Startup Diligence
Diligence report Managed cybersecurity, MDR, EDR, identity threat detection, SIEM and security awareness training for SMBs/MSPs Private unicorn / late-stage venture-backed cybersecurity company

Huntress

Huntress Startup Diligence Report

Huntress appears to be a late-stage managed-cybersecurity platform benefiting from SMB/MSP demand, transparent pricing, 24/7 SOC positioning, product breadth and acquisition-led expansion. The diligence case depends on validating ARR quality, partner/customer concentration, competitive durability, SOC/product efficiency and legal/privacy controls.

Company profile

Huntress Startup Diligence Report

Proceed to focused confirmatory diligence. Public evidence supports Huntress as an active private cybersecurity unicorn with credible product, channel and team signals, but core underwriting facts remain private.

Website
www.huntress.com
Sector
Managed cybersecurity, MDR, EDR, identity threat detection, SIEM and security awareness training for SMBs/MSPs
Geography
United States-based company with remote/global team and international data-transfer posture
Stage
Private unicorn / late-stage venture-backed cybersecurity company
Known aliases
Huntress Labs, Huntress Labs Incorporated, Huntress Labs, Inc.
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • Series D page supports $150M raised at a $1.55B valuation.
  • Product pages support a platform spanning EDR, ITDR, SIEM and SAT.
  • Partner and MSP pages support a material MSP/reseller channel motion.

Risks

  • Valuation/ARR without audited financial quality, cap-table and cash/debt proof.
  • Unknown customer, MSP partner concentration, churn and retention.
  • Intense MDR/EDR/SIEM competition and pricing pressure.

Gaps

  • Audited financials, exact ARR, gross margin, burn, runway, cash/debt and forecast model.
  • Cap table, investor preferences, option pool, warrants, notes and ownership schedule.
  • Top-customer/partner concentration, NRR/GRR, churn, contracts and reference calls.
  • SOC/product efficacy, architecture, security reports, incident history and product-level economics.
  • Legal/IP assignments, patent/trademark schedule, insurance, litigation and regulatory correspondence.

Recommended next steps

  • Run finance and revenue-quality diligence before relying on the $1.55B headline valuation.
  • Conduct customer/partner calls and request concentration/churn/NRR evidence.
  • Benchmark pricing, win/loss and technical efficacy against MDR/EDR/SIEM competitors.
  • Have counsel and security specialists review privacy, SOC 2, pentest, IP, contracts, insurance and litigation materials.

Risk register

high high likelihood

R-003: Crowded MDR/EDR/SIEM market and pricing pressure

Large security platforms and MSP-focused MDR vendors market overlapping 24/7 SOC and MDR offerings; Huntress publishes transparent per-unit prices that may anchor buyer expectations.

Diligence request: Run win/loss calls, pricing benchmark, feature-benchmark and churn analysis versus CrowdStrike, Arctic Wolf, Blackpoint, Sophos and other MDR vendors.

high medium likelihood

R-001: Financial opacity and valuation durability

Huntress has a public $1.55B valuation and scale signals, but exact ARR, audited revenue, gross margin, cash, debt, burn, retention and cap-table economics are private.

Diligence request: Obtain audited financials, management accounts, ARR bridge, cash/debt schedule, forecast model, cap table and financing documents.

high unknown likelihood

R-002: Customer and MSP-channel concentration unknown

Public case studies and partner pages validate channel/product usage, but revenue concentration, partner churn, end-customer ownership and renewal cohorts are not public.

Diligence request: Request top-customer/partner revenue schedule, customer contracts, NRR, GRR, churn reasons and independent references.

medium medium likelihood

R-004: Acquisition and roadmap execution risk

Level Effect, Curricula and Inside Agent broaden the platform, but integration quality, roadmap delivery, cross-sell and retention of acquired talent are not publicly verifiable.

Diligence request: Review product roadmap, acquired-code integration, retention packages, roadmap burndown and product attach-rate cohorts.

medium medium likelihood

R-005: Privacy, telemetry and regulatory exposure

Huntress handles broad security telemetry and may collect suspicious files; this creates privacy, DPA, retention, subprocessor and incident-response obligations.

Diligence request: Have counsel and security reviewers inspect DPA, subprocessor list, retention controls, SOC 2, pentest findings and incident history.

medium medium likelihood

R-006: People scaling, remote operations and retention opacity

Public materials show a remote global team and stock options, but current headcount, attrition, comp bands, key-person retention and employment agreements are private.

Diligence request: Request HRIS exports, org chart, attrition by function, comp philosophy, option plan, key employment agreements and background checks.

medium medium likelihood

R-008: Third-party platform and supplier dependency

Product scope depends on endpoints, Microsoft 365 identities, logs, cloud services and subprocessors; outages, API changes or partner conflicts could affect service quality.

Diligence request: Review architecture diagrams, cloud commitments, Microsoft dependency, subprocessor terms, business-continuity tests and incident history.

medium unknown likelihood

R-007: Legal, IP and contract schedule gaps

Limited public searches found no CourtListener records, but patent assignments, contracts, insurance and litigation schedules are incomplete without company/counsel records.

Diligence request: Request counsel letter, litigation docket, patent/trademark schedule, assignment documents, commercial contracts and insurance policies.

Chapter 01

01Financial Information

Public evidence supports Huntress as an active private unicorn with strong funding and product-scale signals, but audited financials, ARR quality, cap table terms, cash/debt and tax/accounting policies are private.

I.A Annual and quarterly financial information for the past three years

not publicly verifiable confidence: low

Public sources provide funding, pricing, ARR-adjacency and endpoint scale signals, but audited financial statements, AR aging, backlog and management reports are not public.

Evidence gaps

  • Audited income statements, balance sheets, cash flows, AR aging, backlog, management reports, revenue by product/channel/geography.

