Over the last week, there's been a lot of swirl from a former employee alleging an insider threat within Huntress: passionate posts, public thoughts, and even some conspiracy theory. As the CEO of a company I also co-founded, I've had a front row seat to a volatile situation mixing emotional connections, nuances of ethics, partial truths, US and UK employment law, and active investigations, all while maintaining empathy for all folks involved. Needless to say, this isn't simple and the court of public opinion hasn't made it easy.
I think folks understand that I can't share every detail of what occurred (as much as I'd personally love to). Although the full picture supports the actions Huntress has taken, I am not willing to sacrifice teammate privacy, law enforcement efficacy, or our integrity for the sake of reckless transparency. With that said, I'm looking to thread a needle to give as much clarity as I can through the lens of what actually happened—and just as importantly, what did not.
What Did Not Happen
We've conducted multiple investigations and we have found no evidence of illegal conduct or an insider threat, and consulted law enforcement who reached the same conclusion. When concerns were raised, we audited our systems thoroughly and found no evidence that: unauthorized access occurred, partner or customer data was disclosed, nor that source code or operational data was exposed. There was no "insider caught by the FBI". Based on the totality of the information we have gathered, we concluded that our partners and customers were not at risk then, and we have no reason to believe they are now.
What Happened (and can be shared)
Huntress permits threat researchers to occasionally engage with threat actors when it's beneficial for proactive R&D and/or to support active investigations. We are aware of separate, questionable, long-term threat actor communications from both our current teammate and a now-former employee. In one particular exchange, our current teammate disclosed to a threat actor that law enforcement had reached out to them about the threat actor. While this disclosure was not illegal, it reflected poor judgment.
That said, when this concern was first reported by our former employee, the Huntress team took the matter seriously and conducted an immediate, thorough, and caring investigation—reviewing systems and communications, interviewing relevant teammates, and consulting with law enforcement. I was consistently briefed on this matter and the delicate/restrictive circumstances they were forced to navigate. As a result of the investigation, my team implemented more robust policies for our researchers, coached teammates on engaging with threat actors, and took appropriate administrative actions.
When our former employee resurfaced their concerns last week and later emailed additional communications, my team and I revisited all available information and re-examined the matter in painful detail. While we haven't found evidence of illegal conduct, insider activity, or additional disclosures, we are continuing our investigation. Due to the privacy rights of our teammates, we will not comment further on the investigation.
Conclusion
Again, I can't share every angle of this matter, but I can confidently share this: our investigation continues to follow the evidence rather than a former employee's predetermined outcome. On that note, our focus remains on our mission: protecting ALL businesses while wrecking adversaries in the process.
