Key Takeaways
- Former Huntress security operations analyst Ben Folland alleges that a current employee passed confidential law‑enforcement communications to the ransomware group DevMan, which is actively targeting him and his family.
- Folland claims Huntress attempted to conceal the incident, especially as the company prepares for a pending IPO, putting clients at risk for reputational and security reasons.
- He promises to release evidence over the next two weeks, including FBI correspondence, internal memos, recorded phone calls, and proof of threats against him and his family.
- Huntress CEO Kyle Hanslovan denies prioritizing the IPO over safety, stating that communication with potential threat actors is a normal part of security research and that the company is cooperating with law enforcement.
- Ongoing legal proceedings limit what Huntress can disclose publicly, but the firm says it will issue an official statement once appropriate.
Background on the Allegation and the Whistleblower
Ben Folland served as a security operations analyst at Huntress until his resignation on February 19, 2025. In his resignation letter, which he later posted on LinkedIn, he cited “personal reasons, and a conflict of interest” as the basis for his departure. The conflict, according to Folland, stemmed from a discovery he made in December 2024 that another Huntress employee had been sharing sensitive information with a cybercriminal operation. Folland’s decision to go public was prompted by what he perceived as attempts by Huntress to silence him through legal threats after he raised his concerns internally.
Details of the Alleged Insider Leak
Folland alleges that the unnamed Huntress colleague forwarded communications from U.S. law‑enforcement agencies to DevMan, a ransomware group that first appeared in April 2025 and employs a modified version of the DragonForce codebase. He claims that this information enabled DevMan to target him and his family directly, describing the group as “actively and publicly” harassing them. The alleged insider, Folland says, was “caught by the FBI” yet remains employed at Huntress, a fact he argues underscores the company’s failure to address the breach adequately.
Motivation and IPO Context
Central to Folland’s accusations is his belief that Huntress prioritized its impending initial public offering over transparency and client security. He argues that revealing the insider incident would cause significant reputational damage and could jeopardize the IPO, leading the company to conceal the breach from partners, customers, and even its own workforce. By framing the alleged cover‑up as a strategic move to protect the IPO timeline, Folland suggests that corporate financial ambitions eclipsed the firm’s duty to safeguard its stakeholders.
Folland’s Promised Evidence
To substantiate his claims, Folland announced his intention to publish a series of documents over the following two weeks. The promised evidence includes email threads and other communications with the FBI, internal Huntress memos referencing the insider’s actions, recorded phone conversations between the alleged employee and DevMan, and any threats that have been directed at him and his family. He contends that this material will demonstrate both the existence of the insider threat and Huntress’s alleged efforts to suppress the information.
Huntress’s Official Response
In response to the allegations, Huntress CEO Kyle Hanslovan issued a statement via a spokesperson. He acknowledged that a former employee had raised concerns about a teammate’s “poor judgment” in communicating with a cybercriminal. Hanslovan emphasized that, as part of Huntress’s security‑research mission, employees occasionally engage with potential threat actors to gather intelligence that ultimately protects partners and customers. He said the company took Folland’s concerns seriously, was protecting the confidentiality of those involved in any ongoing investigation, and would act swiftly if new information emerged that changed its assessment.
CEO’s Direct Rebuttal on Reddit
Hanslovan further engaged with the controversy on Reddit, where he “firmly disagree[ed]” with Folland’s accusations and said he did not “understand Ben’s accusations.” He rejected the notion of an insider working with ransomware operators, stating that Huntress “strongly disagree[s] with this ‘insider’ narrative.” The CEO reiterated that the company had not prioritized its IPO over the safety of partners, customers, or staff, and pointed to ongoing coordination with law enforcement as a reason for limited public commentary. He indicated that Huntress would likely release an official communication to clarify its position for those seeking more detail than his Reddit reply provided.
The Role of Law Enforcement and Ongoing Investigation
Both parties acknowledge that certain aspects of the matter involve active, ongoing coordination with law‑enforcement and legal proceedings. Hanslovan noted that these circumstances prevent Huntress from delivering a complete public account at this time, adding that the firm would not “litigate this on LinkedIn with Ben.” Instead, Huntress plans to issue a formal statement once it is appropriate to do so. This limitation reflects a common tension in cybersecurity incidents: the need for transparency versus the imperative to preserve the integrity of investigative processes.
Implications for Huntress and the Cybersecurity Industry
The allegations, whether substantiated or not, pose significant risks to Huntress’s reputation, particularly as it approaches an IPO. Client trust could erode if customers perceive that the firm failed to safeguard sensitive information or allowed an insider to aid ransomware actors. Moreover, the case highlights broader industry challenges: the difficulty of detecting insider threats, the pressure to maintain confidentiality during active investigations, and the delicate balance between pursuing threat‑intel research and preventing inadvertent leaks. Stakeholders will likely scrutinize how Huntress handles internal controls, whistle‑blower protections, and communication practices moving forward.
Conclusion and Outlook
The unfolding dispute between Ben Folland and Huntress underscores the high stakes involved when security firms face allegations of internal misconduct. Over the coming weeks, the release of Folland’s promised evidence could either vindicate his claims or reveal misunderstandings about the nature of the communications in question. Huntress’s response—particularly any official statement it issues after the legal coordination period ends—will be critical in shaping investor confidence and client relations ahead of its IPO. Regardless of the outcome, the episode serves as a reminder that robust insider‑threat programs, clear policies on law‑enforcement engagement, and transparent crisis communication are essential for maintaining trust in the cybersecurity sector.