Strengths
- Founded in 2013 by Loris Degioanni and born in open source.
- Markets a broad CNAPP/runtime/cloud-security and monitoring platform.
- Recently announced AI/headless cloud-security product direction, supporting active status.
Sysdig Startup Diligence Report
Sysdig has credible public differentiation around runtime security, Falco/open source, enterprise customers and AI/headless cloud-security roadmap; diligence should test whether revenue growth, retention, margins and win rates justify the stale public valuation in a crowded CNAPP market.
Sysdig Startup Diligence Report
Eligible private active unicorn: public evidence supports Sysdig as an active U.S. cybersecurity/CNAPP company with latest public-list valuation of $2.50B, but investability hinges on private financial quality, valuation reconciliation, customer concentration and competitive proof.
Audited financials, ARR, margin, burn, runway, backlog and unit economics are not public.
Diligence request: Request audited financials, ARR bridge, retention, cash runway, AR aging and forecast model.
Large incumbents and specialists market overlapping CNAPP/cloud security capabilities.
Diligence request: Request win/loss, pricing, analyst research, product benchmarks and customer references.
CB $2.50B public-list valuation must be reconciled with archived $1.19B Series F and current securities.
Diligence request: Reconcile financing documents, liquidation preferences, option pool, debt and board valuation materials.
Public logos and quotes do not reveal concentration, renewal status, churn, NRR, backlog or customer health.
Diligence request: Request top-25 ARR, contracts, renewal/churn cohorts and customer references.
Agentic/headless product launch is current but adoption, monetization and maturity are not public.
Diligence request: Review roadmap, pilots, model governance, telemetry controls and revenue contribution.
Data storage, AI and support depend on a broad subprocessor base.
Diligence request: Request DPAs, SLAs, data-flow maps, vendor spend and incident history.
Falco is CNCF graduated and differentiated but license/governance/commercial boundaries require control.
Diligence request: Review open-source policy, SBOM, license scans, CLAs and assignment records.
Settled docket and trademark records are public, but complete litigation/IP/insurance/contracts are not.
Diligence request: Counsel-led docket/IP/insurance/material-contract review.
Public evidence verifies late-stage financing and a $2.50B public-list valuation, but financial statements, projections, revenue quality and current capital structure remain private.
not publicly verifiable confidence: high
No audited or quarterly financial statements, management reports, revenue breakdowns, backlog or AR aging were public.
| signal | public evidence | status | request |
|---|---|---|---|
| Revenue/ARR/gross margin/burn | No public financial statements found. | not_publicly_verifiable | Financials, ARR bridge, margin by SKU, burn/runway. |
| Pricing model | Quote-based host/log/time-series licensing. | verified | ACV, discounts, gross margin, renewal terms. |
| Global operations | Subsidiaries, endpoints and offices indicate international footprint. | verified | Revenue/geography, FX, tax and local compliance costs. |
not publicly verifiable confidence: medium
Growth drivers are visible in product, AI/headless, partner and global footprint claims, but forecast assumptions are not public.
not publicly verifiable confidence: medium
Public sources identify investors and valuations but not shares, preferences, option pool, debt, warrants or liabilities.
| item | public position | status | caveat |
|---|---|---|---|
| Accel, Bain Capital Ventures, Insight Partners | Named by CB as investors. | verified | Ownership and rights private. |
| Premji Invest & Associates; Third Point Ventures | Series F leads in archived release. | verified | Terms private. |
| Shares/options/warrants/debt/liabilities | No public schedule. | not_publicly_verifiable | Require cap table and debt/liability schedules. |
partially verified confidence: medium
Historical financing can be partially reconstructed; tax positions, accounting policies and full financing ledger cannot.
| date | event | amount | valuation | status | caveat |
|---|---|---|---|---|---|
| 2021-04-28 | Series F | $188M | $1.19B | verified | Historical release; terms private. |
| 2026-06-12 accessed | CB unicorn-list valuation | not disclosed | $2.50B | partially_verified | Latest public valuation used; reconcile to primary documents. |
| Current | Full financing ledger | not_publicly_verifiable | not_publicly_verifiable | not_publicly_verifiable | Request cap table and financing documents. |
Latest valuation used: $2.50B from CB Insights.
