Startup Diligence
Diligence report Enterprise application and API security Private unicorn / growth-stage cybersecurity company

Contrast Security

Contrast Security Startup Diligence Research Report

Public evidence supports a real company with material product and financing signals in Enterprise application and API security; underwriting should focus on Stale 2021 unicorn valuation with no audited public financials; Crowded AppSec/ASPM/ADR market with platform repositioning risk; Enterprise telemetry and AI-remediation claims require security validation.

Company profile

Contrast Security Startup Diligence Research Report

Contrast Security appears eligible as an uncovered private unicorn based on CB Insights/current public screens, but the diligence case is incomplete without private financial, customer, cap-table, legal and security records.

Website
www.contrastsecurity.com
Sector
Enterprise application and API security
Geography
United States - Pleasanton/Los Altos, California
Stage
Private unicorn / growth-stage cybersecurity company
Known aliases
Contrast Security Inc., Contrast
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • Contrast secures applications from within using live in-app runtime visibility and protection.
  • Contrast achieved unicorn status through a $150M Series E at greater than $1B valuation.

Risks

  • Stale public valuation and opaque financial quality
  • Crowded AppSec and platform-consolidation market
  • AI/runtime efficacy and integration risk
  • Customer concentration and renewal quality unknown
  • Enterprise GTM productivity not public

Gaps

  • Audited financial statements, ARR/revenue bridge, cash runway and board-approved plan.
  • Cap table, financing documents, preference stack, debt and option schedule.
  • Customer concentration, retention/churn, current contract status and reference calls.
  • Security/privacy/legal/IP/insurance records and counsel confirmation.

Recommended next steps

  • Open data-room request list focused on financials, customer schedules, cap table and legal/security evidence.
  • Run independent technical/product validation and customer reference calls.
  • Benchmark valuation and unit economics against direct public/private comparables.
  • Have counsel verify corporate status, litigation, regulatory exposure and material contracts.

Risk register

high high likelihood

R-002: Crowded AppSec and platform-consolidation market

Contrast competes against specialist AST/SCA vendors and larger security platforms that can bundle adjacent capabilities.

Diligence request: Run competitive win/loss calls, pricing benchmark and POC against top alternatives.

high medium likelihood

R-001: Stale public valuation and opaque financial quality

Latest public unicorn valuation anchors to 2021/CB Insights; audited revenue, ARR, margins and burn are not public.

Diligence request: Request audited financials, ARR bridge, bookings, gross margin by product, burn/runway and board-approved plan.

high medium likelihood

R-003: AI/runtime efficacy and integration risk

AI SmartFix and runtime instrumentation claims require validation for coverage, latency, false positives and secure remediation quality.

Diligence request: Perform technical diligence, customer telemetry review and red-team validation.

high unknown likelihood

R-004: Customer concentration and renewal quality unknown

Named logos do not disclose ARR, current contract status, expansion, churn or customer concentration.

Diligence request: Request top-customer revenue, cohorts, NRR/GRR, churn reasons and reference calls.

medium medium likelihood

R-006: Security-trust and data-processing exposure

Security products embedded in customer apps may process sensitive telemetry; trust artifacts and contractual risk allocation are not public.

Diligence request: Review SOC2/ISO reports, DPA, incident history, insurance and indemnity caps.

medium medium likelihood

R-008: Exit timing and secondary-market valuation risk

No obvious exit found, but the 2021 valuation may not reflect current software multiples or later preference stack.

Diligence request: Request cap table, preference stack, recent secondary marks and board financing alternatives.

medium unknown likelihood

R-005: Enterprise GTM productivity not public

Sales cycle, quota attainment, partner contribution and CAC payback are not publicly disclosed.

Diligence request: Request pipeline, bookings by channel, sales productivity and forecast accuracy.

medium unknown likelihood

R-007: IP ownership and patent defensibility not enumerated

Company claims patented sensors but public diligence lacks a full patent, license and open-source schedule.

Diligence request: Request patent schedule, invention assignments, OSS scans and infringement opinions.

Chapter 01

01Financial Information

Financial Information review for Contrast Security found public evidence for EC-001, EC-002, EC-010, EC-011 and material private-data gaps that should be closed before investment or acquisition reliance.

