Nubeva Technologies : MD&A - Nine Months Ended January 31, 2022

Nubeva Technologies Ltd.

MANAGEMENT DISCUSSION AND ANALYSIS

This Management Discussion and Analysis (this "MD&A") is dated March 24, 2022 and is intended to assist the reader in understanding the results of operations and financial condition of Nubeva Technologies Ltd., ("Nubeva" or the "Company"). This MD&A should be read in conjunction with the following information that can be obtained from www.sedar.com :

1. the Company's unaudited condensed interim consolidated financial statements for the nine months ended January 31, 2022 and accompanying notes; and
2. the Company's management discussion and analysis for the year ended April 30, 2021.

The condensed consolidated interim financial statements of Nubeva have been prepared in accordance with IFRS as issued by the International Accounting Standards Board ("IASB") and interpretations of the International Financial Reporting Interpretation Committee ("IFRIC").

Nubeva's reporting currency is United States Dollars and its functional currency is Canadian Dollars. The functional currency of each entity is measured using the currency of the primary economic environment in which that entity operates. The Company has the following wholly owned operating subsidiaries:

Subsidiary	Operating location	Functional currency
Nubeva, Inc.	San Jose, California	United States Dollars
Nubeva PTY Ltd.	Sydney, NSW Australia	Australian Dollars

CAUTION ON FORWARD-LOOKING INFORMATION

This MD&A contains certain "forward-looking information" and "forward-looking statements" (collectively "forward-lookingstatements") within the meaning of applicable Canadian securities legislation. When we discuss our strategy, plans, outlook, future financial and operating performance, financing plans, growth in cash flow and other events and developments that have not yet happened, we are making forward-looking statements. All statements in this MD&A that address events or developments that we expect to occur in the future are forward-looking statements, including the following:

• the development and capabilities of Nubeva (as defined herein) to provide the security platform and services;
• our plan to expand operations by adding additional customers;
• our expectations in relation to working capital; and
• our expectations in relation to our future financial needs.

Forward-looking statements are statements that are not historical facts and are generally, although not always, identified by words such as "expect", "plan", "anticipate", "project", "target", "potential", "schedule", "forecast", "budget", "estimate", "intend" or "believe" and similar expressions or their negative connotations, or that events or conditions "will", "would", "may", "could", "should" or "might" occur. All such forward-looking statements are based on the opinions and estimates of management as of the date such statements are made. Forward-looking statements necessarily involve assumptions, risks and uncertainties, certain of which are beyond the Company's control, including the following:

• our dependence on suppliers and customers;
• our untested business model;
• our ability to attract customers;
• the competitive nature of the cloud-based security market;

1

• our ability to manage our growth;
• exchange rate risks;
• regulatory risks;
• our future operations;
• our dependence on key personnel;
• dilution to present and prospective shareholders;
• the lack of a market for our securities; and
• our share price.

The Company assumes no responsibility to revise forward looking statements to reflect new information, subsequent events or changes in circumstances, except as required by applicable securities laws.

1. History of the Business

The Company's registered and records office is located at 750 West Pender Street, Suite 401, Vancouver, BC Canada V6C 2T7.

Nubeva Technologies Ltd. (formerly Sherpa Holdings Corp.) was incorporated on February 3, 2017 under the Business Corporation Act of British Columbia as a capital pool company ("CPC"). The Capital Pool System was set up by the TSX to provide private companies with an alternative method to go public.

Nubeva, Inc. was incorporated under the laws of the State of Delaware on March 30, 2016. Nubeva Inc.'s wholly-owned subsidiary, Nubeva Pty Ltd. was incorporated under the laws of New South Wales, Australia on April 20, 2016. Nubeva is based in San Jose, California and its principal activity is the development and commercialization of software to enable organizations to extend and run their visibility and security controls inside public and private clouds.

2. Core Business

Nubeva develops and licenses software-based decryption solutions to businesses, governments, and organizations. The solutions include TLS(SSL) network decryption that broadens network traffic security and visibility for cybersecurity and application monitoring manufacturers, and the Company's newly released flagship solution: Ransomware Reversal which decrypts files and data that are encrypted by ransomware attacks, without paying ransoms for faster and lower cost restoration of operations. Both solutions are powered by the company's proprietary and patented Session Key Intercept ("SKI") technology that enables the discovery and copy of the keys used to encrypt network traffic or files at the moment of encryption. With the keys available, decryption is not only possible, but is fast, easy, and extremely efficient. Security and Application Monitoring and assurance systems.