Hidden risks

  • Headline endpoint and valuation metrics may obscure churn, discounting, support cost and revenue-recognition risk.

Follow-up questions

  • Provide audited financials, management accounts, ARR bridge, AR aging, backlog and revenue breakdown by product, channel and geography.
Public financial, scale and unit-economics signal matrix
itempublic signalverification statusfollow up request
ARR/revenueNear-$100M ARR narrative but no exact audited ARR disclosed.partially_verifiedARR bridge, revenue-recognition memo, bookings and retention cohorts.
Protected endpoints2M+ endpoints milestone and prior endpoint-count progression.verifiedBillable active endpoint reconciliation and churn.
PricingPer-unit public pricing across EDR, ITDR, SIEM and SAT.verifiedActual ASP, discounting, gross margin and support cost by product.
Financial statements/cash/debt/taxNo public audited statements, cash, debt, AR aging or tax schedule found.not_publicly_verifiableAudited statements, cash/debt, tax, AR aging, backlog and management accounts.

Most chapter I checklist items require private financial records.

I.B Financial Projections

partially verified confidence: medium

Financing and public pricing support growth context, but detailed forecasts, assumptions, capital needs and scenario planning are private.

Evidence gaps

  • Three-year projections, product/channel/customer revenue model, capex, working capital and financing assumptions.

Hidden risks

  • List pricing may not equal actual ASP; growth forecasts may depend on partner expansion and cross-sell not visible publicly.

Follow-up questions

  • Provide board-approved forecast, pipeline coverage, scenario sensitivities, capital plan and product/channel revenue assumptions.
Public funding-round history
dateroundamountlead or participantsvaluation or termsdiligence caveat
2021-05-06Series B$40MJMI Equity; ForgePoint Capital; Gula Tech AdventuresNot disclosed publiclyRequest stock purchase agreement and valuation.
2023-05-16Series C$60MSapphire Ventures; JMI; ForgePointNot disclosed publiclyRequest cap table, preferences and investor rights.
2024Series D$150MKleiner Perkins; Meritech Capital; Sapphire Ventures$1.55B valuationConfirm post-money calculation, preferences and dilution.

Funding history is public; legal terms are not.

Funding and valuation trajectory Shows public financing amounts and the only public valuation point identified.

Prior valuations were not public.

Financing and product expansion timeline Chronological view of financing and acquisition milestones.

I.C Capital Structure

partially verified confidence: medium

Public sources name investors and executives but do not disclose shares, preferences, option pool, warrants, debt or off-balance-sheet obligations.

Evidence gaps

  • Cap table, option schedule, warrants, SAFEs/notes, debt instruments and investor-rights agreements.

Hidden risks

  • Liquidation preferences and option overhang could materially affect common-equity economics.

Follow-up questions

  • Provide fully diluted cap table, financing documents, option plan, debt schedule and change-of-control terms.
Capital structure and ownership snapshot
stakeholder or instrumentpublic positionunknowns
Founders/managementCofounders publicly listed in leadership and board sections.Ownership percentages, vesting and founder liquidity unknown.
Growth/venture investorsJMI, ForgePoint, Gula, Sapphire, Kleiner Perkins and Meritech publicly named across rounds.Preferences, pro rata, vetoes and board rights unknown.
Employee optionsCareers page says all full-time teammates receive stock options.Plan size, exercise prices, refresh grants and dilution unknown.
Debt/warrants/off-balance sheetNo public evidence found.Request debt instruments, warrants, leases and contingencies.

Public investor names are not a substitute for a cap table.

I.D Other financial information

not publicly verifiable confidence: low

Tax positions, accounting policies, revenue recognition and financing history details are not public beyond high-level funding announcements.

Evidence gaps

  • Tax positions, NOLs, revenue recognition policy, accounting policies and detailed financing history.

Hidden risks

  • Revenue recognition, multi-product bundle allocation and partner billing may complicate ARR quality.

Follow-up questions

  • Provide revenue-recognition memo, tax schedule, accounting policies and financing-history schedule.
Chapter 02

02Products

Huntress publicly markets a broad managed cybersecurity platform spanning EDR, ITDR, SIEM and SAT, with acquisitions supporting expansion; independent product-performance and margin validation remains required.

II.A Description of each product

verified confidence: high

Public product pages verify a broad managed security platform spanning EDR, ITDR, SIEM and SAT, with acquisitions supporting product expansion.

Evidence gaps

  • Independent detection benchmarks, product-level ARR/gross margin, roadmap burndown, architecture and customer attach-rate cohorts.

Hidden risks

  • Broader product breadth increases integration and support complexity; performance evidence is company-controlled.

Follow-up questions

  • Provide architecture, detection benchmarks, product P&Ls, roadmap, SOC SLA metrics and cohort attach-rate data.
Product and SKU matrix
productaudiencepublic featuresstatus
Huntress platformMSPs, SMBs and internal IT/security teamsUnifies endpoints, identities, logs and learners backed by SOC.verified
Managed EDREndpoint security buyers/MSPsOwn-built EDR technology, 24/7 AI-assisted SOC and threat hunters.verified
Managed ITDRMicrosoft 365/identity security buyersCredential theft, session hijacking and rogue OAuth app protection.verified
Managed SIEMSecurity operations/compliance buyersLog/data-source SIEM offering with per-source pricing.verified
Managed SATSecurity awareness/training buyersManaged story-driven security awareness training and simulations.verified

Feature claims are company-marketed; validate performance independently.

Public pricing and packaging matrix
skupublic priceunit driverdiligence issue
Managed EDR$8.99/month per endpointEndpointsASP and gross margin after MSP discounts.
Managed ITDR$4.80/month per identityIdentitiesAttach rate to EDR and Microsoft dependency.
Managed SIEM$4.00/month per data sourceData sourcesStorage/log-cost exposure and source expansion.
Managed SAT$2.08/month per learnerLearnersTraining content refresh costs and churn.

