Strengths
- Series D page supports $150M raised at a $1.55B valuation.
- Product pages support a platform spanning EDR, ITDR, SIEM and SAT.
- Partner and MSP pages support a material MSP/reseller channel motion.
Huntress Startup Diligence Report
Huntress appears to be a late-stage managed-cybersecurity platform benefiting from SMB/MSP demand, transparent pricing, 24/7 SOC positioning, product breadth and acquisition-led expansion. The diligence case depends on validating ARR quality, partner/customer concentration, competitive durability, SOC/product efficiency and legal/privacy controls.
Huntress Startup Diligence Report
Proceed to focused confirmatory diligence. Public evidence supports Huntress as an active private cybersecurity unicorn with credible product, channel and team signals, but core underwriting facts remain private.
Large security platforms and MSP-focused MDR vendors market overlapping 24/7 SOC and MDR offerings; Huntress publishes transparent per-unit prices that may anchor buyer expectations.
Diligence request: Run win/loss calls, pricing benchmark, feature-benchmark and churn analysis versus CrowdStrike, Arctic Wolf, Blackpoint, Sophos and other MDR vendors.
Huntress has a public $1.55B valuation and scale signals, but exact ARR, audited revenue, gross margin, cash, debt, burn, retention and cap-table economics are private.
Diligence request: Obtain audited financials, management accounts, ARR bridge, cash/debt schedule, forecast model, cap table and financing documents.
Public case studies and partner pages validate channel/product usage, but revenue concentration, partner churn, end-customer ownership and renewal cohorts are not public.
Diligence request: Request top-customer/partner revenue schedule, customer contracts, NRR, GRR, churn reasons and independent references.
Level Effect, Curricula and Inside Agent broaden the platform, but integration quality, roadmap delivery, cross-sell and retention of acquired talent are not publicly verifiable.
Diligence request: Review product roadmap, acquired-code integration, retention packages, roadmap burndown and product attach-rate cohorts.
Huntress handles broad security telemetry and may collect suspicious files; this creates privacy, DPA, retention, subprocessor and incident-response obligations.
Diligence request: Have counsel and security reviewers inspect DPA, subprocessor list, retention controls, SOC 2, pentest findings and incident history.
Public materials show a remote global team and stock options, but current headcount, attrition, comp bands, key-person retention and employment agreements are private.
Diligence request: Request HRIS exports, org chart, attrition by function, comp philosophy, option plan, key employment agreements and background checks.
Product scope depends on endpoints, Microsoft 365 identities, logs, cloud services and subprocessors; outages, API changes or partner conflicts could affect service quality.
Diligence request: Review architecture diagrams, cloud commitments, Microsoft dependency, subprocessor terms, business-continuity tests and incident history.
Limited public searches found no CourtListener records, but patent assignments, contracts, insurance and litigation schedules are incomplete without company/counsel records.
Diligence request: Request counsel letter, litigation docket, patent/trademark schedule, assignment documents, commercial contracts and insurance policies.
Public evidence supports Huntress as an active private unicorn with strong funding and product-scale signals, but audited financials, ARR quality, cap table terms, cash/debt and tax/accounting policies are private.
not publicly verifiable confidence: low
Public sources provide funding, pricing, ARR-adjacency and endpoint scale signals, but audited financial statements, AR aging, backlog and management reports are not public.
| item | public signal | verification status | follow up request |
|---|---|---|---|
| ARR/revenue | Near-$100M ARR narrative but no exact audited ARR disclosed. | partially_verified | ARR bridge, revenue-recognition memo, bookings and retention cohorts. |
| Protected endpoints | 2M+ endpoints milestone and prior endpoint-count progression. | verified | Billable active endpoint reconciliation and churn. |
| Pricing | Per-unit public pricing across EDR, ITDR, SIEM and SAT. | verified | Actual ASP, discounting, gross margin and support cost by product. |
| Financial statements/cash/debt/tax | No public audited statements, cash, debt, AR aging or tax schedule found. | not_publicly_verifiable | Audited statements, cash/debt, tax, AR aging, backlog and management accounts. |
Most chapter I checklist items require private financial records.