Sysdig publicly markets broad cloud-native security and monitoring with runtime insights, quote-based pricing and active AI/headless roadmap; efficacy and product economics require private validation.
verified confidence: medium
Public pages support CNAPP, detection/response, posture/permissions, vulnerability management, AI workload security, data security and monitoring; pricing is enterprise quote-based.
| product | use case | evidence | status | diligence need |
|---|---|---|---|---|
| Sysdig Secure / CNAPP | Cloud security across clouds, containers, Kubernetes, hosts, serverless. | Platform/pricing pages describe CNAPP. | verified | Demo, deployment metrics, references. |
| Detection and response | Real-time runtime/cloud threat detection. | Pricing page describes container/Kubernetes, serverless and cloud-log detections. | verified | Detection quality, false positives, incident workflow. |
| Sysdig Monitor | Kubernetes/container/cloud monitoring and managed Prometheus. | Pricing page describes cloud-native monitoring. | verified | Attach, retention, margin. |
| AI/headless cloud security | AI coding agents and agentic security workflows. | 2026 release announced headless security. | verified | Pilots, adoption, AI safety. |
| offering | pricing signal | basis | status | request |
|---|---|---|---|---|
| CNAPP / Secure | Prices tailored; request a quote. | Hosts; cloud-log events for some detections. | verified | Price book, ACV, discounts, margin. |
| Detection and response | No list price. | Hosts and cloud-log processing. | verified | Consumption/overage and support burden. |
| Cloud-native monitoring | No list price. | Host-based and time-series licensing. | verified | Usage cohorts and SKU churn. |
Named customers and partners validate enterprise presence, but top-customer schedules, concentration, churn, severed relationships and supplier spend are not public.
partially verified confidence: medium
Public case studies identify customers and use cases but not top-15 customers by revenue or purchase timing.
| customer | evidence | status | caveat |
|---|---|---|---|
| Minna Bank | Customer quote about Sysdig Sage. | partially_verified | No contract value/term public. |
| UIDAI | CISO quote on security mission. | partially_verified | No revenue/data scope public. |
| Rush Street Interactive | Infrastructure security quote. | partially_verified | No ARR or renewal status public. |
| Worldpay | Customer quote and archived release reference. | partially_verified | Verify current products and ACV. |
| Neo4j, Yahoo Japan, IBM, JW Player | Neo4j story and archived references. | partially_verified | Some references are historical/company-curated. |
verified confidence: medium
Public materials show cloud, technology, GSI and marketplace relationships, but revenue contribution and contractual obligations are not public.
| partner | nature | evidence | status | gap |
|---|---|---|---|---|
| AWS | Cloud partner/marketplace/deployment ecosystem | Partners page promotes AWS security. | verified | Request AWS marketplace bookings. |
| IBM Cloud | Powered offering | IBM Cloud SCC Workload Protection/Monitoring powered by Sysdig. | verified | Request agreement and revenue contribution. |
| Google Cloud, Microsoft Azure, Oracle Cloud | Cloud ecosystem | Partner cards for these clouds. | verified | Request co-sell/data-residency commitments. |
| Checkmarx, Accenture and other technology/GSI partners | Technology alliance and services/channel ecosystem | Partner page categories/logos. | verified | Request partner-sourced ARR. |
not publicly verifiable confidence: high
Revenue concentration is not publicly verifiable; public customers are qualitative only.
not publicly verifiable confidence: low
No public evidence of severed major customer, partner or supplier relationships was found; absence is not proof none occurred.
partially verified confidence: medium
The subprocessor list identifies important cloud, AI, analytics, support and CRM vendors, but not spend concentration.
| supplier | role | locations | status | request |
|---|---|---|---|---|
| AWS / Anthropic via AWS Bedrock | Data storage and AI subprocessor | USA, Germany, Australia, India, Sweden; AI regions include USA/EU/Japan/Australia. | verified | Cloud spend, data-flow map, SLAs. |
| GCP / Azure / IBM / Oracle | Data storage/cloud processing | Multiple global regions or customer election. | verified | Provider commitments and data residency. |
| OpenAI / Azure OpenAI / Anthropic | AI and language model functionality | USA/Europe and selected regions. | verified | AI DPA terms and opt-in controls. |
| Salesforce, DevRev, Jira, Slack, Snowflake, Sigma, Pendo, Segment, Sentry | CRM/support/analytics/product/messaging/error tracking | Primarily USA. | verified | Vendor-risk assessments and access controls. |
Sysdig’s runtime/open-source positioning is differentiated, but CNAPP/cloud security includes broad incumbents and specialists with overlapping public claims.