Pricing may vary by region, commitment, discounts and partner tier.

Product roadmap and acquisition pipeline
initiativesource signalexpected or reported timingkey risk
Recon / network-aware EDRLevel Effect Recon technology acquired.2021 acquisition; initial updates expected in Q3 2021 per release.Integration and IP assignment.
Security awareness trainingCurricula acquired and added to platform.2022 acquisition; currently marketed as Managed SAT.Adoption and content economics.
ISPMInside Agent acquisition core to ISPM.Planned launch in 2026.Forward-looking execution and Microsoft integration.
AI-centric SOC / AthenaPlatform page names Athena and AI-centric SOC.Marketed on current platform page.Accuracy, false positives and SOC productivity proof.

Roadmap items require product-management diligence and customer validation.

Huntress platform architecture from public descriptions Conceptual architecture based on public product pages and privacy policy.
Chapter 03

03Customer Information

Named case studies and partner pages validate MSP/customer use cases, but top-customer revenue, churn, supplier spend and partner concentration are not public.

III.A Top customers by application

partially verified confidence: medium

Named case studies validate use cases, but top-customer lists and revenue by application are not public.

Evidence gaps

  • Top 15 customers for two fiscal years and current YTD by application, product ownership and purchase timing.

Hidden risks

  • Referenceable customers may not represent average retention, size or profitability.

Follow-up questions

  • Provide top-customer schedule, contracts, product ownership, ARR and renewal/churn history; arrange reference calls.
Public customer and case-study evidence
customer or partneruse caseproducts namedrevenue disclosed
BARR AdvisoryCompliance-driven cybersecurity services for clients.Managed SAT; Managed EDRNo
ACT Network SolutionsMSP client protection across endpoint, identity, cloud and SIEM.Managed EDR; Managed ITDR; Managed SAT; Managed SIEMNo; 800+ endpoints managed disclosed.
Public case-study libraryMultiple named MSP/customer pages exist in sitemap.VariesNo top-15 or >5% customer revenue disclosed.

Case studies validate use cases but not customer concentration.

Customer evidence and concentration disclosure chart Bar chart showing public customer evidence anchors and missing revenue-concentration disclosure.

III.B Strategic relationships

verified confidence: high

Public pages verify MSP, reseller and alliance partner motions, but economics and concentration are private.

Evidence gaps

  • Strategic-relationship revenue contribution, co-marketing agreements and partner contracts.

Hidden risks

  • A small number of large MSP/reseller partners could concentrate revenue and bargaining power.

Follow-up questions

  • Provide top partner revenue, agreements, renewal history, discounts and partner pipeline metrics.
Strategic relationships and partner ecosystem
relationship typepublic evidencepotential valuegap
MSPsDedicated MSP page and partner program.Scalable channel for SMB reach.Top MSP revenue and churn not public.
ResellersPartner page offers reseller path.Additional distribution reach.Reseller contract terms and margins not public.
Tech alliances / MicrosoftPartner page links tech alliances and Microsoft partnership.Integration and co-selling surface.Formal agreements and revenue impact not public.
Acquired companiesLevel Effect, Curricula and Inside Agent acquisition sources.Product-line expansion.Earnouts, retention and integration economics not public.

Strategic relationship revenue contribution is not disclosed.

III.C Revenue by customer

not publicly verifiable confidence: low

Endpoint scale is public, but revenue by customer and any >5% customer disclosures are not.

Evidence gaps

  • Revenue by customer, partner, end customer, product and geography; >5% customer analysis.

Hidden risks

  • Large endpoint counts could sit behind a limited number of MSPs or customer accounts.

Follow-up questions

  • Provide revenue concentration schedule, billable endpoint reconciliation and top-partner/end-customer split.

III.D Significant relationships severed within the last two years

not publicly verifiable confidence: low

No public evidence of significant severed customer, partner or supplier relationships was identified, but absence of evidence is not confirmation.

Evidence gaps

  • Significant customer/partner/supplier relationship terminations in last two years.

Hidden risks

  • Lost MSPs or major churn could be material but invisible publicly.

Follow-up questions

  • Provide lost-customer/partner list, churn reasons, win-back plans and any termination notices.

III.E Top suppliers

partially verified confidence: medium

Public sources identify Microsoft, telemetry, cloud/subprocessor and SOC dependencies at category level but not supplier spend or contractual terms.

Evidence gaps

  • Top suppliers, cloud commitments, data-subprocessor terms, SOC staffing suppliers and spend concentration.

Hidden risks

  • Cloud, Microsoft or subprocessor changes could affect costs, data residency and product performance.

Follow-up questions

  • Provide supplier schedule, cloud contracts, subprocessor list, BCP tests and Microsoft integration terms.
Top-supplier and platform-dependency matrix
dependencypublic signalriskdiligence request
Microsoft ecosystemITDR and Microsoft 365 security pages/partnership references.API, licensing and competitive-platform dependency.Review Microsoft integration agreements and API-change exposure.
Cloud/service subprocessorsPrivacy policy references service providers/subprocessors and trust-center list.Data processing, residency and outage exposure.Obtain subprocessor list, cloud commitments and business continuity tests.
SOC/security operations workforce24/7 SOC positioning across platform and products.Labor cost, coverage, false positives and alert fatigue.Review SOC staffing model, SLA, automation metrics and retention.

Supplier spend and contracts were not public.

Chapter 04

04Competition

The MDR/EDR/SIEM market is visibly crowded with large security platforms and MSP-focused rivals; Huntress differentiation must be validated through win/loss and pricing diligence.

