Startup Diligence
Diligence report Cybersecurity; cloud-native application protection platform (CNAPP), runtime security, container/Kubernetes security and monitoring Private unicorn / late-stage venture-backed cybersecurity company

Sysdig

Sysdig Startup Diligence Report

Sysdig has credible public differentiation around runtime security, Falco/open source, enterprise customers and AI/headless cloud-security roadmap; diligence should test whether revenue growth, retention, margins and win rates justify the stale public valuation in a crowded CNAPP market.

Company profile

Sysdig Startup Diligence Report

Eligible private active unicorn: public evidence supports Sysdig as an active U.S. cybersecurity/CNAPP company with latest public-list valuation of $2.50B, but investability hinges on private financial quality, valuation reconciliation, customer concentration and competitive proof.

Website
www.sysdig.com
Sector
Cybersecurity; cloud-native application protection platform (CNAPP), runtime security, container/Kubernetes security and monitoring
Geography
United States (San Francisco) with global subsidiaries, regional SaaS endpoints and international customers/partners
Stage
Private unicorn / late-stage venture-backed cybersecurity company
Known aliases
Sysdig, Inc., Sysdig Secure, Sysdig Monitor, Falco (open-source project originally created by Sysdig)
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • Founded in 2013 by Loris Degioanni and born in open source.
  • Markets a broad CNAPP/runtime/cloud-security and monitoring platform.
  • Recently announced AI/headless cloud-security product direction, supporting active status.

Risks

  • Financial statements, ARR, margin, burn, backlog and unit economics are not public.
  • Public valuation sources need reconciliation: $1.19B Series F historical source versus $2.50B CB Insights value.
  • CNAPP/cloud security is highly competitive with broad incumbent and specialist overlap.

Gaps

  • Audited financials, ARR/NRR/churn, gross margin, burn/runway and forecast model.
  • Current cap table, preference stack, debt and valuation reconciliation to $2.50B.
  • Top customer concentration, contracts, renewal pipeline and customer reference validation.
  • Win/loss, competitive pricing, product benchmarks and AI/headless adoption metrics.
  • Complete litigation/IP/insurance/material contract schedules reviewed by counsel.

Recommended next steps

  • Run financial, cap-table and tax diligence before relying on public valuation.
  • Conduct customer-reference and win/loss calls across top accounts and competitive losses.
  • Perform product/security architecture review, including AI subprocessors and Falco/open-source governance.
  • Have counsel complete litigation, IP, privacy, insurance and material-contract review.

Risk register

high high likelihood

R-001: Private financial opacity

Audited financials, ARR, margin, burn, runway, backlog and unit economics are not public.

Diligence request: Request audited financials, ARR bridge, retention, cash runway, AR aging and forecast model.

high high likelihood

R-003: Crowded CNAPP competitive field

Large incumbents and specialists market overlapping CNAPP/cloud security capabilities.

Diligence request: Request win/loss, pricing, analyst research, product benchmarks and customer references.

high medium likelihood

R-002: Valuation staleness and round reconciliation

CB $2.50B public-list valuation must be reconciled with archived $1.19B Series F and current securities.

Diligence request: Reconcile financing documents, liquidation preferences, option pool, debt and board valuation materials.

high unknown likelihood

R-004: Customer concentration and retention unknown

Public logos and quotes do not reveal concentration, renewal status, churn, NRR, backlog or customer health.

Diligence request: Request top-25 ARR, contracts, renewal/churn cohorts and customer references.

medium high likelihood

R-005: AI/headless product execution risk

Agentic/headless product launch is current but adoption, monetization and maturity are not public.

Diligence request: Review roadmap, pilots, model governance, telemetry controls and revenue contribution.

medium high likelihood

R-006: Cloud and AI subprocessor dependence

Data storage, AI and support depend on a broad subprocessor base.

Diligence request: Request DPAs, SLAs, data-flow maps, vendor spend and incident history.

medium medium likelihood

R-007: Open-source governance and commercial-control risk

Falco is CNCF graduated and differentiated but license/governance/commercial boundaries require control.

Diligence request: Review open-source policy, SBOM, license scans, CLAs and assignment records.

medium medium likelihood

R-008: Legal, IP and insurance incompleteness

Settled docket and trademark records are public, but complete litigation/IP/insurance/contracts are not.

Diligence request: Counsel-led docket/IP/insurance/material-contract review.

Chapter 01

01Financial Information

Public evidence verifies late-stage financing and a $2.50B public-list valuation, but financial statements, projections, revenue quality and current capital structure remain private.

I.A Annual and quarterly financial information for the past three years

not publicly verifiable confidence: high

No audited or quarterly financial statements, management reports, revenue breakdowns, backlog or AR aging were public.

Evidence gaps

  • Audited financial statements, management accounts, ARR bridge, revenue by product/channel/geography, backlog and AR aging are required.

Hidden risks

  • Valuation may be disconnected from current revenue quality if growth or multiples changed.