verified confidence: medium
Palo Alto Prisma Cloud, Aqua Security and CrowdStrike publicly market overlapping CNAPP capabilities, creating pricing and platform-depth pressure.
| competitor | segment | overlap | pressure | status |
|---|---|---|---|---|
| Palo Alto Networks Prisma Cloud | Incumbent cloud security/CNAPP | CSPM, workload, app security, CIEM, vulnerability, runtime. | Bundle breadth vs Sysdig runtime emphasis. | verified |
| Aqua Security | Cloud-native security specialist | Integrated CNAPP, runtime, vulnerability, supply chain, Kubernetes, CSPM. | Specialist container/runtime overlap. | verified |
| CrowdStrike Falcon Cloud Security | Large public cybersecurity platform | CNAPP with unified agent/agentless protection. | Endpoint/SOC bundle and brand scale. | verified |
| Wiz / other private CNAPP vendors | Specialist CNAPP | Not directly fetched in this run. | Research backlog for win/loss. | unverified |
| axis | sysdig position | pressure | evidence strength | request |
|---|---|---|---|---|
| Runtime detection and open source | Strong narrative via Falco/runtime insights. | Aqua and CrowdStrike runtime/agent capabilities. | medium | Detection benchmarks and customer outcomes. |
| Platform breadth | Broad CNAPP/posture/permissions/vulnerability/monitoring claims. | Palo Alto/CrowdStrike broader portfolios. | medium | Feature parity, win/loss and attach-rate. |
| Price/distribution | Quote-based pricing and cloud partners. | Incumbents can bundle; specialists can discount. | low | Price book, discounts, channel ARR. |
Public GTM is active across direct demo/quote, customer stories, analyst badges, partners, integrations and AI launches; sales productivity is not public.
verified confidence: medium
Sysdig positions around real-time/runtime cloud security, uses demo/quote CTAs and supports partner/channel motions.
| channel | evidence | scope | status | gap |
|---|---|---|---|---|
| Direct enterprise sales | Demo and quote CTAs. | Global web; US/EU/APAC/India endpoints. | verified | Pipeline and sales cycle not public. |
| Cloud marketplaces/partners | Partners page says global channels and marketplaces. | AWS, IBM, Google Cloud, Azure, Oracle. | verified | Bookings not public. |
| Technology alliances / GSI | Partner locator, integrations and alliance program. | Technology partners and GSIs. | verified | Referral terms not public. |
| Open source/community/content | Falco and content/events surfaces. | Global community. | verified | Open-source-to-paid conversion not public. |
| signal | evidence | status | follow up |
|---|---|---|---|
| Analyst/review badges | Forrester/Gartner/G2 references. | partially_verified | Original reports and review distribution. |
| Customer stories/testimonials | Minna, UIDAI, Rush Street, Worldpay, Neo4j. | partially_verified | Reference calls and contract verification. |
| AI/headless launch | May 2026 release. | verified | Pipeline, pilots and conversion. |
partially verified confidence: medium
Major-customer stories support credibility, but relationship health, expansion pipeline and future growth are private.
verified confidence: medium
Public new-business avenues include direct sales, cloud marketplaces, partners, integrations, open source and content.
not publicly verifiable confidence: high
Sales compensation, quota, cycle length and new-hire productivity are not public; quote-based pricing implies enterprise sales diligence.
| metric | public status | why | request |
|---|---|---|---|
| Average quota / attainment | not_publicly_verifiable | Determines sales efficiency. | Quota, attainment and ramp cohorts. |
| Sales cycle / pipeline coverage | not_publicly_verifiable | Long cycles pressure CAC. | Pipeline report, stage conversion, win/loss. |
| Discounting / price realization | not_publicly_verifiable | Competitive bundles may reduce net price. | Deal desk data and renewal uplifts. |
not publicly verifiable confidence: high
Budget sufficiency cannot be assessed publicly because spend, pipeline targets, CAC/payback and productivity are not disclosed.
