Startups > SpyCloud

SpyCloud

SpyCloud protects enterprises from identity attacks using darknet intelligence.

Series D $314.0M total Founded 2016 Austin, Texas 190 employees

SpyCloud is a cybercrime analytics platform that recaptures and analyzes darknet breach and malware data to protect enterprises from identity-based attacks. The company operates the world's largest repository of compromised credentials and malware intelligence, enabling organizations to detect and remediate exposures across employees, contractors, customers, and non-human accounts in minutes. SpyCloud integrates with existing security infrastructure (EDR, IdP, SIEM, SOAR) to automate identity risk mitigation at scale, serving half of the Fortune 10 and government agencies globally.

Problem solved

Security teams lack visibility into compromised employee credentials, malware infections, and customer account exposure hidden in breach data, leaving them unable to prevent identity-based attacks before exploitation.

Target customer

Fortune 500 and mid-market enterprises with large employee and customer bases; government agencies; companies with mature security operations requiring advanced threat intelligence and automated incident response.

Website LinkedIn Crunchbase Twitter / X

Founders

Ted Ross

CEO & Co-Founder

20+ years in cybersecurity; previously CEO of Exodus Intelligence (vulnerability discovery), and held roles at HP, TippingPoint, 3Com, and Extreme Networks.

Alen Puzic

CTO & Co-Founder

Security researcher and engineer; founded PwnedList (acquired by InfoArmor 2013); worked at TippingPoint on malware classification and at IBM on security infrastructure including IPv6, SSL, and virtualization.

David Endler

Co-Founder (former)

Co-founder no longer active with the company.

Funding history

Seed $2.5M June 2, 2017 Led by Unknown · Unknown

Series A $5.0M 2018 Led by Silverton Partners · March Capital Partners

Series B $21.0M Unknown Led by M12 (Microsoft Ventures) · Altos Ventures, Silverton Partners, March Capital Partners

Series C $30.0M 2020 Led by Unknown · Unknown

Series D $110.0M August 23, 2023 Led by Riverwood Capital · Composite Ventures, Bessemer Venture Partners, Centana Growth Partners

Series D (Extension) $35.0M June 6, 2024 Led by Canadian Imperial Bank of Commerce · Unknown

Total raised: $314.0M

Industries

Fraud Detection Cyber Security Network Security Software

Pricing

Quote-based custom pricing. Annual cost ranges from ~$10,000 to $103,000 with average around $38,000. Tiered by number of identities monitored (employee accounts or customer accounts) and product tier (Employee ATO Prevention, Consumer ATO Prevention, Investigations Console). Volume discounts available for large customer bases (100,000+ accounts).

Notable customers

7 of Fortune 10 companies, Canva, government agencies globally

Integrations

EDR (Endpoint Detection & Response), IdP (Identity Providers), SIEM (Security Information & Event Management), SOAR (Security Orchestration & Response), consumer applications, automated password reset and session termination tools

Tech stack

GSAP (JavaScript frameworks) jQuery UI (JavaScript libraries) jQuery Migrate (JavaScript libraries) jQuery (JavaScript libraries) core-js (JavaScript libraries) Swiper (JavaScript libraries) Wistia (Video players) Drift (Live chat) Webpack RSS Open Graph Module Federation DocuSign WordPress (Blogs) Slider Revolution (Widgets) reCAPTCHA (Security) HSTS (Security) Keybase (Security) Twitter Emoji (Font scripts) Google Font API (Font scripts) PHP (Programming languages) Apple iCloud Mail (Webmail) Amazon Cloudfront (CDN) Cloudflare (CDN) MySQL (Databases) Google Tag Manager (Tag managers) Elementor (Page builders) Yoast SEO (SEO) Amazon Web Services (PaaS) CookieYes (Cookie compliance) Hello Elementor (WordPress themes) Ultimate Addons for Elementor (WordPress plugins) Contact Form 7 (WordPress plugins) Strattic (Hosting)

Website

spycloud.com/

Competitors

CrowdStrike

Broader endpoint detection and response platform; SpyCloud focuses specifically on identity risk from darknet intelligence.