partially verified confidence: medium
Financing and public pricing support growth context, but detailed forecasts, assumptions, capital needs and scenario planning are private.
| date | round | amount | lead or participants | valuation or terms | diligence caveat |
|---|---|---|---|---|---|
| 2021-05-06 | Series B | $40M | JMI Equity; ForgePoint Capital; Gula Tech Adventures | Not disclosed publicly | Request stock purchase agreement and valuation. |
| 2023-05-16 | Series C | $60M | Sapphire Ventures; JMI; ForgePoint | Not disclosed publicly | Request cap table, preferences and investor rights. |
| 2024 | Series D | $150M | Kleiner Perkins; Meritech Capital; Sapphire Ventures | $1.55B valuation | Confirm post-money calculation, preferences and dilution. |
Funding history is public; legal terms are not.
Prior valuations were not public.
partially verified confidence: medium
Public sources name investors and executives but do not disclose shares, preferences, option pool, warrants, debt or off-balance-sheet obligations.
| stakeholder or instrument | public position | unknowns |
|---|---|---|
| Founders/management | Cofounders publicly listed in leadership and board sections. | Ownership percentages, vesting and founder liquidity unknown. |
| Growth/venture investors | JMI, ForgePoint, Gula, Sapphire, Kleiner Perkins and Meritech publicly named across rounds. | Preferences, pro rata, vetoes and board rights unknown. |
| Employee options | Careers page says all full-time teammates receive stock options. | Plan size, exercise prices, refresh grants and dilution unknown. |
| Debt/warrants/off-balance sheet | No public evidence found. | Request debt instruments, warrants, leases and contingencies. |
Public investor names are not a substitute for a cap table.
not publicly verifiable confidence: low
Tax positions, accounting policies, revenue recognition and financing history details are not public beyond high-level funding announcements.
Huntress publicly markets a broad managed cybersecurity platform spanning EDR, ITDR, SIEM and SAT, with acquisitions supporting expansion; independent product-performance and margin validation remains required.
verified confidence: high
Public product pages verify a broad managed security platform spanning EDR, ITDR, SIEM and SAT, with acquisitions supporting product expansion.
| product | audience | public features | status |
|---|---|---|---|
| Huntress platform | MSPs, SMBs and internal IT/security teams | Unifies endpoints, identities, logs and learners backed by SOC. | verified |
| Managed EDR | Endpoint security buyers/MSPs | Own-built EDR technology, 24/7 AI-assisted SOC and threat hunters. | verified |
| Managed ITDR | Microsoft 365/identity security buyers | Credential theft, session hijacking and rogue OAuth app protection. | verified |
| Managed SIEM | Security operations/compliance buyers | Log/data-source SIEM offering with per-source pricing. | verified |
| Managed SAT | Security awareness/training buyers | Managed story-driven security awareness training and simulations. | verified |
Feature claims are company-marketed; validate performance independently.
| sku | public price | unit driver | diligence issue |
|---|---|---|---|
| Managed EDR | $8.99/month per endpoint | Endpoints | ASP and gross margin after MSP discounts. |
| Managed ITDR | $4.80/month per identity | Identities | Attach rate to EDR and Microsoft dependency. |
| Managed SIEM | $4.00/month per data source | Data sources | Storage/log-cost exposure and source expansion. |
| Managed SAT | $2.08/month per learner | Learners | Training content refresh costs and churn. |
Pricing may vary by region, commitment, discounts and partner tier.
| initiative | source signal | expected or reported timing | key risk |
|---|---|---|---|
| Recon / network-aware EDR | Level Effect Recon technology acquired. | 2021 acquisition; initial updates expected in Q3 2021 per release. | Integration and IP assignment. |
| Security awareness training | Curricula acquired and added to platform. | 2022 acquisition; currently marketed as Managed SAT. | Adoption and content economics. |
| ISPM | Inside Agent acquisition core to ISPM. | Planned launch in 2026. | Forward-looking execution and Microsoft integration. |
| AI-centric SOC / Athena | Platform page names Athena and AI-centric SOC. | Marketed on current platform page. | Accuracy, false positives and SOC productivity proof. |
Roadmap items require product-management diligence and customer validation.