IV.A Competitive landscape by market segment

verified confidence: high

Public competitor pages verify a crowded MDR/EDR/SOC market with overlapping claims from large and focused vendors.

Evidence gaps

  • Win/loss data, pricing benchmarks, churn reasons, feature comparisons and buyer reference calls.

Hidden risks

  • Competitors can bundle or discount aggressively, compressing Huntress pricing and partner economics.

Follow-up questions

  • Conduct competitive win/loss interviews and build pricing/feature benchmark by segment.
Competitor comparison matrix
companysegmentoverlap with huntresspublic positioningdiligence question
HuntressSMB/MSP managed security platformTarget companyMSP-friendly EDR/ITDR/SIEM/SAT backed by SOC.Can Huntress sustain low-touch economics and high retention?
CrowdStrikeEnterprise endpoint/platform/MDRMDR, endpoint, identity and SIEM platform breadth.Elite 24/7 MDR and broad Falcon platform.Does enterprise platform pricing or partner program pressure Huntress?
Arctic WolfMDR/SOC serviceManaged detection and response.Concierge/agentic SOC MDR.How does Huntress compare on service model and outcomes?
Blackpoint CyberMSP-focused MDRMSP/MDR/SOC overlap.24/7 SOC and partner-focused MDR.Is MSP channel loyalty defensible?
SophosEndpoint/security platform/MDRMDR and partner channel.24/7 managed detection and response.Can Huntress defend price/performance versus larger suites?

Use customer win/loss calls to validate competitive positioning.

Basis-of-competition scorecard
axishuntress public positioncompetitor pressurerisk
Price transparencyPublishes per-unit prices.Larger platforms can bundle/discount.Margin compression.
MSP channel fitDedicated MSP platform and partner program.Blackpoint and Sophos also partner/MDR oriented.Partner churn and switching.
Platform breadthEDR, ITDR, SIEM, SAT and SOC.CrowdStrike and Sophos offer broad suites.Need ongoing R&D and integrations.
Service outcome/SOC quality24/7 AI-assisted/human SOC.Competitors also claim 24/7 SOC/MDR.Requires independent SLA and outcome proof.

Scores are qualitative because win/loss and retention data are private.

MDR/EDR competitive positioning map Market map of Huntress and selected MDR/EDR competitors using public positioning.
Chapter 05

05Marketing, Sales, and Distribution

Public pages verify MSP/reseller/direct/alliance GTM motions and transparent per-unit pricing, but channel mix, CAC, quota attainment and pipeline quality are private.

V.A Strategy and implementation

verified confidence: high

Public evidence supports MSP, reseller, direct/demo and alliance GTM motions with transparent per-unit pricing.

Evidence gaps

  • Channel mix, CAC by source, conversion rates, marketing attribution and PR/program ROI.

Hidden risks

  • Transparent pricing may aid demand generation but reduce negotiation leverage.

Follow-up questions

  • Provide channel P&L, pipeline source data, marketing attribution and partner program economics.
Distribution channels and GTM motions
channelpublic evidencelikely motiongap
MSPsDedicated MSP page and partner program.Channel-led SMB distribution.Revenue mix, partner concentration and churn.
ResellersPartner page offers reseller route.VAR/reseller resale motion.Margin structure and top resellers.
Direct/demoPricing page has demos, calculator and direct pricing language.Inbound demo/direct for internal IT/security teams.Pipeline, conversion and CAC.
Tech alliances/MicrosoftPartner page and Microsoft partnership link.Integration-led credibility and co-marketing.Formal co-sell and integration economics.

Channel weights are not publicly disclosed.

Public marketing and PR signal summary
signalevidenceinterpretationdiligence gap
Funding PRSeries B/C/D pages and press releases.Creates credibility and brand awareness.Media impact and pipeline attribution.
Customer storiesBARR and ACT case studies.Supports referenceable MSP/customer marketing.Reference independence and selection bias.
Endpoint milestone2M+ endpoint journey page.Scale proof for MSP/SMB buyers.Active/billable endpoint reconciliation.
Thought leadership/reportsManaged ITDR report, product resources and trust center.Supports category education.Download volume, MQL quality and conversion.

Marketing efficacy metrics are not public.

Public GTM channel evidence chart Bar chart of channel categories with public evidence, not revenue weights.

V.B Major Customers

partially verified confidence: medium

Public case studies show satisfied named customers/partners, but major-customer status and future growth with them are private.

Evidence gaps

  • Major customer relationship status, renewal likelihood, upsell pipeline and expansion opportunities.

Hidden risks

  • Case studies may omit churned or underperforming accounts.

Follow-up questions

  • Provide major-customer health scores, expansion pipeline, renewal dates and reference-call access.

V.C Principal avenues for generating new business

verified confidence: high

Principal public avenues are MSPs, resellers, direct demos/pricing and tech alliances.

Evidence gaps

  • Source-to-close conversion, partner certification, partner support cost and churn.

Hidden risks

  • Partner success may depend on enablement, support load and partner profitability.

Follow-up questions

  • Provide channel-funnel metrics and partner cohort analysis.

V.D Sales force productivity model

not publicly verifiable confidence: low

Public pricing informs unit drivers, but sales compensation, quotas, ramp, sales cycle and hiring plan are not public.

Evidence gaps

  • Sales compensation, quota, attainment, ramp, sales cycle, pipeline coverage and hiring plan.

Hidden risks

  • SMB/MSP sales economics can deteriorate if support/SOC cost scales faster than ARR.