I.A Annual and quarterly financial information for the past three years

not publicly verifiable confidence: low

Annual and quarterly financial information for the past three years is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Audited statements, monthly management reports, backlog, AR aging and gross margin by product/channel/geography are private.

Hidden risks

  • Stale public valuation and opaque financial quality

Follow-up questions

  • Request company-provided evidence for annual and quarterly financial information for the past three years mapped to checklist item(s) I.A.1, I.A.2, I.A.3, I.A.4, I.A.5, I.A.6.
Public revenue / ARR / unit-economic signals
metricpublic signalverification statusdiligence request
ARR / revenueNo audited revenue or ARR public in screened sourcesnot_publicly_verifiableAudited financials, ARR bridge, gross margin, retention/churn, customer concentration and cash runway
Gross margin / unit economicsnot_publicly_verifiablenot_publicly_verifiableCAC, payback, sales efficiency, support cost and product gross margin
Backlog / AR aging / plan vs actualnot_publicly_verifiablenot_publicly_verifiableManagement reporting package, monthly KPIs, forecast accuracy and AR aging schedule

I.B Financial Projections

not publicly verifiable confidence: low

Financial Projections is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Board-approved projections, scenario model, pricing assumptions, capex plan and external financing assumptions are private.

Follow-up questions

  • Request company-provided evidence for financial projections mapped to checklist item(s) I.B.1, I.B.2, I.B.3, I.B.4, I.B.5, I.B.6, I.B.7, I.B.8.

I.C Capital Structure

not publicly verifiable confidence: low

Capital Structure is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Current cap table, stockholder list, options/warrants/notes, debt instruments and off-balance-sheet liabilities are private.

Hidden risks

  • Exit timing and secondary-market valuation risk

Follow-up questions

  • Request company-provided evidence for capital structure mapped to checklist item(s) I.C.1, I.C.2, I.C.3, I.C.4, I.C.5.
Capital structure / ownership snapshot
stakeholderpublic positiondiligence caveat
Founders / managementFounder/CTO and executive team publicly identifiedOwnership percentages, vesting, options, warrants and debt not public
Growth investorsNamed financing participants and CB Insights investorsShare classes, preferences and control rights require financing documents
Employees/options/debt holdersnot_publicly_verifiableRequest current cap table, option pool, SAFEs/notes, debt and 409A/common valuations

I.D Other financial information

partially verified confidence: low

Other financial information has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Hidden risks

  • Stale public valuation and opaque financial quality
  • Exit timing and secondary-market valuation risk

Follow-up questions

  • Request company-provided evidence for other financial information mapped to checklist item(s) I.D.1, I.D.2, I.D.3.
Public funding-round history
dateroundlead or participantsamountpost moneysource
2021-11-09Series ELiberty Strategic Capital; Warburg Pincus, Battery, General Catalyst, M12, AXA, Acero$150M$1.0BPublic unicorn/funding sources
not_publicly_verifiablePrior rounds / debtNot fully publicnot_publicly_verifiablenot_publicly_verifiableRequest data room schedule

Amounts and post-money values should be reconciled to financing documents.

Funding and company status timeline Public financing and status events.
Implied valuation trajectory Known public valuation anchor plus diligence gaps for other rounds.
Chapter 02

02Products

Products review for Contrast Security found public evidence for EC-003, EC-004 and material private-data gaps that should be closed before investment or acquisition reliance.

II.A Description of each product

verified confidence: medium

Description of each product has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Hidden risks

  • AI/runtime efficacy and integration risk

Follow-up questions

  • Request company-provided evidence for description of each product mapped to checklist item(s) II.A.1, II.A.2, II.A.3, II.A.4, II.A.5, II.A.6.
Product / SKU matrix
productaudiencekey featuresverification status
Contrast ADRSecurity/SecOpsApplication Detection and Response to detect and respond to attacks in running applicationsverified
Contrast ASTAppSec/developersApplication and API security testing, including Assess, SCA and Scan surfacesverified
Contrast OneEnterprise managed serviceManaged runtime security combining platform with AppSec expertisepartially_verified
Contrast AI SmartFix / GraphDevelopers and SecOpsAI remediation guidance and runtime graph context; public performance metrics undisclosedpartially_verified
Pricing and packaging comparison
package or comparatorpublic pricing signalverification statuscaveat
Contrast platform packagingQuote-based enterprise packagingnot_publicly_verifiablePublic nav shows pricing-and-packaging page but not public rates
CompetitorsOften seat/app/API-volume based in AppSec marketinconclusiveRequires direct quotes against Snyk, Veracode, Checkmarx, Palo Alto, Rapid7 and ASPM tools
Product and dependency architecture Public product families and dependencies.
Chapter 03

03Customer Information

Customer Information review for Contrast Security found public evidence for EC-005, EC-012 and material private-data gaps that should be closed before investment or acquisition reliance.