R&D evidence is strongest around Falco/open source, runtime telemetry, engineering leadership and 2026 AI/headless roadmap; spend, timing and technical debt are not public.
verified confidence: medium
Public leadership and open-source evidence show runtime-security engineering depth, Falco activity and named engineering/product/security leaders.
| name or role | public role | evidence | status | follow up |
|---|---|---|---|---|
| Loris Degioanni | CTO, Founder & Office of the CEO | Creator of sysdig and Falco. | verified | Retention, IP assignment, roadmap ownership. |
| Michele Zuccala | SVP Engineering | Leads Open Source R&D, Runtime Security, Monitoring, AI and platform. | verified | Engineering KPIs and attrition. |
| Sergej Epp | CISO | Leads cybersecurity strategy and risk management. | verified | Security program and incident history. |
| Falco maintainers/community | Open-source runtime ecosystem | CNCF graduated project and active releases. | verified | Governance and release cadence. |
partially verified confidence: medium
The newest public pipeline signal is headless cloud security for AI agents; roadmap timing, cost, adoption and monetization are not public.
| project | public status | timing | status | request |
|---|---|---|---|---|
| Headless cloud security for AI agents | Announced May 6, 2026. | Current/announced; roadmap not public. | verified | Pilots, GA status, adoption, revenue. |
| Sysdig Sage / AI analyst | Referenced in customer/platform/subprocessor sources. | Marketed; roadmap not public. | partially_verified | Model providers, opt-in controls, usage outcomes. |
| Falco/runtime telemetry | Open-source release cadence; Falco 0.44.1 on 2026-06-11. | Active releases. | verified | Commercial roadmap dependency and audits. |
Public leadership and careers data show an active global organization, but org chart, headcount, compensation, stock plans and turnover remain private.
partially verified confidence: medium
Public materials provide executive roster and Office-of-CEO signal but not a full org chart or reporting lines.
Confirm exact reporting lines with company org chart.
partially verified confidence: medium
Careers page showed three open roles by department and global location statements, but total headcount and plan are private.
| function or location | signal | indicator | status | caveat |
|---|---|---|---|---|
| Engineering | Careers department count | 1 open role | verified | Not total headcount. |
| Product | Careers department count | 1 open role | verified | Not total headcount. |
| Sales | Careers department count | 1 open role | verified | Not total headcount. |
| Flexible locations and Tokyo | Careers location buckets | Flexible 3; Tokyo 1 | verified | Posting locations only. |
| Subsidiary footprint | Legal subsidiaries | UK, Italy, Japan, Spain, France, India, Serbia, Canada, Costa Rica, Germany | verified | Entity does not equal material headcount. |
verified confidence: medium
Senior management biographies are available for founder/CTO, CFO/Office of CEO, CISO, SVP Engineering and other leaders.
| name | role | evidence | status | need |
|---|---|---|---|---|
| Loris Degioanni | CTO, Founder & Office of the CEO | Founder and creator of sysdig/Falco. | verified | Retention, equity, IP. |
| Karen Walker | CFO & Office of the CEO | CFO since 2021; Office of CEO in 2025. | verified | Decision rights and finance controls. |
| Sergej Epp | CISO | Leads cybersecurity strategy. | verified | Certifications/incident history. |
| Michele Zuccala | SVP Engineering | Leads engineering across open source/runtime/AI/platform. | verified | Execution and attrition. |
| Board/advisors | Investor-associated public board/advisor biographies | About page board/advisor section. | partially_verified | Actual board composition and rights. |
not publicly verifiable confidence: medium
Careers page describes competitive pay, equity opportunities and benefits, but specific compensation arrangements are private.
not publicly verifiable confidence: high
Incentive stock-plan terms are not public; careers page only states equity opportunities are available.
not publicly verifiable confidence: low
No public employee-relations schedule was available; one settled case involving Sysdig was identified.
not publicly verifiable confidence: high
Turnover data is not public; careers content indicates current hiring but not attrition or retention outcomes.