Follow-up questions

  • Provide monthly P&L, balance sheet, cash flow, ARR/NRR/churn cohorts, backlog and AR aging for FY2023-FY2026 YTD.
Public financial, revenue and unit-economic signals
signalpublic evidencestatusrequest
Revenue/ARR/gross margin/burnNo public financial statements found.not_publicly_verifiableFinancials, ARR bridge, margin by SKU, burn/runway.
Pricing modelQuote-based host/log/time-series licensing.verifiedACV, discounts, gross margin, renewal terms.
Global operationsSubsidiaries, endpoints and offices indicate international footprint.verifiedRevenue/geography, FX, tax and local compliance costs.

I.B Financial Projections

not publicly verifiable confidence: medium

Growth drivers are visible in product, AI/headless, partner and global footprint claims, but forecast assumptions are not public.

Evidence gaps

  • No three-year projections, sensitivity cases, capex, working-capital or financing assumptions were public.

Hidden risks

  • Forecasts may depend on competitive displacement and AI adoption that are not externally validated.

Follow-up questions

  • Provide board-approved forecast, scenarios, sales capacity model, capex/working-capital assumptions and runway.

I.C Capital Structure

not publicly verifiable confidence: medium

Public sources identify investors and valuations but not shares, preferences, option pool, debt, warrants or liabilities.

Evidence gaps

  • No cap table, option/warrant schedule, debt summary or off-balance-sheet liability schedule was public.

Hidden risks

  • Later financing terms could include senior preferences or structured rights.

Follow-up questions

  • Provide fully diluted cap table, preferred terms, option pool, debt/notes/warrants and board valuation materials.
Capital structure / ownership snapshot
itempublic positionstatuscaveat
Accel, Bain Capital Ventures, Insight PartnersNamed by CB as investors.verifiedOwnership and rights private.
Premji Invest & Associates; Third Point VenturesSeries F leads in archived release.verifiedTerms private.
Shares/options/warrants/debt/liabilitiesNo public schedule.not_publicly_verifiableRequire cap table and debt/liability schedules.

I.D Other financial information

partially verified confidence: medium

Historical financing can be partially reconstructed; tax positions, accounting policies and full financing ledger cannot.

Evidence gaps

  • No tax-position schedule, revenue-recognition policy or complete equity/debt ledger was public.

Hidden risks

  • A stale or list-derived valuation may not represent current fair value or liquidation outcomes.

Follow-up questions

  • Provide financing ledger, tax positions, revenue-recognition policy, debt schedule and valuation reconciliation.
Public funding-round and valuation history
dateeventamountvaluationstatuscaveat
2021-04-28Series F$188M$1.19BverifiedHistorical release; terms private.
2026-06-12 accessedCB unicorn-list valuationnot disclosed$2.50Bpartially_verifiedLatest public valuation used; reconcile to primary documents.
CurrentFull financing ledgernot_publicly_verifiablenot_publicly_verifiablenot_publicly_verifiableRequest cap table and financing documents.

Latest valuation used: $2.50B from CB Insights.

Public financing timeline Chronological public valuation/funding anchors.
Public valuation trajectory chart Line chart of public valuation anchors.
Chapter 02

02Products

Sysdig publicly markets broad cloud-native security and monitoring with runtime insights, quote-based pricing and active AI/headless roadmap; efficacy and product economics require private validation.

II.A Description of each product

verified confidence: medium

Public pages support CNAPP, detection/response, posture/permissions, vulnerability management, AI workload security, data security and monitoring; pricing is enterprise quote-based.

Evidence gaps

  • No independent benchmarks, usage telemetry, roadmap delivery scorecard or SKU-level profitability was public.

Hidden risks

  • Broad scope can mask integration complexity and feature-depth gaps.

Follow-up questions

  • Provide product usage metrics, reliability/SLA data, roadmap status, security review, gross margin and competitive benchmarks.
Product / SKU matrix
productuse caseevidencestatusdiligence need
Sysdig Secure / CNAPPCloud security across clouds, containers, Kubernetes, hosts, serverless.Platform/pricing pages describe CNAPP.verifiedDemo, deployment metrics, references.
Detection and responseReal-time runtime/cloud threat detection.Pricing page describes container/Kubernetes, serverless and cloud-log detections.verifiedDetection quality, false positives, incident workflow.
Sysdig MonitorKubernetes/container/cloud monitoring and managed Prometheus.Pricing page describes cloud-native monitoring.verifiedAttach, retention, margin.
AI/headless cloud securityAI coding agents and agentic security workflows.2026 release announced headless security.verifiedPilots, adoption, AI safety.
Pricing and packaging diligence matrix
offeringpricing signalbasisstatusrequest
CNAPP / SecurePrices tailored; request a quote.Hosts; cloud-log events for some detections.verifiedPrice book, ACV, discounts, margin.
Detection and responseNo list price.Hosts and cloud-log processing.verifiedConsumption/overage and support burden.
Cloud-native monitoringNo list price.Host-based and time-series licensing.verifiedUsage cohorts and SKU churn.
Sysdig public product and dependency architecture Map public platform components and major dependencies.
Chapter 03

03Customer Information

Named customers and partners validate enterprise presence, but top-customer schedules, concentration, churn, severed relationships and supplier spend are not public.

III.A Top customers by application

partially verified confidence: medium

Public case studies identify customers and use cases but not top-15 customers by revenue or purchase timing.