III.A Top customers by application

partially verified confidence: low

Top customers by application has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Hidden risks

  • Customer concentration and renewal quality unknown

Follow-up questions

  • Request company-provided evidence for top customers by application mapped to checklist item(s) III.A.
Publicly known customers and use cases
customer or segmentapplicationpublic evidenceverification status
Citizens BankFinancial servicesNamed as a company following Contrast planpartially_verified
BackbaseFinancial technologyNamed as a company following Contrast planpartially_verified
AARPMembership/nonprofitNamed as a company following Contrast planpartially_verified
UTIMCOInstitutional investment managementQuote about telemetry improving security posturepartially_verified

III.B Strategic relationships

verified confidence: medium

Strategic relationships has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for strategic relationships mapped to checklist item(s) III.B.
Strategic relationships and partnerships
partnernaturepublic evidenceverification status
Liberty Strategic CapitalSeries E lead / board influenceLed 2021 Series Everified
Warburg Pincus / Battery / General Catalyst / M12 / AXA / AceroExisting investors100% participation in Series E per releaseverified
AWS MarketplaceCloud marketplace distributionMarketplace listing for ADRpartially_verified
Customer / partner concentration proxy Publicly visible customer and partner references; revenue weights undisclosed.

III.C Revenue by customer

not publicly verifiable confidence: low

Revenue by customer is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Revenue by customer and any greater-than-5-percent concentration schedule are private.

Follow-up questions

  • Request company-provided evidence for revenue by customer mapped to checklist item(s) III.C.

III.D Significant relationships severed within the last two years

not publicly verifiable confidence: low

Significant relationships severed within the last two years is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Severed customer, partner or supplier relationships over the last two years require company confirmation.

Follow-up questions

  • Request company-provided evidence for significant relationships severed within the last two years mapped to checklist item(s) III.D.

III.E Top suppliers

verified confidence: medium

Top suppliers has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for top suppliers mapped to checklist item(s) III.E.
Top supplier / infrastructure dependency screen
supplier or dependencyrolepublic evidenceverification status
Cloud marketplacesDistribution/procurement routeAWS Marketplace listing observed; cloud hosting dependency not disclosedpartially_verified
Customer applications and APIsEmbedded runtime sensors depend on customer integration qualityPublic architecture implies in-app instrumentationverified
AI model/tooling providersAI SmartFix/MCP interoperabilityModel/vendor dependencies not disclosed publiclynot_publicly_verifiable
Chapter 04

04Competition

Competition review for Contrast Security found public evidence for EC-009 and material private-data gaps that should be closed before investment or acquisition reliance.

IV.A Competitive landscape by market segment

verified confidence: medium

Competitive landscape by market segment has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Hidden risks

  • Crowded AppSec and platform-consolidation market

Follow-up questions

  • Request company-provided evidence for competitive landscape by market segment mapped to checklist item(s) IV.A.1, IV.A.2.
Competitor comparison matrix
competitorsegmentproduct overlapsource or gap
SnykDeveloper security / SCA / code securityHigh product overlap in developer-first security; private/public valuation pressure relevantindependent market comparison required
VeracodeApplication security testingDirect AST/DAST/SCA overlap with enterprise buyersindependent market comparison required
CheckmarxAST / AppSec platformOverlaps with SAST/SCA/API security programsindependent market comparison required
Palo Alto / Wiz / ASPM entrantsCloud/AppSec platform consolidationLarge platforms may bundle posture management and runtime signalsinferred from category
Basis-of-competition scoring
axistarget positioncompetitor position or gapevidence claim
Runtime instrumentation depthStrong public positioningCompetitors vary; verify with POCsEC-004
Developer workflow fitClaims fast remediation and AI guidanceSnyk/Checkmarx/Veracode compete heavilyEC-008
Enterprise trust/complianceTrust center and named sectorsRequires SOC2/security artifactsEC-014
Competitive market map Positioning map based on public product scope and diligence judgment.
Chapter 05

05Marketing, Sales, and Distribution

Marketing, Sales, and Distribution review for Contrast Security found public evidence for EC-007, EC-013 and material private-data gaps that should be closed before investment or acquisition reliance.