| item | evidence | status | risk or follow up |
|---|---|---|---|
| Historical turnover | Not disclosed publicly. | not_publicly_verifiable | Request monthly headcount roll-forward and attrition. |
| Employee-relations issues | No HR schedule public; one settled/dismissed case involving Sysdig. | partially_verified | Request counsel/HR summary and settlement records. |
| Retention/benefits | Careers page lists benefits, compensation and equity opportunities. | verified | Request stock plan, comp bands and retention analysis. |
Public legal evidence includes one settled/dismissed case, trademark records, no obvious EDGAR public-company result and a subprocessor list; insurance, contracts, full legal search and official IP schedules need counsel-led diligence.
partially verified confidence: medium
CourtListener identified Xiao v. Sysdig, filed Dec. 11, 2023 and later dismissed after settlement; no currently pending status was visible from that docket summary.
| case | court | filed date | status | evidence | caveat |
|---|---|---|---|---|---|
| Xiao v. Sysdig, Inc., 5:23-cv-00706 | E.D.N.C. via CourtListener | 2023-12-11 | Dismissed after settlement | Docket says parties settled all matters and case dismissed. | Terms/reserves unknown. |
| Other pending lawsuits against Sysdig | Public-source search in this run | not_publicly_verifiable | No other direct pending case verified | Limited public review. | Counsel search required. |
unverified confidence: low
No public evidence of lawsuits initiated by Sysdig was verified; absence is not legal clearance.
| matter type | evidence | status | gap | request |
|---|---|---|---|---|
| Lawsuits initiated by Sysdig | No pending affirmative litigation verified. | unverified | Could exist outside reviewed sources. | Counsel docket search. |
| Regulatory or agency actions | No agency action verified; SEC search returned no matching companies. | not_publicly_verifiable | Privacy/AI/export/employment matters may be non-public. | Regulatory correspondence and audit schedule. |
| Insurance / material contracts / DPAs | Subprocessor list exists; contracts/policies not public. | not_publicly_verifiable | Indemnity, privacy or uptime obligations may be material. | Material contract schedule, insurance and DPAs. |
not publicly verifiable confidence: low
No environmental or employee-safety liabilities were publicly verifiable; software/SaaS operations still require workplace compliance.
partially verified confidence: medium
Trademark records show brand portfolio; patents, copyrights, source-code ownership and license compliance require deeper review.
| asset | scope | status public | verification status | follow up |
|---|---|---|---|---|
| SYSDIG / SYSDIG MONITOR / SYSDIG SECURE / SYSDIG INSPECT / SECURE EVERY SECOND | U.S. trademarks via third-party index | 22 applications with multiple live marks. | partially_verified | Confirm TSDR status and assignments. |
| Falco open-source project | CNCF/GitHub open-source ecosystem | Originally created by Sysdig and CNCF graduated. | verified | Review license obligations and CLAs. |
| Patents / copyrights / proprietary source code | Global | No complete official schedule reviewed. | not_publicly_verifiable | Request IP schedule, patent searches, assignments and SBOM. |
not publicly verifiable confidence: high
Insurance coverage, cyber policy limits, E&O, D&O and exclusions are not publicly verifiable.
not publicly verifiable confidence: high
Customer, partner, cloud, AI-vendor and employment material contracts are not public; subprocessor list only indicates vendor categories.
not publicly verifiable confidence: medium
No regulatory enforcement action was verified; subprocessor and AI/data processing footprint creates privacy/compliance diligence needs.
Risk may change with private data-room evidence.