Follow-up questions

  • Provide sales productivity dashboard, compensation plan, pipeline by stage and CAC/payback by channel.
Sales-force productivity public-gap table
metricpublic statuswhy it mattersrequest
Quota and attainmentNot publicValidates productivity and capacity planning.Quota, attainment, ramp and sales headcount by segment.
Sales cycle and pipelineNot publicSupports forecast accuracy.Pipeline by stage, cycle length, conversion and source attribution.
CAC/paybackNot publicCritical for SMB/MSP economics.CAC, payback, gross margin and support cost by channel.
Pricing/discountsList pricing public; discounts private.Impacts ARR quality and margins.Actual ASP, discount bands and renewal uplift.

Sales productivity cannot be verified from public sources.

V.E Ability to implement marketing plan with current and projected budgets

not publicly verifiable confidence: low

The $150M raise supports capacity to fund marketing, but budget adequacy and efficiency are not public.

Evidence gaps

  • Marketing budget, hiring plan, CAC trend, brand spend and conversion efficiency.

Hidden risks

  • Budget may need to rise to defend share against well-funded competitors.

Follow-up questions

  • Provide operating plan, marketing budget, CAC/LTV model and competitive spend benchmark.
Chapter 06

06Research and Development

Public leadership and acquisition evidence support an active R&D/product roadmap, including planned ISPM, but R&D cost, delivery timing, technical debt and IP ownership need private review.

VI.A Description of R&D organization

partially verified confidence: medium

Public leadership and acquisition sources identify technical leaders and acquired assets, but R&D org structure and cost are private.

Evidence gaps

  • R&D headcount by function/location, budget, roadmap ownership, security engineering process and technical debt.

Hidden risks

  • Key-person risk and acquired talent retention could affect roadmap delivery.

Follow-up questions

  • Provide R&D org chart, roadmap, engineering KPIs, security SDLC and acquired-talent retention status.
R&D leadership and technical-asset table
person or assetrole or asset typepublic signaldiligence issue
Chris BisnettCTO & CofounderListed on leadership page.Technical leadership depth and key-person risk.
John FerrellCo-Founder & Technical Director, Threat OperationsListed on leadership page.Threat-ops leadership continuity.
Recon / Level Effect IPAcquired EDR/network technologyRecon technology and related IP portfolio acquired.Assignment chain and product integration.
Inside Agent team/capabilityAcquired Microsoft 365 security capabilityInside Agent acquisition for ISPM.Retention and roadmap execution.

R&D org size and cost are not public.

VI.B New Product Pipeline

partially verified confidence: medium

Public roadmap/acquisition evidence supports SIEM, SAT, AI-SOC and planned ISPM initiatives; timing, cost and adoption require validation.

Evidence gaps

  • New product status, expected release dates, development cost and critical technology dependencies.

Hidden risks

  • Forward-looking roadmap can slip, and cross-sell assumptions may be optimistic.

Follow-up questions

  • Provide roadmap, beta/customer pilots, release readiness, integration plan and product-level ARR forecast.
Product and research pipeline
pipeline itemstatuspublic evidencerisk
ISPMPlanned 2026 launchInside Agent acquisition blog.Launch date and adoption uncertain.
AI-centric SOC / AthenaMarketed current capabilityPlatform page describes Athena and AI-centric SOC.AI accuracy, analyst workflow and liability.
Managed SIEMMarketed current productSIEM page and pricing.Log storage costs and competitive differentiation.
Managed SAT content/integrationsMarketed current productCurricula acquisition and SAT page.Content freshness and learner engagement.

Pipeline costs and release milestones require product-management artifacts.

R&D and acquisition roadmap timeline Product/R&D expansion chronology from public sources.
Chapter 07

07Management and Personnel

Public leadership, remote-work and 2023 workforce signals support team credibility, but current headcount, turnover, compensation, equity and employee-relations matters require HR/legal records.

VII.A Organization Chart

verified confidence: high

Public leadership page provides an executive roster and board members, but full reporting lines are not public.

Evidence gaps

  • Full org chart, board minutes, committee charters and delegated authority matrix.

Hidden risks

  • Public roster does not reveal succession depth or reporting-line effectiveness.

Follow-up questions

  • Provide current org chart, board/committee materials and succession plan.
Senior management roster
namerolesourcediligence need
Kyle HanslovanCEO & Cofounder; board memberLeadership pageEmployment agreement, equity, succession plan.
Chris BisnettCTO & Cofounder; board memberLeadership pageKey-person retention and technical roadmap.
Maria IzurietaChief Financial OfficerLeadership pageFinancial controls and reporting maturity.
Prakash RamamurthyChief Product OfficerLeadership pageProduct roadmap accountability.
Paul StrelzickChief Revenue OfficerLeadership pageSales productivity and channel strategy.
Eric StrideChief Security OfficerLeadership pageSecurity posture and incident history.

A full org chart, board consents and background checks are private.

Public leadership org chart Public leadership chart based on Huntress leadership page.

VII.B Historical and projected headcount by function and location

partially verified confidence: medium

Public sources show nearly 300 teammates in 2023, remote/global operating model and endpoint scale, but current headcount by function/location is private.

Evidence gaps

  • Current and projected headcount by function/location, hiring plan, span of control and attrition.

Hidden risks

  • Distributed operations can increase security, culture and employment-law complexity.

Follow-up questions

  • Provide HRIS exports, hiring plan, location map and headcount forecast.
Headcount, location and scale signals
signalpublic evidenceinterpretationgap
Workforce size in 2023Nearly 300 teammates on Series C page.Material scale by 2023.Current headcount by function/location.
Remote/global modelCareers page says fully remote, global team.Distributed hiring and operational flexibility.Employment entities and security controls.
Endpoint scale2M+ endpoints milestone.Product/SOC scale signal.Billable active endpoints and customer concentration.
Current open rolesCareers page markets hiring but no stable role count captured.Hiring intent only.Hiring plan, attrition and budget.

Current headcount should be requested from HRIS.