Evidence gaps

  • No top-15 customer list, application-by-customer revenue, purchase dates or product-ownership schedule was public.

Hidden risks

  • Public logos can overstate current paid usage if old, limited or non-renewed.

Follow-up questions

  • Provide top-25 customers by ARR with products used, start date, renewal date, ACV, NRR and support status.
Publicly known customers and case-study signals
customerevidencestatuscaveat
Minna BankCustomer quote about Sysdig Sage.partially_verifiedNo contract value/term public.
UIDAICISO quote on security mission.partially_verifiedNo revenue/data scope public.
Rush Street InteractiveInfrastructure security quote.partially_verifiedNo ARR or renewal status public.
WorldpayCustomer quote and archived release reference.partially_verifiedVerify current products and ACV.
Neo4j, Yahoo Japan, IBM, JW PlayerNeo4j story and archived references.partially_verifiedSome references are historical/company-curated.

III.B Strategic relationships

verified confidence: medium

Public materials show cloud, technology, GSI and marketplace relationships, but revenue contribution and contractual obligations are not public.

Evidence gaps

  • Revenue contribution, co-sell commitments, MDF, partner-sourced pipeline and termination rights are not public.

Hidden risks

  • Partner pages may reflect marketing relationships rather than productive revenue channels.

Follow-up questions

  • Provide partner agreements, channel-sourced ARR, marketplace bookings and partner pipeline.
Strategic relationships and partnerships
partnernatureevidencestatusgap
AWSCloud partner/marketplace/deployment ecosystemPartners page promotes AWS security.verifiedRequest AWS marketplace bookings.
IBM CloudPowered offeringIBM Cloud SCC Workload Protection/Monitoring powered by Sysdig.verifiedRequest agreement and revenue contribution.
Google Cloud, Microsoft Azure, Oracle CloudCloud ecosystemPartner cards for these clouds.verifiedRequest co-sell/data-residency commitments.
Checkmarx, Accenture and other technology/GSI partnersTechnology alliance and services/channel ecosystemPartner page categories/logos.verifiedRequest partner-sourced ARR.

III.C Revenue by customer

not publicly verifiable confidence: high

Revenue concentration is not publicly verifiable; public customers are qualitative only.

Evidence gaps

  • No revenue-by-customer, ACV, renewal, churn, NRR, backlog or AR schedule was public.

Hidden risks

  • Enterprise cybersecurity businesses can have large strategic accounts; concentration risk cannot be assessed from logos.

Follow-up questions

  • Provide revenue by customer, contracts, renewal/churn data and all accounts over 5% of revenue.
Customer concentration diligence bar Null revenue-share bars because public sources do not disclose customer concentration.

III.D Significant relationships severed within the last two years

not publicly verifiable confidence: low

No public evidence of severed major customer, partner or supplier relationships was found; absence is not proof none occurred.

Evidence gaps

  • No churn log, termination notices, customer-health scorecards or partner offboarding records were public.

Hidden risks

  • Material churn or partner termination could be hidden.

Follow-up questions

  • Provide lost/de-scoped top customers, partner terminations, lost ARR and remediation plans for the last 24 months.

III.E Top suppliers

partially verified confidence: medium

The subprocessor list identifies important cloud, AI, analytics, support and CRM vendors, but not spend concentration.

Evidence gaps

  • No supplier spend, SLA, incident history, DPA terms, dependency map or vendor-risk ratings were public.

Hidden risks

  • A SaaS platform could have high cloud-provider concentration, data-residency or AI-model dependency risk.

Follow-up questions

  • Provide vendor spend, DPAs, SLAs, data-flow maps, incident history, resilience plans and exit strategy.
Top supplier / cloud and AI dependency matrix
supplierrolelocationsstatusrequest
AWS / Anthropic via AWS BedrockData storage and AI subprocessorUSA, Germany, Australia, India, Sweden; AI regions include USA/EU/Japan/Australia.verifiedCloud spend, data-flow map, SLAs.
GCP / Azure / IBM / OracleData storage/cloud processingMultiple global regions or customer election.verifiedProvider commitments and data residency.
OpenAI / Azure OpenAI / AnthropicAI and language model functionalityUSA/Europe and selected regions.verifiedAI DPA terms and opt-in controls.
Salesforce, DevRev, Jira, Slack, Snowflake, Sigma, Pendo, Segment, SentryCRM/support/analytics/product/messaging/error trackingPrimarily USA.verifiedVendor-risk assessments and access controls.
Chapter 04

04Competition

Sysdig’s runtime/open-source positioning is differentiated, but CNAPP/cloud security includes broad incumbents and specialists with overlapping public claims.

IV.A Competitive landscape by market segment

verified confidence: medium

Palo Alto Prisma Cloud, Aqua Security and CrowdStrike publicly market overlapping CNAPP capabilities, creating pricing and platform-depth pressure.

Evidence gaps

  • No market share, win/loss, displacement, pricing or independent benchmark data was public.

Hidden risks

  • Incumbents can bundle cloud security with endpoint, network, SIEM or broader platforms.

