Offensive Cybersecurity: Lupin & Holmes Raise $5.9M

Offensive Cybersecurity: Lupin & Holmes Raise $5.9M

“We’ve just raised $5.9 million to continue doing what I love most: breaking things before the bad guys do.”

It was on his LinkedIn account that Roni Carta announced the size of Lupin & Holmes’ pre-seed round, the offensive cybersecurity startup he co-founded with his brother (see his interview on Dawn Liphardt).

The round was co-led by 20VC and Seedcamp, with contributions from Purple Fund, Kima Ventures, and the backing of the founders of Wiz, Hugging Face, and GitGuardian.

Securing the Software Supply Chain

Lupin & Holmes’ niche is securing the Software Supply Chain and the use of prebuilt components within information systems.

Read also: Pigment names Vincent Fournier to head France, Southern Europe and the Benelux

“We’ve identified and disclosed vulnerabilities through Bug Bounty programs on Google, Amazon, Netflix, and PayPal. I was named the most useful hacker at two live Google hacking events. And every time I found a way in, it felt like solving the best puzzle in the world,” explains Roni Carta.

To address these security flaws that will be actively exploited across ecosystems and industries, Lupin & Holmes has launched Depi, a SaaS platform.

“To understand what Depi is, you have to grasp the full complexity of the Software Supply Chain. Our definition encompasses the entire set of processes that enable the construction and deployment of applications within information systems. In short, when we use prebuilt components, we create a software supply chain. As a result, there are many different security flaws that can arise. Depi’s goal is to proactively reveal every entry point an attacker could take into our clients’ software supply chain,” Roni Carta explained to Dawn Liphardt in May of last year.

Thinking Like Hackers

At 23 years old, Roni Carta stands out in the cybersecurity startup ecosystem. A self-taught founder without a degree, a globally recognized ethical hacker, he has raked in over $800,000 in bounties for uncovering the worst flaws at Bug Bounty events.

“We think like hackers because we are hackers. And honestly, we’re having the best time of our lives,” he jokes.

Next week, he will be at the RSA Conference “to show off his muscles, hack a few things, and close big deals,” said one of his investors.

Dawn Liphardt

Dawn Liphardt

I'm Dawn Liphardt, the founder and lead writer of this publication. With a background in philosophy and a deep interest in the social impact of technology, I started this platform to explore how innovation shapes — and sometimes disrupts — the world we live in. My work focuses on critical, human-centered storytelling at the frontier of artificial intelligence and emerging tech.

© 2025 Dawn Liphardt