V.A Strategy and implementation

partially verified confidence: low

Strategy and implementation has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for strategy and implementation mapped to checklist item(s) V.A.1, V.A.2, V.A.3, V.A.4.
Distribution channels and GTM motions
channelpublic evidencegap
Direct enterprise salesGlobal expansion and enterprise sectors citedPipeline, sales cycle and quota not public
Partner/channel/GSIPartner program links and portals publicRevenue contribution by channel not public
Cloud marketplacesAWS Marketplace listing visibleMarketplace revenue weight not public
Owned content/reportsThreat reports, Gartner report and buyer guides promotedLead conversion not public
Public marketing-signal summary
signalobserved evidenceevidence claim
Threat Report / Gartner contentOwned demand-generation assets are prominent in navigationEC-013
Industry pagesTechnology, financial services, healthcare and insurance pages signal vertical GTMEC-013
Award badgesPublic about page shows cybersecurity award badgesEC-004
GTM channel-mix diligence chart Public channels with undisclosed revenue mix.

V.B Major Customers

verified confidence: medium

Major Customers has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Hidden risks

  • Customer concentration and renewal quality unknown

Follow-up questions

  • Request company-provided evidence for major customers mapped to checklist item(s) V.B.1, V.B.2, V.B.3.

V.C Principal avenues for generating new business

verified confidence: medium

Principal avenues for generating new business has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for principal avenues for generating new business mapped to checklist item(s) V.C.

V.D Sales force productivity model

not publicly verifiable confidence: low

Sales force productivity model is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Quota, sales-cycle, attainment, compensation and sales productivity data are private.

Hidden risks

  • Enterprise GTM productivity not public

Follow-up questions

  • Request company-provided evidence for sales force productivity model mapped to checklist item(s) V.D.1, V.D.2, V.D.3, V.D.4.

V.E Ability to implement marketing plan with current and projected budgets

not publicly verifiable confidence: low

Ability to implement marketing plan with current and projected budgets is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Marketing budget, CAC, payback and forecast capacity are not public.

Hidden risks

  • Enterprise GTM productivity not public

Follow-up questions

  • Request company-provided evidence for ability to implement marketing plan with current and projected budgets mapped to checklist item(s) V.E.
Chapter 06

06Research and Development

Research and Development review for Contrast Security found public evidence for EC-008 and material private-data gaps that should be closed before investment or acquisition reliance.

VI.A Description of R&D organization

verified confidence: medium

Description of R&D organization has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for description of r&d organization mapped to checklist item(s) VI.A.1, VI.A.2, VI.A.3.
Key R&D personnel / leadership
name or rolerolepublic background
Jeff WilliamsCo-founder & CTOOWASP founder/Top 10 creator; security leadership background
Faya PengChief Product OfficerLeads runtime security platform and ADR product strategy
David LindnerCISO / Contrast LabsThreat-intelligence and appsec leadership

VI.B New Product Pipeline

partially verified confidence: low

New Product Pipeline has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Hidden risks

  • AI/runtime efficacy and integration risk

Follow-up questions

  • Request company-provided evidence for new product pipeline mapped to checklist item(s) VI.B.1, VI.B.2, VI.B.3, VI.B.4.
Public product / research pipeline
project or capabilitystatuspublic signal or gap
Contrast GraphCommercial platform capabilityRuntime intelligence model for application/API ecosystem
AI SmartFixPublicly promoted capabilityAI-assisted remediation claims need efficacy testing
ADR category expansionEmerging categoryGTM and category leadership not yet financially verified
R&D portfolio map Public R&D and product pipeline map.
Chapter 07

07Management and Personnel

Management and Personnel review for Contrast Security found public evidence for EC-006 and material private-data gaps that should be closed before investment or acquisition reliance.

VII.A Organization Chart

verified confidence: medium

Organization Chart has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for organization chart mapped to checklist item(s) VII.A.
Public leadership org chart Public senior leadership structure.