Follow-up questions

  • Provide win/loss reports, analyst research, pricing, deal discounts, benchmarks and references where Sysdig displaced competitors.
Competitor comparison matrix
competitorsegmentoverlappressurestatus
Palo Alto Networks Prisma CloudIncumbent cloud security/CNAPPCSPM, workload, app security, CIEM, vulnerability, runtime.Bundle breadth vs Sysdig runtime emphasis.verified
Aqua SecurityCloud-native security specialistIntegrated CNAPP, runtime, vulnerability, supply chain, Kubernetes, CSPM.Specialist container/runtime overlap.verified
CrowdStrike Falcon Cloud SecurityLarge public cybersecurity platformCNAPP with unified agent/agentless protection.Endpoint/SOC bundle and brand scale.verified
Wiz / other private CNAPP vendorsSpecialist CNAPPNot directly fetched in this run.Research backlog for win/loss.unverified
Basis-of-competition scoring
axissysdig positionpressureevidence strengthrequest
Runtime detection and open sourceStrong narrative via Falco/runtime insights.Aqua and CrowdStrike runtime/agent capabilities.mediumDetection benchmarks and customer outcomes.
Platform breadthBroad CNAPP/posture/permissions/vulnerability/monitoring claims.Palo Alto/CrowdStrike broader portfolios.mediumFeature parity, win/loss and attach-rate.
Price/distributionQuote-based pricing and cloud partners.Incumbents can bundle; specialists can discount.lowPrice book, discounts, channel ARR.
CNAPP competitive market map Qualitative 2x2 using public claims.
Chapter 05

05Marketing, Sales, and Distribution

Public GTM is active across direct demo/quote, customer stories, analyst badges, partners, integrations and AI launches; sales productivity is not public.

V.A Strategy and implementation

verified confidence: medium

Sysdig positions around real-time/runtime cloud security, uses demo/quote CTAs and supports partner/channel motions.

Evidence gaps

  • No marketing budget, CAC, conversion, channel mix, regional pipeline or campaign ROI was public.

Hidden risks

  • Marketing claims may outpace adoption in new AI/headless categories.

Follow-up questions

  • Provide GTM plan, pipeline by source, CAC/payback, campaign ROI, marketplace bookings and partner-sourced ARR.
Distribution channels and GTM motions
channelevidencescopestatusgap
Direct enterprise salesDemo and quote CTAs.Global web; US/EU/APAC/India endpoints.verifiedPipeline and sales cycle not public.
Cloud marketplaces/partnersPartners page says global channels and marketplaces.AWS, IBM, Google Cloud, Azure, Oracle.verifiedBookings not public.
Technology alliances / GSIPartner locator, integrations and alliance program.Technology partners and GSIs.verifiedReferral terms not public.
Open source/community/contentFalco and content/events surfaces.Global community.verifiedOpen-source-to-paid conversion not public.
Public marketing-signal summary
signalevidencestatusfollow up
Analyst/review badgesForrester/Gartner/G2 references.partially_verifiedOriginal reports and review distribution.
Customer stories/testimonialsMinna, UIDAI, Rush Street, Worldpay, Neo4j.partially_verifiedReference calls and contract verification.
AI/headless launchMay 2026 release.verifiedPipeline, pilots and conversion.

V.B Major Customers

partially verified confidence: medium

Major-customer stories support credibility, but relationship health, expansion pipeline and future growth are private.

Evidence gaps

  • No customer-health score, renewal pipeline, expansion pipeline or top-account QBR materials were public.

Hidden risks

  • Curated testimonials may not represent overall customer health.

Follow-up questions

  • Provide top-account status, renewal/expansion pipeline, exec sponsor map and support escalations.

V.C Principal avenues for generating new business

verified confidence: medium

Public new-business avenues include direct sales, cloud marketplaces, partners, integrations, open source and content.

Evidence gaps

  • No channel contribution, lead-source conversion or partner-sourced ARR data was public.

Hidden risks

  • Over-reliance on cloud-marketplace or partner channels could reduce margin/control.

Follow-up questions

  • Provide pipeline/ARR by source, marketplace reports, open-source conversion and partner co-sell attribution.
Public GTM channel signal chart Evidence-density bar chart; not revenue mix.

V.D Sales force productivity model

not publicly verifiable confidence: high

Sales compensation, quota, cycle length and new-hire productivity are not public; quote-based pricing implies enterprise sales diligence.

Evidence gaps

  • No sales comp plan, quota model, attainment, ramp, pipeline coverage or cycle data was public.

Hidden risks

  • Competitive displacement and platform breadth could lengthen sales cycles.

Follow-up questions

  • Provide sales headcount, quota, attainment, pipeline coverage, cycle time, win rate and discounting.
Sales productivity and enterprise-sales diligence requests
metricpublic statuswhyrequest
Average quota / attainmentnot_publicly_verifiableDetermines sales efficiency.Quota, attainment and ramp cohorts.
Sales cycle / pipeline coveragenot_publicly_verifiableLong cycles pressure CAC.Pipeline report, stage conversion, win/loss.
Discounting / price realizationnot_publicly_verifiableCompetitive bundles may reduce net price.Deal desk data and renewal uplifts.

