Research note
An empirical look at overlay attacks against OCC-regulated mobile applications
May 2026
Read paper →DevTest Cyber engineers the runtime, attestation, and audit infrastructure that OCC-regulated institutions deploy when failure is not an option. Quietly. Consistently. Across cycles.
To our partners, customers, regulators, and the institutions we serve —
When DevTest Cyber was founded, we asked ourselves a question that the industry had stopped asking: what would security look like if it were designed for the institutions that cannot tolerate failure? Not for the marketing slide, not for the conference circuit — for the real operational burden carried by the chief risk officer of a regulated bank at 3am.
The answer was PrimeShield. A tamper-resistant runtime, a measured-boot platform (Prime-OS), and an audit console pre-mapped to OCC Bulletin 2026-08. Engineered from New York for OCC-regulated institutions, and now deployed in 40+ markets by organizations whose names you know.
We measure ourselves against a single yardstick: would the customer’s board be glad they chose us, in the quarter where it mattered most? JPMorgan Chase answered yes when they shipped Chase Mobile two weeks ahead of their OCC deadline — and we intend to keep earning that answer, one decade at a time.
With gratitude,
James Donovan
Chief Executive Officer · DevTest Cyber
| Transactions secured (annual) | $3.3 trillion |
| Mobile installations protected | 821 million |
| Institutional customers | 159 |
| Jurisdictions served | 40 |
| Service availability (rolling 12-mo) | 99.997% |
We design for the institutions whose mistakes appear in regulatory enforcement orders. Every capability has been earned in deployment.
The tamper-resistant runtime SDK for mobile banking, payments, and identity applications. Integrated into iOS and Android codebases without disruption to product velocity.
A measured-boot platform that isolates payment, signing, and identity operations from the host operating system, with attestation traceable to silicon.
Continuous evidence collection pre-mapped to OCC Bulletin 2026-08, with exportable attestations for second-line risk and audit functions.
Structured, real-time signal on jailbreak, root, hook, repackage, and emulator activity — delivered into the customer's existing SIEM in the customer's existing taxonomy.
Hardware-backed device identity and signing primitives, phishing-resistant by construction, mapped to the customer's authoritative identity record.
USA
84 DevTest Plaza
United Kingdom
30 St Mary Axe, EC3A 8BF
Switzerland
Bahnhofstrasse 45, 8001
Japan
Marunouchi 2-7-2, Chiyoda
Leads DevTest Cyber's strategy and customer engagement. Background in regulated technology and applied cryptography.
Heads the PrimeShield platform team. Designs the secure runtime architecture and signing infrastructure.
Prior CFO of two listed financial-technology companies. Sits on the audit and risk committees of three central-bank advisory boards.
Spent two decades inside OCC-supervised institutions before joining the firm. Leads the risk, compliance, and regulator-engagement function.
Direct correspondence to the office of the chief executive: [email protected]
We are building a multi-decade institution. Our hiring reflects that timeline.
| Engineering | Principal Engineer — PrimeShield Runtime | USA |
| Engineering | Staff Mobile Engineer (iOS / Android) | USA |
| Research | Threat Research Lead | USA |
| Risk & Compliance | Director — OCC Engagement | USA |
For institutional engagements and regulator briefings, please correspond directly with the office of the chief executive. For platform evaluations and pilot engagements, our solutions team responds within one business day.