Our Story

Built by Engineers Who've Cleaned Up the Breach

Hirefathom started in a Chicago fintech post-incident review in early 2024. A credential stuffing campaign had taken down a payments API and every tool watching it — WAF, API gateway, SIEM — had missed the behavioral pattern entirely. We decided to build the detection layer we wished we'd had.

Why We Built This

The Problem Wasn't Detection. It Was the Layer.

After the incident, Marcus spent three weeks reviewing logs with the fintech's platform security team. The attack was visible — in hindsight. The credential stuffing campaign had a clear behavioral fingerprint: distributed source IPs, consistent per-credential failure rate, narrow focus on a single auth endpoint. But no tool in the stack was looking at behavior across the session graph. Every tool was evaluating individual requests.

That's the fundamental gap. Modern API attacks are campaigns, not individual requests. To catch them you need to see the whole pattern — credential reuse across IPs, call-sequence skipping, parameter deviations that only become statistically significant in aggregate. Signature matching cannot see that. A behavioral graph that watches every endpoint simultaneously can.

Marcus co-founded Hirefathom in Chicago in 2024 with one focus: build the runtime behavioral security layer that platform and appsec teams have been missing.

2024
Founded in Chicago, IL
OWASP
API Top 10
Coverage across all 10 critical API risk categories
< 5ms
Agent overhead per request at p99 in production
The Team

Security and Systems Engineers

We've shipped production API security at financial services, infrastructure, and developer platform companies. Hirefathom is the tool we've wanted to use for the last decade.

Marcus Whitfield, Co-founder and CEO

Marcus Whitfield

Co-founder & CEO

Spent six years on platform security at a Chicago-based fintech, most recently as security engineering lead. Watched credential abuse and business-logic attacks slip past every tool the team deployed — WAF, API gateway, SIEM. Built Hirefathom in 2024 to close that gap. MS Computer Science, University of Illinois Urbana-Champaign.

Aaliya Desai, Co-founder and CTO

Aaliya Desai

Co-founder & CTO

Seven years building distributed systems at cloud infrastructure companies. Designed the behavioral graph engine at the core of Hirefathom. PhD Computer Science, Carnegie Mellon University.

Owen Carver, Head of Security Research

Owen Carver

Head of Security Research

Security researcher focused on API threat intelligence and attack pattern analysis. Prior contributor to the OWASP API Security Project. Studies how BOLA, credential stuffing, and business-logic exploits evolve in the wild — and how behavioral detection models stay ahead of them. BS Computer Engineering, Purdue University.

Reena Solberg, Head of Engineering

Reena Solberg

Head of Engineering

Distributed systems engineer who built real-time stream processing pipelines at a cloud data platform before joining Hirefathom. Designed the agent's in-memory analysis pipeline targeting sub-5ms p99 overhead. BS Computer Science, University of Michigan.

How We Work

Four Principles We Don't Bend On

Request Payloads Never Leave Your Environment

The agent processes API traffic in memory on your infrastructure. Behavioral metadata — endpoint statistics, anomaly signals, confidence scores — flows to the analysis layer over TLS 1.3. Raw request bodies, parameter values, and authentication tokens stay where they belong: inside your perimeter. This is an architectural constraint, not a privacy policy.

Under 5ms Overhead at p99

Security tooling that degrades API performance is security tooling that gets turned off. We target sub-5ms agent overhead measured at the 99th percentile in production traffic. If our sidecar measurably slows your API, we've shipped a bug. Performance benchmarks are part of every release gate.

Every Alert Explains Itself

We don't ship black-box detections. Every alert includes the endpoint path, the observed behavior, the baseline it deviated from, a confidence score, and the OWASP API category it maps to. Engineers act faster when they understand what they're looking at — not when they're asked to trust a score.

Observe Before You Block

Every deployment starts in Observe mode — watch everything, block nothing, alert on anomalies. Teams build confidence in the baseline before flipping to inline blocking. We don't ask you to trust the system before you've seen what it sees. Runtime security that generates false positives at production scale isn't security — it's noise that gets disabled.

Interested in Working With Us?