In calendar Q3'21, Nubeva discovered that its SKI technology could be adapted to the urgent and growing global crisis of ransomware. The macro problem is that despite all the new security and backup technologies available, and increased spending on them over the past few years, ransomware attacks continue to grow in volume, ransom dollars, and most importantly in overall impact to organizations due to operational disruption. Ransomware continues to find holes in the status-quo solutions and due to its success has become

1. multi-billion-dollarcriminal "Growth Industry."

The Company assessed the market opportunity and its ability to execute ransomware attacks and began to redirect the majority of all new product developments and marketing efforts to ransomware. In Q4 the Company began to pre-announce its capability. In late January, the Company released its first commercial version of the product: Ransomware Reversal and has begun sales and marketing to end-users organizations,

2

manages security service providers, and to OEM solution manufacturers.

RANSOMWARE SOLUTION

Ransomware is an accelerating global crisis

In the world of security and law enforcement there are many ways in which criminals "ransom" (extort monies) for demands. "Ransomware" is synonymous with crypto-ransomware, which is malicious software whose impact is the encryption of data files on a computer to disable access use. When the ransom is paid, typically in Bitcoin, keys are supplied to the victim in order to unlock the files and restore operations. Today ransomware threat actor "gangs" have become very good at maximizing operational outages to extract maximum ransom amounts. Ransoms have grown 10x over the last 3 years and there are many reports that the true cost to an organization is over 10x that in the total cost of recovery, losses for operational disruptions, lost customers, and brand damage. As a result, of their success and the anonymity of cryptocurrency, ransomware has become a multi- billion dollar "growth industry." Law enforcement, intelligence agencies, as well as the cyber insurance industry all predict significant growth in ransomware attacks for the next 3 to 5 years.

Status-Quo Solutions Are Insufficient

There are two main categories of solutions to ransomware: cybersecurity solutions and backup and recovery solutions. Despite all the innovations and steady increases in spending year over year on these solutions, ransomware continues to grow. Clearly, there are gaps in the status quo No different than the last 20 years of fighting malicious software, ransomware attackers always find a new offense for the latest and greatest defense. The attack surface, attack vectors and methods, and threat actors continue to grow. Moreover, many organizations simply do not have the budgets, talent, or maturity to implement and operate those technologies properly. Thus, a vast number of businesses, governments, critical local infrastructure, and education are all exposed. And while backup systems and strategies a critical, it is often infeasible to have real-time backups of all data. And worse, ransomware has become very good at disabling or corrupting backups in order to create data gaps and average recovery from backups can range from 5 to over 22 on average.

Nubeva Ransomware Reversal is A New Solution

Nubeva's Ransomware Reversal solution provides a completely new approach in the fight against ransomware. Rather than trying to try and detect and block potential threats as the rest of the cybersecurity industry attempts, Nubeva assumes they will get through and succeed sooner or later. At that point, Ransomware Reversal is the easiest, fastest, and lowest cost way to recover from successful attacks. The business value is simple and clear, lower the risk and costs of ransomware attacks. Nubeva's solution consists of very small endpoint software that is installed on servers, desktops, and laptop computers. When ransomware detonates and begins encrypting files, the Nubeva software intercepts and saves copies of the encryption keys. Then, as companies begin their incident response to the attack, Nubeva works with those teams to supply decrypted software that uses the keys to restore the data. Ransomware reversal is trivial to implement and operate and support small to extremely large environments based on its open, modern, cloud-delivered architecture.

Nubeva markets Ransomware Reversal to end-user companies and organizations as a direct solution, to managed security service providers and incident response companies to enhance their offering and grow their business, and to cybersecurity manufacturers to license and include in their existing

3

products and offerings. Initially, Nubeva is pursuing all three routes to market and various vertical segments within each.

TLS SOLUTION

Deep and Thorough Inspection of Network Traffic is Mission Critical

Enterprises and service providers must inspect and monitor their network traffic between applications, data centers, clouds, the internet, and end-users and their devices. The drivers are cybersecurity and application performance monitoring and assurance. They need to look at the flows of connections and the actual data transmitted to detect and defend from cyber threats as well as to diagnose and resolve application issues to keep their businesses and services up and running.