Microsoft Defender for Identity

Native Microsoft solution for on-premises identity threats; SpyCloud uniquely leverages darknet breach data and operates independently.

Mandiant (Google Cloud)

Incident response and threat intelligence firm; SpyCloud provides continuous identity monitoring and automated remediation rather than incident-focused services.

Abnormal Security

Focuses on email and cloud identity threats; SpyCloud provides broader identity risk coverage using darknet recaptured data.

Why this matters: SpyCloud operates the world's largest darknet breach repository and uniquely combines human intelligence, early data recovery, and password cracking to identify identity threats invisible to traditional security tools. With $314M in funding and customers including 7 of the Fortune 10, the company represents a category-leading approach to proactive identity risk management in an era where compromised credentials are a primary attack vector.

Best for: Enterprise security teams protecting large employee bases and customer populations who need to detect and remediate identity compromises from darknet breach data faster than traditional SIEM-only approaches.

Use cases

Compromised Employee Credential Detection

A Fortune 500 financial services company uses SpyCloud to automatically detect when employee credentials appear in darknet breaches, triggering immediate password resets and MFA enforcement through their identity provider. This prevents unauthorized access to sensitive financial systems before attackers can exploit the credentials.

Ransomware Campaign Prevention

An enterprise discovers malware infections across employee endpoints through SpyCloud's integration with their EDR. The platform automatically correlates these with dark web intelligence, identifies compromised credentials, and initiates automated session termination and credential refresh—stopping lateral movement before ransomware propagates.

Customer Account Takeover Prevention

An e-commerce platform with 50M+ customer accounts uses SpyCloud's consumer ATO prevention to monitor for leaked credentials in breaches. When accounts are identified as compromised, the platform triggers password reset notifications and enhanced authentication requirements, reducing account takeover fraud by detecting threats before attackers exploit them.

Threat Investigation & Response Acceleration

A security operations center uses SpyCloud's Investigations Console to correlate internal breach indicators with its darknet repository, uncovering hidden threat actor infrastructure and phishing campaign details. This surfaces contextual intelligence that accelerates incident response timelines from days to hours.

Alternatives

Tenable Broader vulnerability management and exposure platform; SpyCloud specializes in identity risk from breach data and darknet intelligence.

Proofpoint Email and cloud security focused; SpyCloud provides identity-centric protection across employee, contractor, and customer accounts using darknet intelligence.

KnowBe4 Emphasizes security awareness training; SpyCloud focuses on automated detection and remediation of actual compromised credentials rather than training-based prevention.

Varonis Data security and access governance platform; SpyCloud uniquely leverages darknet breach data for proactive identity threat detection.

FAQ

What does SpyCloud do? +

SpyCloud is a cybercrime analytics platform that recaptures and analyzes darknet breach and malware data to detect and remediate compromised employee credentials, malware infections, and customer account takeover risks. The platform integrates with existing security tools (EDR, IdP, SIEM, SOAR) to automate identity threat response at enterprise scale.

How much does SpyCloud cost? +

Pricing is custom and quote-based, ranging from approximately $10,000 to $103,000 annually with an average around $38,000. Cost depends on the number of identities monitored (employee and/or customer accounts) and the product tier selected. Volume discounts are available for large customer bases.

What are alternatives to SpyCloud? +

Alternatives include CrowdStrike (broader EDR platform), Microsoft Defender for Identity (native Microsoft solution), Mandiant/Google Cloud (incident response), Abnormal Security (email/cloud identity threats), and Proofpoint (email/cloud security). Each has different strengths; SpyCloud uniquely specializes in darknet breach intelligence and automated identity remediation.

Who uses SpyCloud? +

7 of the Fortune 10 companies, mid-market enterprises, and government agencies globally use SpyCloud. Typical customers are organizations with large employee bases and/or customer populations that require proactive identity threat detection and automated remediation capabilities.

How does SpyCloud compare to Microsoft Defender for Identity? +

Microsoft Defender for Identity is a native on-premises identity threat detection solution integrated into the Microsoft ecosystem. SpyCloud operates independently and uniquely leverages recaptured darknet breach and malware data to identify compromised credentials and threats that traditional on-premises tools may miss. SpyCloud also automates remediation across employee, contractor, and customer identities.