if a controller's code got corrupted or encrypted, and the honest answer is often grim: a backup on someone's laptop, in a folder named “final_backup_2”.
Copia Automation wants to replace that with something closer to how software teams work.
The New York startup has raised $26mn to build version control, backups and recovery for the code that runs factories and infrastructure. The round, co-led by AE Ventures and Squadra Ventures, takes its total raised to $55mn.
The code that runs the physical world
Modern plants run on programmable logic controllers, or PLCs, the small computers that drive machinery and production lines. The catch is that ordinary IT software cannot protect them.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
Each vendor, Rockwell, Siemens, Schneider, uses its own proprietary tooling, much as Windows software will not run on a Mac.
So the discipline software teams take for granted, version history, validated backups, audit trails, mostly does not exist on the plant floor.
Copia is trying to bring it there, across vendors, for the software running the factory. It even offers a continuous-delivery system, essentially GitHub Actions for industrial code.
Reshoring meets ransomware
The timing is the pitch. Manufacturing is returning to the United States, and new, heavily automated facilities are coming online. At the same time, attackers are increasingly aiming at the controllers that run critical infrastructure. Manufacturing was the most-attacked industry of 2025, by one report.
Detection alone does not restore a plant. If a controller is encrypted or overwritten, recovery depends on knowing what changed and having a clean, validated version to put back. Copia's pitch, in its investors' words, is to become the “system of record” for that layer, the same way other startups are racing to protect critical infrastructure.
Operational memory, not a dashboard
It is an unglamorous category, and that may be the point. Copia is not selling another cyber dashboard. It is selling operational memory: what changed, what worked, and what can be restored. The round even mixed equity with venture debt, a nod to capital discipline.
The hard part is adoption.
A single factory can run several PLC vendors, decades of inherited code and undocumented emergency fixes, with maintenance teams under pressure to keep the line moving. Standardisation sounds obvious from headquarters. It sounds less obvious at 3am during a line stoppage.
Whether Copia can fit into that mess, without slowing it down, is the real test.