| ID | Claim | Status | Sources |
|---|---|---|---|
| EC-001 | CB Insights lists Sysdig as a private unicorn at a $2.50B valuation in Enterprise Tech, San Francisco, with Accel, Bain Capital Ventures and Insight Partners as investors. | verified medium | SRC-001 |
| EC-002 | An archived 2021 release says Sysdig raised a $188M Series F at a $1.19B valuation, bringing total funding to $394M. | verified high | SRC-002 |
| EC-003 | Sysdig says Loris Degioanni founded the company in 2013 and that it began as an open-source project for system-call-level introspection into containers. | verified medium | SRC-003 |
| EC-004 | Sysdig markets a broad cloud security platform covering CNAPP, CSPM, CIEM, vulnerability management, container workload protection, AI workload security, cloud detection and response, DSPM and monitoring. | verified medium | SRC-004SRC-005 |
| EC-005 | Sysdig presents quote-based pricing and licensing dimensions based on hosts, cloud logs and time series rather than public list prices. | verified medium | SRC-005 |
| EC-006 | Sysdig publishes customer evidence for Minna Bank, UIDAI, Rush Street, Worldpay and Neo4j; an archived release also named Worldpay by FIS, Yahoo Japan, IBM and JW Player. | partially verified medium | SRC-006SRC-002 |
| EC-007 | Sysdig markets AWS, IBM Cloud, Google Cloud, Microsoft Azure, Oracle Cloud, technology, GSI and marketplace partner motions. | verified medium | SRC-007 |
| EC-008 | Sysdig appears active with careers content showing global growth, San Francisco headquarters, offices across the Americas and Europe, and open roles in Engineering, Product and Sales. | verified medium | SRC-008 |
| EC-009 | Sysdig publicly lists Loris Degioanni and Karen Walker in the Office of the CEO, plus CISO Sergej Epp, SVP Engineering Michele Zuccala and board/advisor biographies. | verified medium | SRC-003 |
| EC-010 | Sysdig’s subprocessor list includes cloud, AI, CRM, analytics and support providers including AWS, Anthropic via AWS Bedrock, Azure OpenAI, GCP, IBM, Microsoft Azure, OpenAI, Oracle, Salesforce, Slack and Snowflake. | verified medium | SRC-015 |
| EC-011 | Falco is a cloud-native runtime security project originally created by Sysdig, CNCF graduated, active on GitHub, and publicly reported 9,036 stars with latest release 0.44.1 on 2026-06-11 at access time. | verified high | SRC-012SRC-013 |
| EC-012 | Sysdig announced headless cloud security for AI agents on May 6, 2026, describing full-lifecycle CNAPP capabilities inside AI coding agents and runtime telemetry. | verified medium | SRC-014 |
| EC-013 | CourtListener shows Xiao v. Sysdig, Inc. was filed Dec. 11, 2023 and later dismissed after settlement notice. | verified medium | SRC-009 |
| EC-014 | TrademarkElite lists 22 U.S. trademark applications filed by Sysdig, Inc., including live product/brand marks such as SYSDIG, SYSDIG MONITOR, SYSDIG SECURE, SYSDIG INSPECT and SECURE EVERY SECOND. | partially verified medium | SRC-010 |
| EC-015 | SEC EDGAR company search for Sysdig returned no matching companies at access time. | verified medium | SRC-011 |
| EC-016 | Sysdig competes in crowded CNAPP/cloud security with overlapping public product claims from Palo Alto Prisma Cloud, Aqua Security and CrowdStrike Falcon Cloud Security. | verified medium | SRC-016SRC-017SRC-018SRC-004 |
| EC-017 | Sysdig uses public third-party validation in marketing, including Forrester Leader, Gartner Peer Insights Customers Choice and G2 badge references on company pages. | partially verified low | SRC-004SRC-006 |
| EC-018 | Audited financials, ARR, revenue by product/geography, gross margin, backlog, AR aging, projections, tax positions, debt and full cap table are not publicly verifiable. | not publicly verifiable high | SRC-001SRC-002SRC-005SRC-011 |
| EC-019 | Sysdig has an international footprint reflected in careers claims, SaaS login regions and subsidiaries in the UK, Italy, Japan, Spain, France, India, Serbia, Canada, Costa Rica and Germany. | verified medium | SRC-005SRC-008SRC-015 |
| EC-020 | Public GTM signals include direct demo/quote CTAs, customer stories, analyst/review badges, cloud partners, integrations, open source and a 2026 AI/headless launch. | verified medium | SRC-004SRC-006SRC-007SRC-014 |
| EC-021 | Major-customer economics, customer concentration, churn, NRR, sales productivity, pipeline and contract terms are not publicly verifiable. | not publicly verifiable high | SRC-005SRC-006 |
| EC-022 | Insurance, material contracts, complete litigation, regulatory-agency matters, official IP ownership and environmental/safety liabilities are not publicly verifiable. | not publicly verifiable high | SRC-009SRC-010SRC-011SRC-015 |
This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.