Named case studies and partner pages validate MSP/customer use cases, but top-customer revenue, churn, supplier spend and partner concentration are not public.
partially verified confidence: medium
Named case studies validate use cases, but top-customer lists and revenue by application are not public.
| customer or partner | use case | products named | revenue disclosed |
|---|---|---|---|
| BARR Advisory | Compliance-driven cybersecurity services for clients. | Managed SAT; Managed EDR | No |
| ACT Network Solutions | MSP client protection across endpoint, identity, cloud and SIEM. | Managed EDR; Managed ITDR; Managed SAT; Managed SIEM | No; 800+ endpoints managed disclosed. |
| Public case-study library | Multiple named MSP/customer pages exist in sitemap. | Varies | No top-15 or >5% customer revenue disclosed. |
Case studies validate use cases but not customer concentration.
verified confidence: high
Public pages verify MSP, reseller and alliance partner motions, but economics and concentration are private.
| relationship type | public evidence | potential value | gap |
|---|---|---|---|
| MSPs | Dedicated MSP page and partner program. | Scalable channel for SMB reach. | Top MSP revenue and churn not public. |
| Resellers | Partner page offers reseller path. | Additional distribution reach. | Reseller contract terms and margins not public. |
| Tech alliances / Microsoft | Partner page links tech alliances and Microsoft partnership. | Integration and co-selling surface. | Formal agreements and revenue impact not public. |
| Acquired companies | Level Effect, Curricula and Inside Agent acquisition sources. | Product-line expansion. | Earnouts, retention and integration economics not public. |
Strategic relationship revenue contribution is not disclosed.
not publicly verifiable confidence: low
Endpoint scale is public, but revenue by customer and any >5% customer disclosures are not.
not publicly verifiable confidence: low
No public evidence of significant severed customer, partner or supplier relationships was identified, but absence of evidence is not confirmation.
partially verified confidence: medium
Public sources identify Microsoft, telemetry, cloud/subprocessor and SOC dependencies at category level but not supplier spend or contractual terms.
| dependency | public signal | risk | diligence request |
|---|---|---|---|
| Microsoft ecosystem | ITDR and Microsoft 365 security pages/partnership references. | API, licensing and competitive-platform dependency. | Review Microsoft integration agreements and API-change exposure. |
| Cloud/service subprocessors | Privacy policy references service providers/subprocessors and trust-center list. | Data processing, residency and outage exposure. | Obtain subprocessor list, cloud commitments and business continuity tests. |
| SOC/security operations workforce | 24/7 SOC positioning across platform and products. | Labor cost, coverage, false positives and alert fatigue. | Review SOC staffing model, SLA, automation metrics and retention. |
Supplier spend and contracts were not public.
The MDR/EDR/SIEM market is visibly crowded with large security platforms and MSP-focused rivals; Huntress differentiation must be validated through win/loss and pricing diligence.
verified confidence: high
Public competitor pages verify a crowded MDR/EDR/SOC market with overlapping claims from large and focused vendors.
| company | segment | overlap with huntress | public positioning | diligence question |
|---|---|---|---|---|
| Huntress | SMB/MSP managed security platform | Target company | MSP-friendly EDR/ITDR/SIEM/SAT backed by SOC. | Can Huntress sustain low-touch economics and high retention? |
| CrowdStrike | Enterprise endpoint/platform/MDR | MDR, endpoint, identity and SIEM platform breadth. | Elite 24/7 MDR and broad Falcon platform. | Does enterprise platform pricing or partner program pressure Huntress? |
| Arctic Wolf | MDR/SOC service | Managed detection and response. | Concierge/agentic SOC MDR. | How does Huntress compare on service model and outcomes? |
| Blackpoint Cyber | MSP-focused MDR | MSP/MDR/SOC overlap. | 24/7 SOC and partner-focused MDR. | Is MSP channel loyalty defensible? |
| Sophos | Endpoint/security platform/MDR | MDR and partner channel. | 24/7 managed detection and response. | Can Huntress defend price/performance versus larger suites? |
Use customer win/loss calls to validate competitive positioning.