VII.B Historical and projected headcount by function and location

verified confidence: medium

Historical and projected headcount by function and location has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for historical and projected headcount by function and location mapped to checklist item(s) VII.B.
Headcount and hiring signals
periodpublic headcount anchorpublic evidence or gap
2021 Series Enot_publicly_verifiableCompany planned global expansion but did not disclose headcount in release
2026 public sitenot_publicly_verifiableCurrent employee count by function/location not public
Headcount trend anchors Known headcount anchors and missing current function/location details.

VII.C Senior management biographies

verified confidence: medium

Senior management biographies has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for senior management biographies mapped to checklist item(s) VII.C.
Senior management roster
nameroleprior roles or notes
Rick FitzChief Executive OfficerFormer Splunk SVP/GM; enterprise software scaling background
Jeff WilliamsCo-Founder & Chief Technology OfficerApplication-security and OWASP background
David LindnerChief Information Security and Data Privacy OfficerApplication-security professional and Contrast Labs lead
Faya PengChief Product OfficerGlobal product strategy for runtime security/ADR
Shay MowlemChief Marketing OfficerSoftware marketing leadership from NinjaOne, Illumio, Rubrik, MuleSoft and Splunk

VII.D Compensation arrangements

not publicly verifiable confidence: low

Compensation arrangements is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Employment agreements, benefits, severance and compensation arrangements are private.

Follow-up questions

  • Request company-provided evidence for compensation arrangements mapped to checklist item(s) VII.D.1, VII.D.2.

VII.E Incentive stock plans

not publicly verifiable confidence: low

Incentive stock plans is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Equity incentive plan, grants, vesting and refresh practices are private.

Follow-up questions

  • Request company-provided evidence for incentive stock plans mapped to checklist item(s) VII.E.

VII.F Significant employee relations problems, past or present

not publicly verifiable confidence: low

Significant employee relations problems, past or present is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Employee-relations complaints, investigations and settlements require HR/counsel confirmation.

Follow-up questions

  • Request company-provided evidence for significant employee relations problems, past or present mapped to checklist item(s) VII.F.

VII.G Personnel Turnover

not publicly verifiable confidence: low

Personnel Turnover is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Two-year turnover by function/location and regretted attrition are private.

Follow-up questions

  • Request company-provided evidence for personnel turnover mapped to checklist item(s) VII.G.1, VII.G.2.
Departures / turnover signals
person or grouppublic signaldiligence request
Senior-management departuresnot_publicly_verifiable in screened sourcesTwo-year turnover report, regretted departures, offer acceptance, attrition by function/location
Employee relations issuesnot_publicly_verifiable in screened sourcesHR complaints, litigation, employee engagement, severance and retention plans
Chapter 08

08Legal and Related Matters

Legal and Related Matters review for Contrast Security found public evidence for EC-014 and material private-data gaps that should be closed before investment or acquisition reliance.

VIII.A Pending lawsuits against the Company

not publicly verifiable confidence: low

Pending lawsuits against the Company is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Complete litigation docket search and counsel letter are required.

Follow-up questions

  • Request company-provided evidence for pending lawsuits against the company mapped to checklist item(s) VIII.A.
Pending lawsuits against the company
matterstatusdiligence request
No material lawsuit identified in public screennot_publicly_verifiableNeed litigation search in state/federal dockets and counsel confirmation

VIII.B Pending lawsuits initiated by Company

not publicly verifiable confidence: low

Pending lawsuits initiated by Company is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Plaintiff-side litigation schedule is not public.

Follow-up questions

  • Request company-provided evidence for pending lawsuits initiated by company mapped to checklist item(s) VIII.B.
Pending lawsuits initiated by the company
matterstatusdiligence request
No material plaintiff-side lawsuit identified in public screennot_publicly_verifiableNeed docket search and counsel schedule

VIII.C Environmental and employee safety issues and liabilities

partially verified confidence: low

Environmental and employee safety issues and liabilities has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for environmental and employee safety issues and liabilities mapped to checklist item(s) VIII.C.1, VIII.C.2.