Endpoint-scale and headcount public signal chart Shows endpoint milestone progression and a public workforce anchor on different series.

VII.C Senior management biographies

verified confidence: high

Senior management names and roles are public on the leadership page.

Evidence gaps

  • Detailed bios, background checks, references, employment agreements and equity ownership.

Hidden risks

  • Background, references, current equity incentives and retention are not independently verified.

Follow-up questions

  • Provide executive bios, background checks, references, employment agreements and equity schedule.

VII.D Compensation arrangements

partially verified confidence: low

Careers page describes benefits and stock options, but key employment agreements and compensation arrangements are private.

Evidence gaps

  • Compensation arrangements, key employment agreements, severance and benefits details.

Hidden risks

  • Option economics may be affected by valuation, strike prices and liquidity expectations.

Follow-up questions

  • Provide compensation plans, employment agreements, benefits plans and option grant schedules.
Compensation, benefits and turnover evidence gaps
topicpublic signalverification statusrequest
Stock optionsCareers page says all full-time teammates receive stock options.partially_verifiedOption plan, grant schedule, vesting and exercise prices.
BenefitsCareers page lists medical/benefits by geography.partially_verifiedBenefit plans, cost and compliance by country/state.
TurnoverNo public turnover data found.not_publicly_verifiableTwo-year attrition by function, regretted attrition and retention actions.
Employee relationsNo public material employee-relations issue found in scoped sources.not_publicly_verifiableHR/legal schedule, complaints, investigations and settlements.

Private HR diligence is required.

VII.E Incentive stock plans

partially verified confidence: low

Incentive stock plan exists as a public employment value proposition, but plan terms are not public.

Evidence gaps

  • Stock plan, option pool, vesting, refresh grants, exercises and cancellations.

Hidden risks

  • Option refresh needs and underwater options could affect retention.

Follow-up questions

  • Provide equity incentive plan and grant schedule.

VII.F Significant employee relations problems, past or present

not publicly verifiable confidence: low

No material public employee-relations issues were found in scoped sources, but this requires HR/legal confirmation.

Evidence gaps

  • Employee-relations complaints, settlements, investigations, whistleblower matters and culture survey results.

Hidden risks

  • Private complaints, settlements or investigations could be material.

Follow-up questions

  • Provide HR/legal employee-relations schedule and any settlement agreements.

VII.G Personnel Turnover

not publicly verifiable confidence: low

Public sources do not disclose turnover; careers page only provides recruiting and benefits positioning.

Evidence gaps

  • Two-year turnover by function/location, regretted attrition and retention programs.

Hidden risks

  • High SOC, sales or engineering attrition could impair service quality and growth.

Follow-up questions

  • Provide attrition reports, exit-interview themes and retention-risk analysis.
Chapter 08

08Legal and Related Matters

Privacy/trust-center materials and limited CourtListener searches reduce but do not eliminate legal/regulatory concern; IP, insurance, contracts and agency history require counsel-led diligence.

VIII.A Pending lawsuits against the Company

partially verified confidence: medium

Limited CourtListener searches returned zero public results, but a complete litigation review requires counsel and docket searches beyond CourtListener.

Evidence gaps

  • Full litigation schedule, claims, demand letters, counsel assessment and insurance notices.

Hidden risks

  • State, arbitration, sealed, demand-letter or regulatory matters may not appear in CourtListener.
  • Absence of public records is not a legal clearance.

Follow-up questions

  • Provide counsel litigation letter and conduct PACER/state-court/regulatory searches.
Pending lawsuits against company - public search summary
search or casecourt or databaseresultlimitation
"Huntress Labs" opinion searchCourtListener opinionsCount 0 returned during research.Not complete for all courts, sealed cases or non-indexed dockets.
"Huntress Labs, Inc." RECAP/docket searchCourtListener RECAPCount 0 returned during research.RECAP is not exhaustive; PACER/state-court/counsel searches needed.
Company counsel scheduleNot publicNot available.Request litigation, claims and demand-letter schedule.

No public lawsuit found in limited sources is not a legal opinion.

VIII.B Pending lawsuits initiated by Company

partially verified confidence: low

No public litigation initiated by Huntress was identified in scoped CourtListener searches, but the search is not exhaustive.

Evidence gaps

  • Company-initiated litigation, IP enforcement, collections and arbitration matters.

Hidden risks

  • Contract, IP or employment claims could exist outside public search scope.

Follow-up questions

  • Request counsel schedule and docket search for initiated matters.
Pending lawsuits initiated by company - public search summary
search or casecourt or databaseresultlimitation
Huntress as named party in CourtListenerCourtListener opinions/RECAPNo results returned in scoped searches.Could miss state, sealed, arbitration and unindexed matters.
IP enforcement or contract claimsPublic web/court searchNo specific public initiated lawsuit identified in scoped sources.Request counsel confirmation and docket search.

Counsel-led search remains necessary.

VIII.C Environmental and employee safety issues and liabilities

not publicly verifiable confidence: low

As a software/cybersecurity company with a remote workforce, environmental/safety exposure appears lower than industrial businesses, but employee safety, remote-work and office obligations are not public.

Evidence gaps

  • Safety policies, workers compensation claims, office leases and environmental representations.

Hidden risks

  • Remote-work ergonomics, workers compensation and jurisdictional employment compliance can still create liabilities.

Follow-up questions

  • Provide EHS/worker safety policies, workers compensation claims and lease/environmental schedules.

VIII.D Material patents, copyrights, licenses, and trademarks

partially verified confidence: medium

Public evidence supports acquired IP/product assets and at least one patent-search signal, but a full IP portfolio is not public.

Evidence gaps

  • Patent/trademark schedule, code ownership, open-source scan, licenses and IP assignments.

Hidden risks

  • Assignment gaps, open-source license issues or FTO risks could impair product defensibility.

