Breaking: watchTowr named in Gartner 2026 Emerging Tech for preemptive cybersecurity $19M Series A led by Peak XV watchTowr Labs discloses critical Citrix & Fortinet flaws Active Defense: automated mitigation in hours, not weeks Trusted by Fortune 500 & critical infrastructure Founded in Singapore, 2021 Breaking: watchTowr named in Gartner 2026 Emerging Tech for preemptive cybersecurity $19M Series A led by Peak XV watchTowr Labs discloses critical Citrix & Fortinet flaws Active Defense: automated mitigation in hours, not weeks Trusted by Fortune 500 & critical infrastructure Founded in Singapore, 2021
Company Profile Cybersecurity Singapore

watchTowr

Thinking like an attacker - so defenders find the way in first.

2021Founded
~$30MRaised
~68Team
Series AStage
watchTowr wordmark logo
THE MARK. watchTowr's wordmark - the brand of a Singapore security firm that turned an offensive hacker's playbook into an enterprise platform. Photographed as displayed on the company's own materials.
By The YesPress Desk Security & Enterprise Filed from Singapore
The Feature

The company that attacks you before the criminals do

How watchTowr rebuilt penetration testing as a continuous, automated feed - and made a name breaking the internet's edge devices.

There is a timing problem at the center of modern security, and watchTowr was built around it. When a new vulnerability in widely used software is disclosed, attackers can weaponize it within hours. The enterprises running that software often take weeks to patch. In that gap - between rapid exploitation and slow remediation - is where breaches happen. watchTowr's entire pitch is closing it.

Founded in Singapore in 2021 by Benjamin Harris, the company describes what it does as "preemptive exposure management." In plainer terms: it builds a real-time, attacker's-eye view of an organization from the outside, then continuously hunts for and validates the weaknesses a real adversary would use. Not once a year. Continuously.

What it actually does

Traditional penetration testing produces a snapshot - a report that is accurate the day it is written and steadily less accurate every day after. But an organization's external attack surface is not static. New cloud assets spin up, forgotten subdomains linger, shadow IT appears without anyone filing a ticket. watchTowr's platform starts where an attacker starts: on the outside, mapping assets the company may not even remember it owns.

From there its automated red-teaming engine continuously tests those assets, aligning to the initial-access tactics catalogued in the MITRE ATT&CK framework. The point of difference the company stresses is validation. Most tools produce a long list of theoretical vulnerabilities. watchTowr aims to answer a narrower, harder question: which of these can actually be exploited, right now, on your systems? A validated exposure is worth more than a hundred maybes.

"watchTowr builds a real-time attacker's view of an organization, continuously identifying and validating exploitable vulnerabilities before attacks occur."

— How the company describes its own platform

Who uses it

The customer base skews toward organizations that cannot afford to be wrong: Fortune 500 companies and critical-infrastructure operators across banking, telecoms, insurance, government, transport, healthcare, fintech and more. These are the environments where an unpatched edge device is not an inconvenience but a national-scale risk, and where "we'll get to it next sprint" is not an acceptable answer.

The platform is agentless, which matters more than it sounds. Because watchTowr analyzes an organization from the outside, there is no software to install across a sprawling estate and no infrastructure change to negotiate with a wary IT team. Deployment is measured in hours. That low friction is part of why the company has seen adoption among large, complex enterprises that are otherwise slow to onboard new tools.

The research that made its name

If watchTowr is known beyond procurement teams, it is because of watchTowr Labs. The research arm has built a reputation for identifying and responsibly disclosing high-impact vulnerabilities in the enterprise software that runs the internet's plumbing - Citrix NetScaler, Fortinet, Ivanti, SonicWall, cPanel and others. The write-ups carry deliberately irreverent titles and dense technical detail, and they routinely get picked up across the security press.

This is not marketing dressed up as research. Public disclosure on widely deployed edge devices is how the broader industry learns where the real front doors are. It also demonstrates, in public and repeatedly, that the people behind the product genuinely think like attackers - the credential the whole business rests on.

How it is different

watchTowr sits in the emerging category of external attack surface management and preemptive exposure management, alongside names like Palo Alto's Cortex Xpanse, CyCognito, Censys, IBM's Randori, Bishop Fox, Pentera and Horizon3.ai. What the company leans on to stand apart is the combination of offensive-security depth, continuous validation rather than periodic scanning, and a widening set of response capabilities that go beyond simply telling you what is wrong.

Two of those responses are recent. Rapid Reaction, added as the threat landscape accelerated, identifies exposure to a newly disclosed threat within minutes and hands security teams a validated list of affected assets. Active Defense, launched in late 2025, goes a step further: when no patch or vendor guidance yet exists, it can autonomously push mitigation rules to the network edge - buying defenders coverage in the very window when they would otherwise be exposed and waiting.