Nearly All Network Traffic is Encrypted With TLS

At the same time, security and regulatory requirements have led the world to a point where nearly all traffic is encrypted end-to-end, using the industry-standard protocol known as TLS. (Transport Layer Security, the successor to SSL, is a cryptographic protocol designed to provide communications security over a computer network.) While TLS provides essential security and privacy, it also hides the actual data and details of these communications from view. This includes malicious software such as ransomware and viruses as well as application performance details such as database and API (Application Programming Interface) calls and their responses. In fact, it has been well reported that over 46% of malware now hides inside standard encrypted traffic flows. Up over 100% in just 12 months. The implication is that IT and Security teams must decrypt traffic in order to inspect it or take on significant risks, cyber and operational. More recently the industry- standard bodies released TLS version 1.3, a new version that provides much needed security enhancements but at the same time, makes it much more difficult to lawfully decrypt for inspection of that traffic. TLS 1.3 adoption is beginning to take off and is expected to be universally employed by 2025.

Traditional Decryption Solutions are Falling Short

Traditionally, solution providers of security and application inspection services relied on three decryption methods. However, one, Passive Intercept, the simplest and least disruptive, is obsolete with TLS 1.3. The other two, Man-in-the-Middle and Reverse-Proxy based decryption, have a growing list of traffic that cannot be decrypted and have rising performance and operational challenges due to modern computer, network, and security architectures. The result?

• For the enterprises: Reduced product visibility equals increased risk and the need for compensating controls and systems. Existing investments and their supporting policies, procedures, and staff are facing end of life.
• For the solution providers and manufacturers: These limitations lead to reduced product capability and solution value which directly impacts sales, increases friction, reduces deal size, and ultimately reduces market opportunity.

Nubeva Has a Breakthrough Technology Solution

In June 2019, Nubeva launched the Session Key Intercept ("SKI") technology as a modern decryption solution to address this problem. At its core, SKI is patented software that has perfected the ability to get individual TLS session encryption keys out of computer systems in real-time and allow authorized systems to use those keys to decrypt TLS to enable full network traffic inspection.

4

Nubeva SKI, unlike all previous decryption methods, does so without manipulating the traffic, modifying protocols or the connection itself, or using the ultra-secret, master server security keys and certificates. SKI is more reliable, less disruptive, requires lower resources, is better performing, and more secure than legacy methods. Unlike legacy options, SKI works universally on all TLS traffic for all use cases and in nearly any computing environment including private datacenter, public clouds such as AWS, Google and Azure, and on the internet.

3. Overall Performance

During the nine months ended January 31, 2022, and to the date of this MD&A, in addition to continuing to provide critical updates for existing applications, Nubeva focused on its next major development with the introduction of SKI for ransomware. Set to be launched in the second quarter of F2022, this development is expected to be a groundbreaking solution to the ever-expanding problem of ransomware and present Nubeva and the OEM's that license its products and services with a leading market opportunity.

Also, during the quarter, as R&D efforts on ransomware continued to yield very positive results, management continued to shift and invest more resources into that opportunity. The Company also halted negotiations on substantial contracts whose terms would have put the ransomware technology and future potentials in jeopardy. As a result, the investment in the ransomware opportunity is materially affecting financial performance and pipeline growth for TLS.

Product Development

• In January 2022 the Company announced the commercial availability of its anticipated Ransomware Reversal solution. With this announcement, the Company began making the product available to sales prospects for evaluations, proof of concepts, as well as sales.
• In December 2021 the Company announced positive results from third-party testing on new Ransomware Reversal technology. The findings validate previous claims that Nubeva can intercept encryption keys and decrypt (reverse) ransomware 96.84% of the time. Over four weeks, tests were conducted against thousands of random ransomware samples never seen by Nubeva. The samples came from both active and legacy families of malicious software, including Conti, Lockbit, Pysa, Haron, AvosLocker. The test group included cybersecurity manufacturers, managed security service providers, and end-users.
• In September 2021 the Company announced the successful completion of initial testing of a new universal solution for ransomware recovery. Based on early positive indications from research in fiscal Q4 2021, the Company increased investments into ransomware solutions using SKI technology. During fiscal Q1 2022, the Company succeeded in producing working software that could successfully restore and recover systems that have been ransomed. The Company conducted numerous successful tests on live, active, and advanced ransomware forms.
• In July 2021 Nubeva announced support for Windows 11 which is set to be released later in 2021.
• In June 2021 Nubeva announced its initial support for Windows Server 2022. Nubeva plans to release support at the time of Microsoft's system's general availability. The public preview of Microsoft Windows Server 2022 was recently announced and will be delivered later this year. Security is the headline priority of Microsoft Systems, including the default use of TLS 1.3 encryption. The Company believes that as mission-criticalapplications will be run on Microsoft's newest platform, the ability to inspect this traffic will be paramount.

5