| axis | huntress public position | competitor pressure | risk |
|---|---|---|---|
| Price transparency | Publishes per-unit prices. | Larger platforms can bundle/discount. | Margin compression. |
| MSP channel fit | Dedicated MSP platform and partner program. | Blackpoint and Sophos also partner/MDR oriented. | Partner churn and switching. |
| Platform breadth | EDR, ITDR, SIEM, SAT and SOC. | CrowdStrike and Sophos offer broad suites. | Need ongoing R&D and integrations. |
| Service outcome/SOC quality | 24/7 AI-assisted/human SOC. | Competitors also claim 24/7 SOC/MDR. | Requires independent SLA and outcome proof. |
Scores are qualitative because win/loss and retention data are private.
Public pages verify MSP/reseller/direct/alliance GTM motions and transparent per-unit pricing, but channel mix, CAC, quota attainment and pipeline quality are private.
verified confidence: high
Public evidence supports MSP, reseller, direct/demo and alliance GTM motions with transparent per-unit pricing.
| channel | public evidence | likely motion | gap |
|---|---|---|---|
| MSPs | Dedicated MSP page and partner program. | Channel-led SMB distribution. | Revenue mix, partner concentration and churn. |
| Resellers | Partner page offers reseller route. | VAR/reseller resale motion. | Margin structure and top resellers. |
| Direct/demo | Pricing page has demos, calculator and direct pricing language. | Inbound demo/direct for internal IT/security teams. | Pipeline, conversion and CAC. |
| Tech alliances/Microsoft | Partner page and Microsoft partnership link. | Integration-led credibility and co-marketing. | Formal co-sell and integration economics. |
Channel weights are not publicly disclosed.
| signal | evidence | interpretation | diligence gap |
|---|---|---|---|
| Funding PR | Series B/C/D pages and press releases. | Creates credibility and brand awareness. | Media impact and pipeline attribution. |
| Customer stories | BARR and ACT case studies. | Supports referenceable MSP/customer marketing. | Reference independence and selection bias. |
| Endpoint milestone | 2M+ endpoint journey page. | Scale proof for MSP/SMB buyers. | Active/billable endpoint reconciliation. |
| Thought leadership/reports | Managed ITDR report, product resources and trust center. | Supports category education. | Download volume, MQL quality and conversion. |
Marketing efficacy metrics are not public.
partially verified confidence: medium
Public case studies show satisfied named customers/partners, but major-customer status and future growth with them are private.
verified confidence: high
Principal public avenues are MSPs, resellers, direct demos/pricing and tech alliances.
not publicly verifiable confidence: low
Public pricing informs unit drivers, but sales compensation, quotas, ramp, sales cycle and hiring plan are not public.
| metric | public status | why it matters | request |
|---|---|---|---|
| Quota and attainment | Not public | Validates productivity and capacity planning. | Quota, attainment, ramp and sales headcount by segment. |
| Sales cycle and pipeline | Not public | Supports forecast accuracy. | Pipeline by stage, cycle length, conversion and source attribution. |
| CAC/payback | Not public | Critical for SMB/MSP economics. | CAC, payback, gross margin and support cost by channel. |
| Pricing/discounts | List pricing public; discounts private. | Impacts ARR quality and margins. | Actual ASP, discount bands and renewal uplift. |
Sales productivity cannot be verified from public sources.
not publicly verifiable confidence: low
The $150M raise supports capacity to fund marketing, but budget adequacy and efficiency are not public.
Public leadership and acquisition evidence support an active R&D/product roadmap, including planned ISPM, but R&D cost, delivery timing, technical debt and IP ownership need private review.
partially verified confidence: medium
Public leadership and acquisition sources identify technical leaders and acquired assets, but R&D org structure and cost are private.
| person or asset | role or asset type | public signal | diligence issue |
|---|---|---|---|
| Chris Bisnett | CTO & Cofounder | Listed on leadership page. | Technical leadership depth and key-person risk. |
| John Ferrell | Co-Founder & Technical Director, Threat Operations | Listed on leadership page. | Threat-ops leadership continuity. |
| Recon / Level Effect IP | Acquired EDR/network technology | Recon technology and related IP portfolio acquired. | Assignment chain and product integration. |
| Inside Agent team/capability | Acquired Microsoft 365 security capability | Inside Agent acquisition for ISPM. | Retention and roadmap execution. |
R&D org size and cost are not public.