The founder

Benjamin Harris's biography is unusually direct about its origin. He was expelled from school at seventeen for hacking its computers, and landed a job at a security firm two weeks later. He spent the following years building and leading offensive security teams before founding watchTowr. In 2022 he was named to the Forbes 30 Under 30 Asia enterprise-technology list. The through-line from that story to the product is not subtle: the company sells the attacker's perspective because its founder has spent his career inside it.

The business behind it

watchTowr runs a B2B software subscription model, selling continuous attack-surface management and automated red teaming as a platform, complemented by threat intelligence and rapid-reaction services. It has raised roughly $29 to $30 million in total. An early seed round of about $10.25 million drew Wavemaker Partners, Vulcan Capital and Prosus Ventures; the $19 million Series A in October 2024 was led by Peak XV Partners - formerly Sequoia Capital India and Southeast Asia - with Prosus Ventures returning alongside Cercano Management. The company said it would use the money to expand research, engineering and go-to-market teams and accelerate its global reach.

By 2026 the external validation had followed the funding: watchTowr was named in Gartner's Emerging Tech research for preemptive cybersecurity and among the category's top-funded startups. For a five-year-old company headquartered on Cecil Street in Singapore's financial district, it is a notable position - built, fittingly, by measuring twice and cutting once, from the outside in.

$19MSeries A (2024)
~$30MTotal raised
MinutesTo flag new threats
2021Founded, Singapore
Products & Services

One platform, an attacker's whole workflow

The watchTowr Platform bundles discovery, testing, reaction and mitigation into a single continuous loop.

01

Attack Surface Visibility

Continuous, outside-in discovery of unknown assets, cloud environments and shadow IT - the surface an attacker sees.

02

Continuous Security Testing

An automated red-teaming engine that keeps discovering and validating exploitable vulnerabilities, mapped to MITRE ATT&CK.

03

AI-Powered Rapid Reaction

Identifies exposure to emerging threats within minutes of disclosure and delivers validated affected-asset lists.

04

Active Defense

Autonomously deploys mitigation rules to the network edge within hours when patches or vendor guidance are unavailable.

05

watchTowr Intel

Proactive threat intelligence: prioritization, attacker telemetry, adversary tracking and vulnerability enrichment.

06

watchTowr Instinct

An AI engine trained to forecast which vulnerabilities are most likely to be exploited in the wild - before they are.

The Problem, Visualized

The patch gap

Attackers move at machine speed. Enterprise remediation still moves at human speed. watchTowr targets the difference.

Weaponize: hours Detect: days Patch: weeks watchTowr: minutes → hours

Time from disclosure to action

Illustrative — relative response windows
Attacker weaponization~ hours
watchTowr Rapid Reaction~ minutes
watchTowr Active Defense~ hours
Typical enterprise patch cycle~ weeks
Where It Fits

Built for the organizations that can't be wrong

Who uses it

Fortune 500 companies and critical-infrastructure operators - banking, technology, insurance, telecoms, government, transport, crypto, fintech, healthcare, ecommerce, mining and gaming.

The alternatives

Palo Alto (Cortex Xpanse), CyCognito, Censys, IBM Randori, Bishop Fox (Cosmos), Pentera, Horizon3.ai and Tenable operate in the same external-exposure space.

The expertise

An offensive-security-first team of hackers and red teamers, known publicly for candid, technically deep vulnerability research via watchTowr Labs.

The business model

B2B SaaS subscription for continuous, agentless attack-surface management and automated red teaming, plus threat-intelligence and rapid-reaction services.

The Story So Far

Five years, from research shop to platform

The Questions

What people ask about watchTowr

What does watchTowr do?

It provides preemptive exposure management - continuously mapping an organization's external attack surface and validating which vulnerabilities are actually exploitable, then helping teams react and mitigate quickly.

Who founded watchTowr and where is it based?

It was founded in 2021 by Benjamin Harris, an offensive-security specialist, and is headquartered in Singapore.

How is it different from a traditional penetration test?

Rather than a point-in-time test, watchTowr runs continuous automated red teaming against a constantly changing attack surface and validates exploitability in real time.

How much funding has watchTowr raised?

Roughly $29-30 million total, including a $19M Series A in 2024 led by Peak XV, with earlier seed funding from investors including Wavemaker Partners, Vulcan Capital and Prosus Ventures.

What is watchTowr Labs?

It's watchTowr's research team, known for responsibly disclosing high-impact vulnerabilities in widely used enterprise and edge software such as Citrix, Fortinet and Ivanti.

Share this profile

Send watchTowr's story to a colleague who lives in the patch gap.