V.E Ability to implement marketing plan with current and projected budgets

not publicly verifiable confidence: high

Budget sufficiency cannot be assessed publicly because spend, pipeline targets, CAC/payback and productivity are not disclosed.

Evidence gaps

  • No budget, forecast, CAC/payback, campaign ROI or board GTM plan was public.

Hidden risks

  • If valuation or runway is stale, marketing budget may be constrained relative to incumbents.

Follow-up questions

  • Provide marketing budget, actual-vs-plan, CAC/payback, campaign ROI, pipeline source and GTM investment plan.
Chapter 06

06Research and Development

R&D evidence is strongest around Falco/open source, runtime telemetry, engineering leadership and 2026 AI/headless roadmap; spend, timing and technical debt are not public.

VI.A Description of R&D organization

verified confidence: medium

Public leadership and open-source evidence show runtime-security engineering depth, Falco activity and named engineering/product/security leaders.

Evidence gaps

  • No R&D org chart, budget, sprint metrics, security backlog, technical-debt register or IP assignment records were public.

Hidden risks

  • Open-source governance may reduce proprietary control and increase support/security obligations.

Follow-up questions

  • Provide R&D org chart, roadmap, engineering KPIs, security backlog, open-source governance, SBOM and assignments.
Key R&D personnel / leadership
name or rolepublic roleevidencestatusfollow up
Loris DegioanniCTO, Founder & Office of the CEOCreator of sysdig and Falco.verifiedRetention, IP assignment, roadmap ownership.
Michele ZuccalaSVP EngineeringLeads Open Source R&D, Runtime Security, Monitoring, AI and platform.verifiedEngineering KPIs and attrition.
Sergej EppCISOLeads cybersecurity strategy and risk management.verifiedSecurity program and incident history.
Falco maintainers/communityOpen-source runtime ecosystemCNCF graduated project and active releases.verifiedGovernance and release cadence.

VI.B New Product Pipeline

partially verified confidence: medium

The newest public pipeline signal is headless cloud security for AI agents; roadmap timing, cost, adoption and monetization are not public.

Evidence gaps

  • No roadmap dates, R&D cost by project, pilot conversion, security validation or dependency map was public.

Hidden risks

  • AI workflow claims may face privacy, model-safety, reliability or adoption hurdles.

Follow-up questions

  • Provide roadmap, project budgets, pilots, model/vendor architecture, security evaluations and go/no-go criteria.
Public product / R&D pipeline
projectpublic statustimingstatusrequest
Headless cloud security for AI agentsAnnounced May 6, 2026.Current/announced; roadmap not public.verifiedPilots, GA status, adoption, revenue.
Sysdig Sage / AI analystReferenced in customer/platform/subprocessor sources.Marketed; roadmap not public.partially_verifiedModel providers, opt-in controls, usage outcomes.
Falco/runtime telemetryOpen-source release cadence; Falco 0.44.1 on 2026-06-11.Active releases.verifiedCommercial roadmap dependency and audits.
R&D portfolio and dependency map Map public R&D pillars and dependencies.
Chapter 07

07Management and Personnel

Public leadership and careers data show an active global organization, but org chart, headcount, compensation, stock plans and turnover remain private.

VII.A Organization Chart

partially verified confidence: medium

Public materials provide executive roster and Office-of-CEO signal but not a full org chart or reporting lines.

Evidence gaps

  • No complete org chart, reporting lines, succession plan or delegation matrix was public.

Hidden risks

  • Unclear decision rights or succession mechanics could slow execution.

Follow-up questions

  • Provide current org chart, reporting lines, executive scorecards, succession plan and delegation matrix.
Public leadership org chart Public executive/board structure from About page.

Confirm exact reporting lines with company org chart.

VII.B Historical and projected headcount by function and location

partially verified confidence: medium

Careers page showed three open roles by department and global location statements, but total headcount and plan are private.

Evidence gaps

  • No historical/projected headcount, location mix, attrition or workforce-cost plan was public.

Hidden risks

  • Low public role count could mean selective hiring, stale page, budget discipline or slower growth.

Follow-up questions

  • Provide headcount by function/location for FY2023-FY2026 YTD, hiring plan, attrition and workforce-cost forecast.
Headcount and hiring signals
function or locationsignalindicatorstatuscaveat
EngineeringCareers department count1 open roleverifiedNot total headcount.
ProductCareers department count1 open roleverifiedNot total headcount.
SalesCareers department count1 open roleverifiedNot total headcount.
Flexible locations and TokyoCareers location bucketsFlexible 3; Tokyo 1verifiedPosting locations only.
Subsidiary footprintLegal subsidiariesUK, Italy, Japan, Spain, France, India, Serbia, Canada, Costa Rica, GermanyverifiedEntity does not equal material headcount.
Hiring signal by function chart Public open-role counts; not total headcount.

VII.C Senior management biographies

verified confidence: medium

Senior management biographies are available for founder/CTO, CFO/Office of CEO, CISO, SVP Engineering and other leaders.

Evidence gaps

  • No executive contracts, references, board reviews or succession assessments were public.