partially verified confidence: medium
Public roadmap/acquisition evidence supports SIEM, SAT, AI-SOC and planned ISPM initiatives; timing, cost and adoption require validation.
| pipeline item | status | public evidence | risk |
|---|---|---|---|
| ISPM | Planned 2026 launch | Inside Agent acquisition blog. | Launch date and adoption uncertain. |
| AI-centric SOC / Athena | Marketed current capability | Platform page describes Athena and AI-centric SOC. | AI accuracy, analyst workflow and liability. |
| Managed SIEM | Marketed current product | SIEM page and pricing. | Log storage costs and competitive differentiation. |
| Managed SAT content/integrations | Marketed current product | Curricula acquisition and SAT page. | Content freshness and learner engagement. |
Pipeline costs and release milestones require product-management artifacts.
Public leadership, remote-work and 2023 workforce signals support team credibility, but current headcount, turnover, compensation, equity and employee-relations matters require HR/legal records.
verified confidence: high
Public leadership page provides an executive roster and board members, but full reporting lines are not public.
| name | role | source | diligence need |
|---|---|---|---|
| Kyle Hanslovan | CEO & Cofounder; board member | Leadership page | Employment agreement, equity, succession plan. |
| Chris Bisnett | CTO & Cofounder; board member | Leadership page | Key-person retention and technical roadmap. |
| Maria Izurieta | Chief Financial Officer | Leadership page | Financial controls and reporting maturity. |
| Prakash Ramamurthy | Chief Product Officer | Leadership page | Product roadmap accountability. |
| Paul Strelzick | Chief Revenue Officer | Leadership page | Sales productivity and channel strategy. |
| Eric Stride | Chief Security Officer | Leadership page | Security posture and incident history. |
A full org chart, board consents and background checks are private.
partially verified confidence: medium
Public sources show nearly 300 teammates in 2023, remote/global operating model and endpoint scale, but current headcount by function/location is private.
| signal | public evidence | interpretation | gap |
|---|---|---|---|
| Workforce size in 2023 | Nearly 300 teammates on Series C page. | Material scale by 2023. | Current headcount by function/location. |
| Remote/global model | Careers page says fully remote, global team. | Distributed hiring and operational flexibility. | Employment entities and security controls. |
| Endpoint scale | 2M+ endpoints milestone. | Product/SOC scale signal. | Billable active endpoints and customer concentration. |
| Current open roles | Careers page markets hiring but no stable role count captured. | Hiring intent only. | Hiring plan, attrition and budget. |
Current headcount should be requested from HRIS.
verified confidence: high
Senior management names and roles are public on the leadership page.
partially verified confidence: low
Careers page describes benefits and stock options, but key employment agreements and compensation arrangements are private.
| topic | public signal | verification status | request |
|---|---|---|---|
| Stock options | Careers page says all full-time teammates receive stock options. | partially_verified | Option plan, grant schedule, vesting and exercise prices. |
| Benefits | Careers page lists medical/benefits by geography. | partially_verified | Benefit plans, cost and compliance by country/state. |
| Turnover | No public turnover data found. | not_publicly_verifiable | Two-year attrition by function, regretted attrition and retention actions. |
| Employee relations | No public material employee-relations issue found in scoped sources. | not_publicly_verifiable | HR/legal schedule, complaints, investigations and settlements. |
Private HR diligence is required.
partially verified confidence: low
Incentive stock plan exists as a public employment value proposition, but plan terms are not public.
not publicly verifiable confidence: low
No material public employee-relations issues were found in scoped sources, but this requires HR/legal confirmation.
not publicly verifiable confidence: low
Public sources do not disclose turnover; careers page only provides recruiting and benefits positioning.
