The phone in your pocket is the most surveilled device you own. iVerify is the company that decided to look back.
The brand card, doing exactly one job: reminding you that "smartphone" and "secure" were never synonyms. Navy, teal, and a tagline that fits on a billboard.
Somewhere right now, an executive is reading a board deck on a phone that has been quietly compromised for months. No popup. No warning. No Apple Threat Notification. The exploit arrived without a tap, did its work, and left. iVerify exists for that exact moment - the one nobody notices.
iVerify is a New York mobile security company that brings endpoint detection and response - the discipline laptops have had for a decade - to iOS and Android. It runs a full threat-hunt scan on a phone in about five minutes, combining malware signatures, behavioral heuristics, and machine learning to flag spyware like Pegasus, Predator, and DarkSword before it reaches your data. It does this without the invasive device-management controls most enterprise tools demand, which is a polite way of saying it watches the threats and not you.
That is the whole pitch, and the whole problem. Mobile is where the most valuable data lives and where the least visibility exists. iVerify sells the visibility.
For twenty years, the security industry poured its budget into the endpoints sitting on desks. Servers, laptops, networks - all wrapped in detection, logging, and response. The smartphone, meanwhile, became the primary computer for most of the planet and somehow remained a black box. Apple and Google built walled gardens and told everyone the walls were enough. For most people, on most days, they are.
The exception is the people adversaries actually want. Mercenary spyware vendors built businesses on zero-click exploits - attacks that need no link, no tap, no mistake from the victim. The targets are executives, journalists, dissidents, government officials. The visibility into whether any of it worked? Close to zero, because the locked-down phone that protects you also blocks the tools that would tell you it failed.
So the question iVerify formed around was almost embarrassingly basic: how would you even know? The honest answer, for nearly everyone, was that you wouldn't. That gap is the tension the entire company hangs on.
iVerify was not born in a garage. It was incubated for four years inside Trail of Bits, the respected security research firm, as an in-house tool to keep the team's own phones at professional standards. The tool kept proving useful to people outside the building, and in 2023 it spun out as an independent company.
The bet the founders made: mobile threat hunting could be a category, not a feature. That you could take techniques once reserved for nation-state forensics labs and run them, fast, on a normal phone - and that enough people and organizations needed it to build a business.
Computational physicist and entrepreneur. Previously founded Terbium Labs and co-founded the Global Disinformation Index.
Former NSA analyst. Now spends his time warning anyone who'll listen about mobile supply-chain risk.
iOS researcher out of Trail of Bits. The one who actually finds the Pegasus samples everyone else writes headlines about.
Built in-house so security researchers could confirm their own phones were clean. Quietly grows into something the public wants.
iVerify becomes its own company, positioned as the first dedicated mobile threat-hunting platform.
Early capital to take on the growing threat of mercenary spyware across consumer and enterprise.
The first scan campaign turns up new Pegasus samples - and an infection rate higher than anyone had published.
Led by Shine Capital, with Trail of Bits and others. Total funding crosses $16M.
Public threat hunt surfaces 11 new Pegasus detections, mostly among business executives - half missed by Apple alerts.
The platform reads operating-system-level telemetry, builds a behavioral baseline of what a device normally does, and hunts for the deviations that signal compromise. When something looks wrong, it produces a forensic capture - thousands of artifacts analyzed automatically - and an alert a security team can actually act on. No mystery, no MDM leash.
OS telemetry, behavioral baselining, and AI-driven hunting for whole mobile fleets - built for SOC teams and BYOD without intrusive controls.
Proactive hunting for advanced malware and mercenary spyware including Pegasus and Predator, with alerts tuned for high-value targets.
A full hunt scan in roughly five minutes, blending signatures, heuristics, and ML across iOS and Android.
Protection against SMS-based social engineering and smishing attacks.
Incident response and mobile forensics - capturing and analyzing 10k+ device artifacts when something goes wrong.
A privacy-respecting app that scans a personal phone for compromise, vulnerabilities, and misconfigurations.
A security company can claim a threat is everywhere. It's more convincing to go find it. iVerify's public threat hunts did exactly that, and the results were uncomfortable enough to make the rounds in cybersecurity press.
The detail that stuck: in roughly half the confirmed cases, Apple's own Threat Notifications never fired. The victims would have carried on, board decks and all, none the wiser. That is the proof iVerify keeps pointing to - not that spyware exists, but that the people most affected had no way to see it.
iVerify's stated goal is to let people trust the devices that hold their most sensitive information, without surrendering privacy to do it. That second clause matters. Plenty of enterprise mobile tools earn their visibility by reading everything - location, messages, apps. iVerify's argument is that you can hunt threats without becoming one, and the BYOD-friendly, no-MDM design is the product expression of that belief.
The company also treats threat data as a public good. Its consumer-facing handle is, no kidding, @IsMyPhoneHacked - and its research blog publishes findings rather than burying them in sales decks. Democratizing threat hunting, in their phrasing, means the person who can't afford a forensics lab still gets the scan.
The trend lines are not subtle. iVerify points to a 67% jump in mobile zero-days between 2024 and 2025, and estimates that around 90% of zero-day exploit chains now target mobile devices. As work, money, and identity collapse onto the phone, the gap between how much we trust it and how little we can see inside it only widens.
Whether iVerify becomes the default mobile EDR or one option among several, it has already done the harder thing: it made "is my phone hacked?" a question with an answer. The competition - Lookout, Zimperium, Jamf and the forensic-tool crowd - is real, and a $1.2M revenue base against a $16M war chest means the story is early, not finished.
Back to that executive, reading a board deck on a quietly compromised phone. The difference iVerify is selling is small and enormous at once: a five-minute scan, an alert that fires when Apple's doesn't, and the simple dignity of knowing. The phone is still the most surveilled device you own. iVerify just made it one you can finally check.