Hidden risks

  • Bios do not disclose retention, succession, performance or compensation arrangements.

Follow-up questions

  • Provide management references, executive agreements, retention arrangements and succession plan.
Senior management roster
nameroleevidencestatusneed
Loris DegioanniCTO, Founder & Office of the CEOFounder and creator of sysdig/Falco.verifiedRetention, equity, IP.
Karen WalkerCFO & Office of the CEOCFO since 2021; Office of CEO in 2025.verifiedDecision rights and finance controls.
Sergej EppCISOLeads cybersecurity strategy.verifiedCertifications/incident history.
Michele ZuccalaSVP EngineeringLeads engineering across open source/runtime/AI/platform.verifiedExecution and attrition.
Board/advisorsInvestor-associated public board/advisor biographiesAbout page board/advisor section.partially_verifiedActual board composition and rights.

VII.D Compensation arrangements

not publicly verifiable confidence: medium

Careers page describes competitive pay, equity opportunities and benefits, but specific compensation arrangements are private.

Evidence gaps

  • No compensation bands, executive agreements, commission plans, severance or benefit-plan documents were public.

Hidden risks

  • Retention risk may be hidden if equity valuations are stale or underwater.

Follow-up questions

  • Provide compensation bands, executive agreements, commission plans, benefits and retention/change-in-control arrangements.

VII.E Incentive stock plans

not publicly verifiable confidence: high

Incentive stock-plan terms are not public; careers page only states equity opportunities are available.

Evidence gaps

  • No stock plan, grant ledger, option pool, exercise prices or refresh policy was public.

Hidden risks

  • Retention and option exercise behavior may be affected by valuation changes and preference stack.

Follow-up questions

  • Provide stock-plan documents, grant ledger, option pool, strike prices and refresh policy.

VII.F Significant employee relations problems, past or present

not publicly verifiable confidence: low

No public employee-relations schedule was available; one settled case involving Sysdig was identified.

Evidence gaps

  • No HR complaints, investigations, settlements, employee-relations log or counsel memo was public.

Hidden risks

  • Private employee disputes or investigations may not be public.

Follow-up questions

  • Provide employee-relations log, HR investigations, settlement agreements and counsel summary.

VII.G Personnel Turnover

not publicly verifiable confidence: high

Turnover data is not public; careers content indicates current hiring but not attrition or retention outcomes.

Evidence gaps

  • No attrition data, exit-interview analysis, regretted turnover or retention data was public.

Hidden risks

  • Turnover could impair product execution, enterprise sales or customer success without appearing publicly.

Follow-up questions

  • Provide monthly headcount roll-forward, attrition, regretted attrition, retention plans and exit-interview themes.
Departures / turnover / employee-relations signal table
itemevidencestatusrisk or follow up
Historical turnoverNot disclosed publicly.not_publicly_verifiableRequest monthly headcount roll-forward and attrition.
Employee-relations issuesNo HR schedule public; one settled/dismissed case involving Sysdig.partially_verifiedRequest counsel/HR summary and settlement records.
Retention/benefitsCareers page lists benefits, compensation and equity opportunities.verifiedRequest stock plan, comp bands and retention analysis.
Chapter 08

08Legal and Related Matters

Public legal evidence includes one settled/dismissed case, trademark records, no obvious EDGAR public-company result and a subprocessor list; insurance, contracts, full legal search and official IP schedules need counsel-led diligence.

VIII.A Pending lawsuits against the Company

partially verified confidence: medium

CourtListener identified Xiao v. Sysdig, filed Dec. 11, 2023 and later dismissed after settlement; no currently pending status was visible from that docket summary.

Evidence gaps

  • No comprehensive litigation schedule, counsel assessment or settlement agreement was public.

Hidden risks

  • Limited public docket search may miss state, arbitration, sealed, foreign or newly filed matters.

Follow-up questions

  • Request counsel litigation schedule, docket-search report, settlement agreements and reserves.
Pending lawsuits against the company
casecourtfiled datestatusevidencecaveat
Xiao v. Sysdig, Inc., 5:23-cv-00706E.D.N.C. via CourtListener2023-12-11Dismissed after settlementDocket says parties settled all matters and case dismissed.Terms/reserves unknown.
Other pending lawsuits against SysdigPublic-source search in this runnot_publicly_verifiableNo other direct pending case verifiedLimited public review.Counsel search required.
Legal and IP public-record timeline Timeline of public legal/IP/company-record evidence.

VIII.B Pending lawsuits initiated by Company

unverified confidence: low

No public evidence of lawsuits initiated by Sysdig was verified; absence is not legal clearance.

Evidence gaps

  • No counsel schedule, collections docket, arbitration list or state-court searches were public.

Hidden risks

  • Affirmative IP, collections, employment or contract disputes may exist outside reviewed sources.

Follow-up questions

  • Have counsel run docket searches and provide affirmative litigation, arbitration and threatened-claim schedules.
Pending lawsuits initiated, regulatory actions and legal matter gaps
matter typeevidencestatusgaprequest
Lawsuits initiated by SysdigNo pending affirmative litigation verified.unverifiedCould exist outside reviewed sources.Counsel docket search.
Regulatory or agency actionsNo agency action verified; SEC search returned no matching companies.not_publicly_verifiablePrivacy/AI/export/employment matters may be non-public.Regulatory correspondence and audit schedule.
Insurance / material contracts / DPAsSubprocessor list exists; contracts/policies not public.not_publicly_verifiableIndemnity, privacy or uptime obligations may be material.Material contract schedule, insurance and DPAs.

