There is a timing problem at the center of modern security, and watchTowr was built around it. When a new vulnerability in widely used software is disclosed, attackers can weaponize it within hours. The enterprises running that software often take weeks to patch. In that gap - between rapid exploitation and slow remediation - is where breaches happen. watchTowr's entire pitch is closing it.
Founded in Singapore in 2021 by Benjamin Harris, the company describes what it does as "preemptive exposure management." In plainer terms: it builds a real-time, attacker's-eye view of an organization from the outside, then continuously hunts for and validates the weaknesses a real adversary would use. Not once a year. Continuously.
What it actually does
Traditional penetration testing produces a snapshot - a report that is accurate the day it is written and steadily less accurate every day after. But an organization's external attack surface is not static. New cloud assets spin up, forgotten subdomains linger, shadow IT appears without anyone filing a ticket. watchTowr's platform starts where an attacker starts: on the outside, mapping assets the company may not even remember it owns.
From there its automated red-teaming engine continuously tests those assets, aligning to the initial-access tactics catalogued in the MITRE ATT&CK framework. The point of difference the company stresses is validation. Most tools produce a long list of theoretical vulnerabilities. watchTowr aims to answer a narrower, harder question: which of these can actually be exploited, right now, on your systems? A validated exposure is worth more than a hundred maybes.
"watchTowr builds a real-time attacker's view of an organization, continuously identifying and validating exploitable vulnerabilities before attacks occur."
— How the company describes its own platformWho uses it
The customer base skews toward organizations that cannot afford to be wrong: Fortune 500 companies and critical-infrastructure operators across banking, telecoms, insurance, government, transport, healthcare, fintech and more. These are the environments where an unpatched edge device is not an inconvenience but a national-scale risk, and where "we'll get to it next sprint" is not an acceptable answer.
The platform is agentless, which matters more than it sounds. Because watchTowr analyzes an organization from the outside, there is no software to install across a sprawling estate and no infrastructure change to negotiate with a wary IT team. Deployment is measured in hours. That low friction is part of why the company has seen adoption among large, complex enterprises that are otherwise slow to onboard new tools.
The research that made its name
If watchTowr is known beyond procurement teams, it is because of watchTowr Labs. The research arm has built a reputation for identifying and responsibly disclosing high-impact vulnerabilities in the enterprise software that runs the internet's plumbing - Citrix NetScaler, Fortinet, Ivanti, SonicWall, cPanel and others. The write-ups carry deliberately irreverent titles and dense technical detail, and they routinely get picked up across the security press.
This is not marketing dressed up as research. Public disclosure on widely deployed edge devices is how the broader industry learns where the real front doors are. It also demonstrates, in public and repeatedly, that the people behind the product genuinely think like attackers - the credential the whole business rests on.
How it is different
watchTowr sits in the emerging category of external attack surface management and preemptive exposure management, alongside names like Palo Alto's Cortex Xpanse, CyCognito, Censys, IBM's Randori, Bishop Fox, Pentera and Horizon3.ai. What the company leans on to stand apart is the combination of offensive-security depth, continuous validation rather than periodic scanning, and a widening set of response capabilities that go beyond simply telling you what is wrong.
Two of those responses are recent. Rapid Reaction, added as the threat landscape accelerated, identifies exposure to a newly disclosed threat within minutes and hands security teams a validated list of affected assets. Active Defense, launched in late 2025, goes a step further: when no patch or vendor guidance yet exists, it can autonomously push mitigation rules to the network edge - buying defenders coverage in the very window when they would otherwise be exposed and waiting.
The founder
Benjamin Harris's biography is unusually direct about its origin. He was expelled from school at seventeen for hacking its computers, and landed a job at a security firm two weeks later. He spent the following years building and leading offensive security teams before founding watchTowr. In 2022 he was named to the Forbes 30 Under 30 Asia enterprise-technology list. The through-line from that story to the product is not subtle: the company sells the attacker's perspective because its founder has spent his career inside it.
The business behind it
watchTowr runs a B2B software subscription model, selling continuous attack-surface management and automated red teaming as a platform, complemented by threat intelligence and rapid-reaction services. It has raised roughly $29 to $30 million in total. An early seed round of about $10.25 million drew Wavemaker Partners, Vulcan Capital and Prosus Ventures; the $19 million Series A in October 2024 was led by Peak XV Partners - formerly Sequoia Capital India and Southeast Asia - with Prosus Ventures returning alongside Cercano Management. The company said it would use the money to expand research, engineering and go-to-market teams and accelerate its global reach.
By 2026 the external validation had followed the funding: watchTowr was named in Gartner's Emerging Tech research for preemptive cybersecurity and among the category's top-funded startups. For a five-year-old company headquartered on Cecil Street in Singapore's financial district, it is a notable position - built, fittingly, by measuring twice and cutting once, from the outside in.