Follow-up questions

  • Provide IP schedule, assignment chain, open-source scan, invention agreements and FTO review.
Material IP, contracts and insurance table
asset or documentpublic signalstatusdiligence request
Endpoint-network-monitoring patent matterJustia search result names Huntress Labs Incorporated as assignee.partially_verifiedPatent numbers, assignment chain, prosecution status and FTO review.
Recon technology/IP portfolioLevel Effect release says Recon technology and related IP portfolio acquired.verifiedAcquisition agreement and IP assignments.
SOC 2/pentest/security reportsTrust center lists report documents.partially_verifiedAccess reports and remediation evidence.
Commercial insuranceTrust center lists General Commercial Insurance document.partially_verifiedPolicy limits, exclusions, cyber coverage and claims history.
Material customer/supplier contractsNot public.not_publicly_verifiableTop contracts, MSAs, DPAs, SLAs and change-of-control provisions.

Obtain direct legal files before relying on IP/insurance conclusions.

VIII.E Insurance coverage and material exposures

partially verified confidence: low

Trust center lists a general commercial insurance document, but policy limits/exclusions and claims history were not reviewed.

Evidence gaps

  • Insurance policies, limits, exclusions, deductibles, claims and broker analysis.

Hidden risks

  • Cyber exclusions, retention levels or insufficient limits could shift incident cost to the company.

Follow-up questions

  • Provide cyber, E&O, D&O, general liability policies and claims history.
Diligence risk heatmap Heatmap of main diligence risks by severity and likelihood.

VIII.F Material contracts

not publicly verifiable confidence: low

Material contracts such as customer MSAs, partner agreements, supplier/cloud commitments and acquisition agreements are not public.

Evidence gaps

  • Customer, partner, supplier, cloud, acquisition, employment and financing contracts.

Hidden risks

  • Change-of-control, SLA, data-processing, indemnity or termination provisions could affect valuation and risk.

Follow-up questions

  • Provide material-contract schedule and copies of top agreements with amendment history.

VIII.G Regulatory agency problems

partially verified confidence: medium

Privacy policy and trust center provide compliance posture signals; no public agency action was identified in scoped sources, but regulatory diligence remains required.

Evidence gaps

  • Regulatory correspondence, DPF verification, security reports, incident history and data-retention controls.

Hidden risks

  • Telemetry collection and cross-border processing can trigger customer, regulator and contract scrutiny.

Follow-up questions

  • Have counsel/security review DPA, subprocessor list, DPF listing, SOC 2, pentest, incidents and regulatory correspondence.
Regulatory, privacy and agency-action summary
topicpublic evidenceriskfollow up
GDPR/CCPA rolePrivacy policy says processor/subprocessor and CCPA service provider.DPA and customer notice obligations.Review DPA, privacy notices and subprocessors.
Security telemetryPolicy says services may collect files, logs, registry keys and other security objects.Data minimization, retention and consent.Review architecture, retention, encryption and access controls.
Data Privacy Framework/FTCPrivacy policy states DPF certification and FTC investigatory/enforcement powers.International transfer and onward-transfer compliance.Verify DPF listing and complaint history.
Public agency actionsNo specific FTC/state/agency action found in scoped public search.Search not exhaustive.Ask counsel for regulatory correspondence and enforcement history.

Regulatory review requires counsel and security specialist review.