Privacy/trust-center materials and limited CourtListener searches reduce but do not eliminate legal/regulatory concern; IP, insurance, contracts and agency history require counsel-led diligence.
partially verified confidence: medium
Limited CourtListener searches returned zero public results, but a complete litigation review requires counsel and docket searches beyond CourtListener.
| search or case | court or database | result | limitation |
|---|---|---|---|
| "Huntress Labs" opinion search | CourtListener opinions | Count 0 returned during research. | Not complete for all courts, sealed cases or non-indexed dockets. |
| "Huntress Labs, Inc." RECAP/docket search | CourtListener RECAP | Count 0 returned during research. | RECAP is not exhaustive; PACER/state-court/counsel searches needed. |
| Company counsel schedule | Not public | Not available. | Request litigation, claims and demand-letter schedule. |
No public lawsuit found in limited sources is not a legal opinion.
partially verified confidence: low
No public litigation initiated by Huntress was identified in scoped CourtListener searches, but the search is not exhaustive.
| search or case | court or database | result | limitation |
|---|---|---|---|
| Huntress as named party in CourtListener | CourtListener opinions/RECAP | No results returned in scoped searches. | Could miss state, sealed, arbitration and unindexed matters. |
| IP enforcement or contract claims | Public web/court search | No specific public initiated lawsuit identified in scoped sources. | Request counsel confirmation and docket search. |
Counsel-led search remains necessary.
not publicly verifiable confidence: low
As a software/cybersecurity company with a remote workforce, environmental/safety exposure appears lower than industrial businesses, but employee safety, remote-work and office obligations are not public.
partially verified confidence: medium
Public evidence supports acquired IP/product assets and at least one patent-search signal, but a full IP portfolio is not public.
| asset or document | public signal | status | diligence request |
|---|---|---|---|
| Endpoint-network-monitoring patent matter | Justia search result names Huntress Labs Incorporated as assignee. | partially_verified | Patent numbers, assignment chain, prosecution status and FTO review. |
| Recon technology/IP portfolio | Level Effect release says Recon technology and related IP portfolio acquired. | verified | Acquisition agreement and IP assignments. |
| SOC 2/pentest/security reports | Trust center lists report documents. | partially_verified | Access reports and remediation evidence. |
| Commercial insurance | Trust center lists General Commercial Insurance document. | partially_verified | Policy limits, exclusions, cyber coverage and claims history. |
| Material customer/supplier contracts | Not public. | not_publicly_verifiable | Top contracts, MSAs, DPAs, SLAs and change-of-control provisions. |
Obtain direct legal files before relying on IP/insurance conclusions.
partially verified confidence: low
Trust center lists a general commercial insurance document, but policy limits/exclusions and claims history were not reviewed.
not publicly verifiable confidence: low
Material contracts such as customer MSAs, partner agreements, supplier/cloud commitments and acquisition agreements are not public.
partially verified confidence: medium
Privacy policy and trust center provide compliance posture signals; no public agency action was identified in scoped sources, but regulatory diligence remains required.
| topic | public evidence | risk | follow up |
|---|---|---|---|
| GDPR/CCPA role | Privacy policy says processor/subprocessor and CCPA service provider. | DPA and customer notice obligations. | Review DPA, privacy notices and subprocessors. |
| Security telemetry | Policy says services may collect files, logs, registry keys and other security objects. | Data minimization, retention and consent. | Review architecture, retention, encryption and access controls. |
| Data Privacy Framework/FTC | Privacy policy states DPF certification and FTC investigatory/enforcement powers. | International transfer and onward-transfer compliance. | Verify DPF listing and complaint history. |
| Public agency actions | No specific FTC/state/agency action found in scoped public search. | Search not exhaustive. | Ask counsel for regulatory correspondence and enforcement history. |
Regulatory review requires counsel and security specialist review.