VIII.C Environmental and employee safety issues and liabilities

not publicly verifiable confidence: low

No environmental or employee-safety liabilities were publicly verifiable; software/SaaS operations still require workplace compliance.

Evidence gaps

  • No OSHA/local safety records, office compliance, workers compensation claims or environmental audit was public.

Hidden risks

  • Distributed offices can create local employment, health/safety and facilities compliance obligations.

Follow-up questions

  • Request safety logs, workers compensation claims, office compliance certificates and local employment summaries.

VIII.D Material patents, copyrights, licenses, and trademarks

partially verified confidence: medium

Trademark records show brand portfolio; patents, copyrights, source-code ownership and license compliance require deeper review.

Evidence gaps

  • No official USPTO extract, patent list, copyright/source-code assignment schedule, SBOM or license scan was public.

Hidden risks

  • Open-source and proprietary code boundaries can create compliance and freedom-to-operate risk.

Follow-up questions

  • Request official IP schedule, USPTO/TSDR extracts, patents, source-code ownership evidence, SBOM and license scan.
Material IP: trademarks, open source and gaps
assetscopestatus publicverification statusfollow up
SYSDIG / SYSDIG MONITOR / SYSDIG SECURE / SYSDIG INSPECT / SECURE EVERY SECONDU.S. trademarks via third-party index22 applications with multiple live marks.partially_verifiedConfirm TSDR status and assignments.
Falco open-source projectCNCF/GitHub open-source ecosystemOriginally created by Sysdig and CNCF graduated.verifiedReview license obligations and CLAs.
Patents / copyrights / proprietary source codeGlobalNo complete official schedule reviewed.not_publicly_verifiableRequest IP schedule, patent searches, assignments and SBOM.

VIII.E Insurance coverage and material exposures

not publicly verifiable confidence: high

Insurance coverage, cyber policy limits, E&O, D&O and exclusions are not publicly verifiable.

Evidence gaps

  • No insurance certificates, policy limits, claims history, exclusions or reserves were public.

Hidden risks

  • Cybersecurity vendors can face high E&O/cyber exposure if product failures or data handling cause customer loss.

Follow-up questions

  • Provide D&O, E&O, cyber, EPLI and general liability policies, claims history and broker loss runs.

VIII.F Material contracts

not publicly verifiable confidence: high

Customer, partner, cloud, AI-vendor and employment material contracts are not public; subprocessor list only indicates vendor categories.

Evidence gaps

  • No material customer contracts, partner agreements, cloud commitments, AI-vendor terms or employment agreements were public.

Hidden risks

  • Contracts could include non-standard indemnities, data-residency, uptime, audit, MFN or termination rights.

Follow-up questions

  • Provide material-contract schedule, top customer MSAs, partner agreements, cloud/AI vendor contracts and DPAs.

VIII.G Regulatory agency problems

not publicly verifiable confidence: medium

No regulatory enforcement action was verified; subprocessor and AI/data processing footprint creates privacy/compliance diligence needs.

Evidence gaps

  • No regulatory correspondence, audits, certifications, privacy assessments or AI governance files were public.

Hidden risks

  • Privacy, AI, export-control, sanctions, FedRAMP or sectoral compliance issues may not be visible publicly.

Follow-up questions

  • Request regulatory-action schedule, certifications, DPIAs/TIAs, AI governance, export/sanctions review and audit history.
Diligence risk heatmap Heatmap of full risk register.

Risk may change with private data-room evidence.