Evidence

Evidence claims
IDClaimStatusSources
EC-001 Huntress publicly states it raised $150M in Series D funding at a $1.55B valuation, making it a private cybersecurity unicorn. verified high SRC-001SRC-027SRC-028SRC-029
EC-002 Huntress publicly suggests it was near, but had not yet explicitly claimed, $100M ARR at the time of the Series D announcement. partially verified medium SRC-001
EC-003 Huntress raised a $60M Series C in 2023 after doubling revenue in 2021 and 2022, grew to nearly 300 teammates, and reported 2M protected endpoints. verified medium SRC-002SRC-017
EC-004 Huntress raised $40M in Series B funding in 2021 led by JMI Equity with existing investor support and stated it would remain independent. verified medium SRC-003
EC-005 Huntress acquired Level Effect Recon technology in 2021 to strengthen network-aware endpoint detection and response capabilities. verified high SRC-004
EC-006 Huntress acquired Curricula in 2022 to add story-based security awareness training to the managed security platform. verified medium SRC-005SRC-011
EC-007 Huntress acquired Inside Agent in 2025 and publicly planned an Identity Security Posture Management product launch in 2026. verified medium SRC-006SRC-009SRC-036
EC-008 Huntress markets a unified security platform spanning endpoints, identities, logs and learners with a 24/7 AI-centric SOC. verified high SRC-007
EC-009 Huntress markets Managed EDR as proprietary endpoint security backed by a 24/7 AI-assisted SOC. verified high SRC-008SRC-038
EC-010 Huntress markets Managed ITDR for identity attacks such as credential theft, session hijacking and rogue OAuth apps. verified high SRC-009SRC-036
EC-011 Huntress publicly discloses simple per-unit pricing for Managed EDR, ITDR, SIEM and SAT. verified high SRC-012
EC-012 Huntress has a material partner-channel motion that includes MSPs, resellers and tech alliances. verified high SRC-013SRC-035
EC-013 Huntress specifically positions its platform for MSPs to scale managed security services without adding headcount. verified high SRC-014
EC-014 Named customer BARR Advisory publicly describes using Huntress Managed SAT and Managed EDR to scale compliance-driven cybersecurity services. verified medium SRC-015
EC-015 Named customer ACT Network Solutions publicly describes using Huntress Managed EDR, ITDR, SAT and SIEM across client environments. verified medium SRC-016
EC-016 Huntress publicly lists a leadership team including cofounders Kyle Hanslovan, Chris Bisnett and John Ferrell and states the company was founded by former NSA cyber operators. verified high SRC-018
EC-017 Huntress publicly describes itself as a fully remote global team and discloses benefits including stock options for full-time teammates. verified medium SRC-019
EC-018 Huntress privacy policy says it acts as processor/subprocessor for service personal data under European data protection laws and as service provider under CCPA. verified high SRC-020SRC-039
EC-019 Huntress services may collect security telemetry including applications, files, logs, registry keys, certificates, scheduled tasks and policy objects. verified high SRC-020
EC-020 Huntress trust center lists security, SOC 2, pentest, data processing and general commercial insurance documents, but detailed reports may require access. partially verified medium SRC-021SRC-040
EC-021 CourtListener public searches returned zero Huntress Labs opinion and RECAP docket results during research. verified medium SRC-023SRC-024
EC-022 Public patent-search results identify Huntress Labs Incorporated as assignee for endpoint-network-monitoring patent matter involving Robert Julian Noeth and Ernest Gregory Ake. partially verified medium SRC-025SRC-026SRC-004
EC-023 Huntress pricing model is per unit and includes MSP/reseller programs, making unit economics sensitive to endpoint, identity, source and learner counts. verified high SRC-012
EC-024 Huntress competes in a crowded MDR/EDR/SOC market against large platforms and MSP-focused providers including CrowdStrike, Arctic Wolf, Blackpoint Cyber and Sophos. verified high SRC-031SRC-032SRC-033SRC-034
EC-025 Huntress milestone page reports a progression to more than 2M protected endpoints. verified medium SRC-017SRC-002
EC-026 Core diligence items such as audited financials, cap table, top-customer revenue, contracts, tax, insurance limits, sales productivity and employee turnover are not publicly verifiable from available sources. not publicly verifiable high SRC-001SRC-012SRC-015SRC-016SRC-018SRC-019SRC-021SRC-023SRC-024
Sources
IDPublisherTitleAccessed
SRC-001 Huntress Series D Announcement | Huntress 2026-06-07
SRC-002 Huntress Series C Announcement | Huntress 2026-06-07
SRC-003 Huntress Huntress Series B: Our Next Chapter of Growth 2026-06-07
SRC-004 GlobeNewswire Huntress Acquires Network-Aware Endpoint Detection and Response Technology from Level Effect 2026-06-07
SRC-005 Huntress Putting the Dee(Dee) in Defense: Huntress Acquires Curricula 2026-06-07
SRC-006 Huntress Huntress Acquires Inside Agent: A New Era for Identity Protection 2026-06-07
SRC-007 Huntress Huntress Platform Overview 2026-06-07
SRC-008 Huntress Managed EDR: Endpoint Detection & Response Services | Huntress 2026-06-07
SRC-009 Huntress Managed ITDR: Identity Threat Detection and Response | Huntress 2026-06-07
SRC-010 Huntress Managed SIEM: Security Information & Event Management | Huntress 2026-06-07
SRC-011 Huntress Managed Security Awareness Training Software | Huntress 2026-06-07
SRC-012 Huntress Request Pricing for Managed EDR, ITDR, SAT, SIEM | Huntress 2026-06-07
SRC-013 Huntress Cybersecurity Partner Program | Huntress 2026-06-07
SRC-014 Huntress Managed Security Platform for MSPs | Huntress 2026-06-07
SRC-015 Huntress / BARR Advisory BARR Advisory Case Study | Huntress 2026-06-07
SRC-016 Huntress / ACT Network Solutions ACT Network Solutions Case Study | Huntress 2026-06-07
SRC-017 Huntress The Journey to 2M Endpoints | Huntress 2026-06-07
SRC-018 Huntress Leadership | Huntress 2026-06-07
SRC-019 Huntress Careers | Huntress 2026-06-07
SRC-020 Huntress Privacy Policy | Huntress 2026-06-07
SRC-021 Huntress / SafeBase Huntress Trust Center | Powered by SafeBase 2026-06-07
SRC-022 Huntress Terms of Service | Huntress 2026-06-07
SRC-023 Free Law Project / CourtListener CourtListener opinions search for "Huntress Labs" 2026-06-07
SRC-024 Free Law Project / CourtListener CourtListener docket/RECAP search for "Huntress Labs, Inc." 2026-06-07
SRC-025 Justia Justia search result for Huntress Labs patents 2026-06-07
SRC-026 Justia Patents Robert Julian Noeth inventions and patent applications 2026-06-07
SRC-027 Crunchbase News Cybersecurity Startup Huntress Hits $1.5B Valuation After $150M Raise 2026-06-07
SRC-028 Reuters Reuters Huntress funding article 2026-06-07
SRC-029 CB Insights CB Insights company profile: Huntress 2026-06-07
SRC-030 G2 G2 Huntress reviews 2026-06-07
SRC-031 Blackpoint Cyber Blackpoint Cyber homepage 2026-06-07
SRC-032 CrowdStrike CrowdStrike managed detection and response page 2026-06-07
SRC-033 Arctic Wolf Arctic Wolf Managed Detection and Response 2026-06-07
SRC-034 Sophos Sophos MDR | 24/7 Managed Detection & Response 2026-06-07
SRC-035 Huntress Huntress & Microsoft: Better Together 2026-06-07
SRC-036 Huntress Huntress 2025 Managed ITDR Report 2026-06-07
SRC-037 Huntress Huntress Named Security Awareness Training Platform of the Year 2026-06-07
SRC-038 Huntress Huntress Managed EDR datasheet 2026-06-07
SRC-039 Huntress Support Huntress Data Processing Addendum 2026-06-07
SRC-040 Huntress / SafeBase Huntress subprocessor list 2026-06-07

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.