Cybersecurity continues to protect systems that attackers already bypass. Roni Carta observed this gap from the inside. Before founding Lupine & Holmes, he built a reputation as a bug bounty hunter, identifying vulnerabilities on behalf of large companies.
At 23, he claims nearly $800,000 in cumulative rewards, obtained notably from Google, Amazon and Netflix, and has twice been distinguished as “Most Valuable Hacker” during Google hacking events.
Attacks no longer follow the paths that security tools monitor.
In most organizations, security remains structured around entry points: applications, networks, identities, an approach that assumes that intrusions pass through identifiable interfaces.
However, exploitable vulnerabilities are often located upstream, whether they are open source dependencies, build chains, or interconnected configurations. These less visible technical layers are rarely treated as priority attack surfaces.
🚨 SMARTJOBS
- MISTRAL – Account Executive, Enterprise, France – Paris
- ANTHROPIC – Startup Partnerships – France & Southern Europe
- CONTEXT – HR Director – Human Resources Director
- ECOLE POLYTECHNIQUE – Director/Deputy Director of International Relations (F/M)
- CLAROTY — Sales Development Representative
- FRACTTAL — Account Manager (France)
- BRICKSAI — Founding Growth Manager
👉 Find all our offers on the DECODE MEDIA Jobboard
📩 Are you recruiting and want to strengthen your employer brand? Discover our partner offers
This makes some traditional tools partially ineffective, because although they detect vulnerabilities, they struggle to reconstruct the actual intrusion trajectories.
Reconstruct attack paths rather than list vulnerabilities
It is on this point that Lupine & Holmes positions itself. The startup developed Depi, a platform designed to map attack paths within a software system. Its goal is not to identify an isolated vulnerability, but to understand how multiple vulnerabilities can be combined to create exploitable access.
This change in perspective is structuring, because in complex environments, not all vulnerabilities present the same level of risk. Their critical level depends on their position in the architecture and interactions with other components.
An approach from hacking culture
Where part of the market remains oriented towards compliance or auditing, Lupine & Holmes is anchored in a hacking culture from which it is a direct result. A singularity which does not come from a marketing discourse, but from its DNA, and which leads it to think about security from the logic of exploitation, and not from the frameworks of control.
A fundraising of 5.4 million euros supported by investors also outside traditional schemes
Lupine & Holmes announces a fundraising of 5.4 million euros in pre-seed, led by 20VC (Alexandre Dewez) and Seedcamp (Carlos Eduardo Espinal), with the participation of Kima Ventures, Purple Ventures, as well as business angels. A roundtable consistent with the positioning of the company, where attention is focused on the singularity of the founder profile and its operational anchoring, but also the traction of the startup which has various major Fortune 500 accounts and works with players like Ledger.
Founded in 2023, Lupine & Holmes plans to recruit around ten employees and intensify its investments in research and development in order to consolidate its platform.