Evidence

Evidence claims
IDClaimStatusSources
EC-001 CB Insights lists Sysdig as a private unicorn at a $2.50B valuation in Enterprise Tech, San Francisco, with Accel, Bain Capital Ventures and Insight Partners as investors. verified medium SRC-001
EC-002 An archived 2021 release says Sysdig raised a $188M Series F at a $1.19B valuation, bringing total funding to $394M. verified high SRC-002
EC-003 Sysdig says Loris Degioanni founded the company in 2013 and that it began as an open-source project for system-call-level introspection into containers. verified medium SRC-003
EC-004 Sysdig markets a broad cloud security platform covering CNAPP, CSPM, CIEM, vulnerability management, container workload protection, AI workload security, cloud detection and response, DSPM and monitoring. verified medium SRC-004SRC-005
EC-005 Sysdig presents quote-based pricing and licensing dimensions based on hosts, cloud logs and time series rather than public list prices. verified medium SRC-005
EC-006 Sysdig publishes customer evidence for Minna Bank, UIDAI, Rush Street, Worldpay and Neo4j; an archived release also named Worldpay by FIS, Yahoo Japan, IBM and JW Player. partially verified medium SRC-006SRC-002
EC-007 Sysdig markets AWS, IBM Cloud, Google Cloud, Microsoft Azure, Oracle Cloud, technology, GSI and marketplace partner motions. verified medium SRC-007
EC-008 Sysdig appears active with careers content showing global growth, San Francisco headquarters, offices across the Americas and Europe, and open roles in Engineering, Product and Sales. verified medium SRC-008
EC-009 Sysdig publicly lists Loris Degioanni and Karen Walker in the Office of the CEO, plus CISO Sergej Epp, SVP Engineering Michele Zuccala and board/advisor biographies. verified medium SRC-003
EC-010 Sysdig’s subprocessor list includes cloud, AI, CRM, analytics and support providers including AWS, Anthropic via AWS Bedrock, Azure OpenAI, GCP, IBM, Microsoft Azure, OpenAI, Oracle, Salesforce, Slack and Snowflake. verified medium SRC-015
EC-011 Falco is a cloud-native runtime security project originally created by Sysdig, CNCF graduated, active on GitHub, and publicly reported 9,036 stars with latest release 0.44.1 on 2026-06-11 at access time. verified high SRC-012SRC-013
EC-012 Sysdig announced headless cloud security for AI agents on May 6, 2026, describing full-lifecycle CNAPP capabilities inside AI coding agents and runtime telemetry. verified medium SRC-014
EC-013 CourtListener shows Xiao v. Sysdig, Inc. was filed Dec. 11, 2023 and later dismissed after settlement notice. verified medium SRC-009
EC-014 TrademarkElite lists 22 U.S. trademark applications filed by Sysdig, Inc., including live product/brand marks such as SYSDIG, SYSDIG MONITOR, SYSDIG SECURE, SYSDIG INSPECT and SECURE EVERY SECOND. partially verified medium SRC-010
EC-015 SEC EDGAR company search for Sysdig returned no matching companies at access time. verified medium SRC-011
EC-016 Sysdig competes in crowded CNAPP/cloud security with overlapping public product claims from Palo Alto Prisma Cloud, Aqua Security and CrowdStrike Falcon Cloud Security. verified medium SRC-016SRC-017SRC-018SRC-004
EC-017 Sysdig uses public third-party validation in marketing, including Forrester Leader, Gartner Peer Insights Customers Choice and G2 badge references on company pages. partially verified low SRC-004SRC-006
EC-018 Audited financials, ARR, revenue by product/geography, gross margin, backlog, AR aging, projections, tax positions, debt and full cap table are not publicly verifiable. not publicly verifiable high SRC-001SRC-002SRC-005SRC-011
EC-019 Sysdig has an international footprint reflected in careers claims, SaaS login regions and subsidiaries in the UK, Italy, Japan, Spain, France, India, Serbia, Canada, Costa Rica and Germany. verified medium SRC-005SRC-008SRC-015
EC-020 Public GTM signals include direct demo/quote CTAs, customer stories, analyst/review badges, cloud partners, integrations, open source and a 2026 AI/headless launch. verified medium SRC-004SRC-006SRC-007SRC-014
EC-021 Major-customer economics, customer concentration, churn, NRR, sales productivity, pipeline and contract terms are not publicly verifiable. not publicly verifiable high SRC-005SRC-006
EC-022 Insurance, material contracts, complete litigation, regulatory-agency matters, official IP ownership and environmental/safety liabilities are not publicly verifiable. not publicly verifiable high SRC-009SRC-010SRC-011SRC-015
Sources
IDPublisherTitleAccessed
SRC-001 CB Insights The Complete List Of Unicorn Companies 2026-06-12
SRC-002 Yahoo Finance / archived company wire release Sysdig Raises $188M at a Valuation of $1.19B to Secure Modern Cloud Applications 2026-06-12
SRC-003 Sysdig About Us | Sysdig 2026-06-12
SRC-004 Sysdig Sysdig Platform | Sysdig 2026-06-12
SRC-005 Sysdig Sysdig Monitor Pricing | Sysdig 2026-06-12
SRC-006 Sysdig Customers | Sysdig 2026-06-12
SRC-007 Sysdig Sysdig Partners & Ecosystem 2026-06-12
SRC-008 Sysdig Careers | Sysdig 2026-06-12
SRC-009 CourtListener Xiao v. Sysdig, Inc., 5:23-cv-00706 2026-06-12
SRC-010 TrademarkElite SYSDIG, INC. Trademarks | USPTO Trademark Owner Search 2026-06-12
SRC-011 U.S. Securities and Exchange Commission EDGAR Company Search Results for Sysdig 2026-06-12
SRC-012 GitHub / Falco Security falcosecurity/falco repository and README 2026-06-12
SRC-013 Falco / CNCF community Falco project website 2026-06-12
SRC-014 Sysdig Sysdig Introduces the Industry’s First Headless Cloud Security Platform Built for AI Agents 2026-06-12
SRC-015 Sysdig Subprocessors | Sysdig Legal 2026-06-12
SRC-016 Palo Alto Networks Prisma Cloud | Comprehensive Cloud Security 2026-06-12
SRC-017 Aqua Security Aqua Platform Unified Cloud Security 2026-06-12
SRC-018 CrowdStrike CrowdStrike Falcon Cloud Security 2026-06-12

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.