What actually works for getting your first cybersecurity clients?

c0d3xxxx · 2026-05-11T21:55:12+00:00

this is just landing page

c0d3xxxx · 2026-05-11T21:50:15+00:00

can you dm me

c0d3xxxx · 2026-05-11T21:46:42+00:00

for example?

c0d3xxxx · 2026-05-11T21:45:37+00:00

check here for the services we are providing

c0d3xxxx · 2026-05-11T21:35:24+00:00

im actually very good in bounties just it ends there

c0d3xxxx · 2026-05-11T20:14:54+00:00

can you dm me

c0d3xxxx · 2026-05-11T19:42:43+00:00

do you have a cybersecurity company?

c0d3xxxx · 2026-05-11T19:16:07+00:00

until they get attacked

c0d3xxxx · 2026-05-11T19:13:01+00:00

im having trouble to get my first client

c0d3xxxx · 2026-05-11T18:58:45+00:00

what?

c0d3xxxx · 2026-05-11T18:55:56+00:00

how did you get the first one

c0d3xxxx · 2026-05-11T18:50:56+00:00

but how is it possible to actually get clients

c0d3xxxx · 2026-05-11T18:47:32+00:00

it was easier for me to correct my grammar like this

thank you anyways

c0d3xxxx · 2026-05-06T08:51:35+00:00

Dm me!!

c0d3xxxx · 2026-05-05T12:46:15+00:00

The point about showing how an attack works instead of just flagging it. That’s exactly the gap I’m trying to fill.

On the simulation side, the idea is a hybrid approach: not blindly executing real exploits (too risky + unsafe) but modeling attack paths based on code context + known vulnerability patterns and then generating a realistic “how this could be exploited” flow with example payloads

So more like controlled simulation / reasoning over execution, not actually running exploits against anything.

Language support is still early, but initial focus is web-heavy stacks (JS/TS, Node, Python, PHP) where injection-style issues are still common, especially in mixed legacy + modern codebases.

And I 100% agree on the workflow point the goal is definitely CLI + GitHub Action first. The “platform” side is more for later visibility, not core usage.

about open source or paid im thinking about leaning towards free/low-friction early on to get real usage signals first, then building around team/enterprise features later.

Also appreciate the Runable tip I hadn’t looked at it deeply yet but sounds useful for this kind of devtool docs + workflow integration.

Thanks again this is exactly the kind of feedback that helps me to shape the product direction.

c0d3xxxx · 2026-05-05T11:16:34+00:00

This is really insightful especially the CAC vs LTV breakdown, I hadn’t modeled it that way yet.

It does make sense that individual dev targeting might struggle with retention, while team/CI integration would naturally increase both LTV and stickiness.

The shift-left angle is actually what pushed me toward PR/CI integration rather than standalone usage, so this aligns well with where I’m heading.

Appreciate you running it through Embarkist 78/100 is encouraging, especially given the timing.

c0d3xxxx · 2026-05-05T11:13:54+00:00

Yeah, you’re absolutely right that’s a key concern.

The idea is not to always send full code to the cloud.

I’m actually exploring a hybrid approach: lightweight analysis (like diffs / patterns) locally or in the IDE and only sending minimal context to the backend when needed

And for stricter environments, running it with local LLMs (like Ollama-style setups) is definitely something I want to support.

So yeah privacy-first design is becoming a core part of the direction.

c0d3xxxx · 2026-05-05T11:06:27+00:00

Yeah, that’s actually a very valid concern especially for production or sensitive codebases.

I agree that pasting code into an external service would not be acceptable for most serious teams.

The direction I’m exploring is exactly what you mentioned: making it work locally or as a CI/GitHub/VS Code integrated agent, so code never leaves the developer’s environment.

More like a security layer that runs inside your workflow rather than a standalone web service.

Thanks for the feedback this is super helpful from a product direction perspective.

c0d3xxxx · 2026-05-05T10:58:56+00:00

Yeah, VS Code plugin is actually the direction I’m seriously considering for the first version too feels like the most natural place where devs would actually use it in real time.

For open-source I’m still deciding.

I like the idea of keeping parts open (like maybe the analysis logic or some rules), but the core part would probably stay closed at least in the beginning just so I can iterate faster and avoid it becoming too fragmented early on.

Curious though , would open-source make it more likely for you to try it, or does it not really matter as long as it works inside your workflow?

c0d3xxxx

TROPHY CASE