| ID | Claim | Status | Sources |
|---|---|---|---|
| EC-001 | Huntress publicly states it raised $150M in Series D funding at a $1.55B valuation, making it a private cybersecurity unicorn. | verified high | SRC-001SRC-027SRC-028SRC-029 |
| EC-002 | Huntress publicly suggests it was near, but had not yet explicitly claimed, $100M ARR at the time of the Series D announcement. | partially verified medium | SRC-001 |
| EC-003 | Huntress raised a $60M Series C in 2023 after doubling revenue in 2021 and 2022, grew to nearly 300 teammates, and reported 2M protected endpoints. | verified medium | SRC-002SRC-017 |
| EC-004 | Huntress raised $40M in Series B funding in 2021 led by JMI Equity with existing investor support and stated it would remain independent. | verified medium | SRC-003 |
| EC-005 | Huntress acquired Level Effect Recon technology in 2021 to strengthen network-aware endpoint detection and response capabilities. | verified high | SRC-004 |
| EC-006 | Huntress acquired Curricula in 2022 to add story-based security awareness training to the managed security platform. | verified medium | SRC-005SRC-011 |
| EC-007 | Huntress acquired Inside Agent in 2025 and publicly planned an Identity Security Posture Management product launch in 2026. | verified medium | SRC-006SRC-009SRC-036 |
| EC-008 | Huntress markets a unified security platform spanning endpoints, identities, logs and learners with a 24/7 AI-centric SOC. | verified high | SRC-007 |
| EC-009 | Huntress markets Managed EDR as proprietary endpoint security backed by a 24/7 AI-assisted SOC. | verified high | SRC-008SRC-038 |
| EC-010 | Huntress markets Managed ITDR for identity attacks such as credential theft, session hijacking and rogue OAuth apps. | verified high | SRC-009SRC-036 |
| EC-011 | Huntress publicly discloses simple per-unit pricing for Managed EDR, ITDR, SIEM and SAT. | verified high | SRC-012 |
| EC-012 | Huntress has a material partner-channel motion that includes MSPs, resellers and tech alliances. | verified high | SRC-013SRC-035 |
| EC-013 | Huntress specifically positions its platform for MSPs to scale managed security services without adding headcount. | verified high | SRC-014 |
| EC-014 | Named customer BARR Advisory publicly describes using Huntress Managed SAT and Managed EDR to scale compliance-driven cybersecurity services. | verified medium | SRC-015 |
| EC-015 | Named customer ACT Network Solutions publicly describes using Huntress Managed EDR, ITDR, SAT and SIEM across client environments. | verified medium | SRC-016 |
| EC-016 | Huntress publicly lists a leadership team including cofounders Kyle Hanslovan, Chris Bisnett and John Ferrell and states the company was founded by former NSA cyber operators. | verified high | SRC-018 |
| EC-017 | Huntress publicly describes itself as a fully remote global team and discloses benefits including stock options for full-time teammates. | verified medium | SRC-019 |
| EC-018 | Huntress privacy policy says it acts as processor/subprocessor for service personal data under European data protection laws and as service provider under CCPA. | verified high | SRC-020SRC-039 |
| EC-019 | Huntress services may collect security telemetry including applications, files, logs, registry keys, certificates, scheduled tasks and policy objects. | verified high | SRC-020 |
| EC-020 | Huntress trust center lists security, SOC 2, pentest, data processing and general commercial insurance documents, but detailed reports may require access. | partially verified medium | SRC-021SRC-040 |
| EC-021 | CourtListener public searches returned zero Huntress Labs opinion and RECAP docket results during research. | verified medium | SRC-023SRC-024 |
| EC-022 | Public patent-search results identify Huntress Labs Incorporated as assignee for endpoint-network-monitoring patent matter involving Robert Julian Noeth and Ernest Gregory Ake. | partially verified medium | SRC-025SRC-026SRC-004 |
| EC-023 | Huntress pricing model is per unit and includes MSP/reseller programs, making unit economics sensitive to endpoint, identity, source and learner counts. | verified high | SRC-012 |
| EC-024 | Huntress competes in a crowded MDR/EDR/SOC market against large platforms and MSP-focused providers including CrowdStrike, Arctic Wolf, Blackpoint Cyber and Sophos. | verified high | SRC-031SRC-032SRC-033SRC-034 |
| EC-025 | Huntress milestone page reports a progression to more than 2M protected endpoints. | verified medium | SRC-017SRC-002 |
| EC-026 | Core diligence items such as audited financials, cap table, top-customer revenue, contracts, tax, insurance limits, sales productivity and employee turnover are not publicly verifiable from available sources. | not publicly verifiable high | SRC-001SRC-012SRC-015SRC-016SRC-018SRC-019SRC-021SRC-023SRC-024 |
This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.