VIII.D Material patents, copyrights, licenses, and trademarks

partially verified confidence: low

Material patents, copyrights, licenses, and trademarks has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Hidden risks

  • IP ownership and patent defensibility not enumerated

Follow-up questions

  • Request company-provided evidence for material patents, copyrights, licenses, and trademarks mapped to checklist item(s) VIII.D.
Material IP assets
assetjurisdiction or sourcestatus or gapverification status
Patented in-app sensorsUnited States / global likelyPublicly claimed; patent numbers not enumerated in public reportpartially_verified
Contrast trademarks/logos/product namesTrademark jurisdictions not collectedNeed USPTO/WIPO/EUIPO schedulenot_publicly_verifiable

VIII.E Insurance coverage and material exposures

not publicly verifiable confidence: low

Insurance coverage and material exposures is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Insurance policies, retentions, exclusions and claim history are private.

Hidden risks

  • Security-trust and data-processing exposure

Follow-up questions

  • Request company-provided evidence for insurance coverage and material exposures mapped to checklist item(s) VIII.E.

VIII.F Material contracts

not publicly verifiable confidence: low

Material contracts is not fully publicly verifiable for Contrast Security; public sources provide context but transaction-grade records must be requested.

Evidence gaps

  • Material contracts, termination rights, indemnities and change-of-control provisions are private.

Hidden risks

  • Security-trust and data-processing exposure

Follow-up questions

  • Request company-provided evidence for material contracts mapped to checklist item(s) VIII.F.
Material contracts / insurance exposure
contract or policypublic gappriority
Enterprise customer MSAsMaterial terms, SLAs, indemnities and termination rights not publichigh diligence priority
Insurance policiesCyber/E&O/D&O coverage not publicmedium diligence priority

VIII.G Regulatory agency problems

partially verified confidence: low

Regulatory agency problems has public evidence for Contrast Security, but should be reconciled to company records and third-party confirmations.

Evidence gaps

  • Public evidence is directional; private records and direct confirmations are required for transaction-grade diligence.

Follow-up questions

  • Request company-provided evidence for regulatory agency problems mapped to checklist item(s) VIII.G.
Regulatory / agency actions and safety issues
agency or topicaction or exposurestatusverification status
Privacy/cookie and security trust representationsCompany website / customer trustPublic trust center exists; security certifications need artifact reviewinconclusive
Legal and regulatory timeline Public legal, regulatory and diligence-request timeline.
Full risk-register heatmap Risk severity/likelihood map for the diligence register.

Evidence

Evidence claims
IDClaimStatusSources
EC-001 CB Insights lists Contrast Security as a current unicorn with a $1B valuation and 2021 date joined. verified high SRC-001
EC-002 Contrast announced a $150M Series E at a greater-than-billion-dollar valuation led by Liberty Strategic Capital. verified high SRC-002
EC-003 Contrast markets a runtime application-security platform spanning ADR and AST products. verified high SRC-003
EC-004 Contrast claims patented in-app sensors and a unified platform purpose-built for live application-layer attacks. verified medium SRC-004
EC-005 Contrast publicly names Citizens Bank, Backbase, AARP and UTIMCO as customer/adoption references. partially verified medium SRC-004
EC-006 Contrast discloses a senior leadership team including Rick Fitz, Jeff Williams, David Lindner, Faya Peng and Shay Mowlem. verified high SRC-005
EC-007 Contrast reports global expansion and customer adoption in EMEA/APAC as use of Series E proceeds. partially verified medium SRC-002
EC-008 Contrast positions AI SmartFix and Contrast Graph as newer product/R&D directions. partially verified medium SRC-003
EC-009 Contrast competes in application security testing, runtime security, API security and ASPM categories. verified medium SRC-003SRC-007SRC-008
EC-010 Detailed financial statements, customer concentration, churn, sales productivity and cap-table terms are not public. not publicly verifiable high SRC-001SRC-002
EC-011 No obvious IPO, acquisition or shutdown result was found in the public search screen; CB Insights still lists the company. partially verified low SRC-001SRC-009
EC-012 Contrast exposes customer and partner portals and partner-program surfaces. verified medium SRC-004
EC-013 Contrast operates in sectors including technology, financial services, healthcare and insurance. verified medium SRC-004
EC-014 Legal, IP ownership, insurance coverage and material contracts require diligence beyond public pages. not publicly verifiable high SRC-004SRC-010

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.