Due to the nature of the application, DarkHorse is not optimized for mobile devices. Please view it on a desktop or tablet for the best experience.
About
(What is DarkHorse?)
DarkHorse was founded in early 2024 by Grant McCracken, a former cybersecurity executive with over a decade of experience as both a leader and practitioner in the crowdsourced / pentesting / application security space.
After over a dozen years of going nonstop, Grant decided it was time to step away and take a break for a period - and in doing so, realized that for their next role they wanted to build something not focused on profit, but on improving the world. And while saving the polar bears would be a worthy goal, it quickly became clear that the best chance for doing the most good in the world would be by doing that which they're already good at.
Having seen the immeasurable power and effectiveness of crowdsourced security at work, they set out to build a platform that would help democratize access to both offensive and crowdsourced security - making it accessible and affordable for all.
A small team of like-minded personalities, DarkHorse is our answer to how we can make offensive and crowdsourced cybersecurity more available, accessible, and affordable for everyone. True to the nature and spirit of the infosec community - we saw an opportunity and built a solution... this platform. Dark Horse is about democratizing access to cybersecurity essentials at every level via a simple, focused, and well-designed platform that cuts out the fluff, and then passes those savings along to you. That's what Dark Horse is about - from design to delivery to marketing to culture and beyond. No bloat, no nonsense, no brake, all gas.
At the risk of getting too philisophical, DarkHorse is also an attempt to answer the question of "what if a business was built to maximize value instead of maximizing profit?" Not because we don't like money, but because we're genuinely curious if it's possible to run a business that doesn't exist to massively enrich its investors - and instead, exists to enrich (1) the world; and (2) the employees. We're not saying DarkHorse is a nonprofit (though we've considered it), but for the avoidance of confusion, we are also 100% not building a billion dollar business here. The economics aren't there for that, and intentionally so. If that sounds like some sort of socialist malarkey, we would argue that DarkHorse is the apex of capitalism - there is nothing more free-market than a business willing to play outside the well-established lines. From here, it's all up to the invisible hand.
Finally, DarkHorse is also our answer to "how would we build a company the right way, if we had the chance?" With a focus on radical transparency, truthful honesty, getting real work done, and a hacker mindset, DarkHorse is a return to roots, reason, sensibility, hacker-culture, and simplicity.
If this sounds interesting to you and you might want to work with us, feel free to drop us a line at info[at]darkhorse.sh.
After over a dozen years of going nonstop, Grant decided it was time to step away and take a break for a period - and in doing so, realized that for their next role they wanted to build something not focused on profit, but on improving the world. And while saving the polar bears would be a worthy goal, it quickly became clear that the best chance for doing the most good in the world would be by doing that which they're already good at.
Having seen the immeasurable power and effectiveness of crowdsourced security at work, they set out to build a platform that would help democratize access to both offensive and crowdsourced security - making it accessible and affordable for all.
A small team of like-minded personalities, DarkHorse is our answer to how we can make offensive and crowdsourced cybersecurity more available, accessible, and affordable for everyone. True to the nature and spirit of the infosec community - we saw an opportunity and built a solution... this platform. Dark Horse is about democratizing access to cybersecurity essentials at every level via a simple, focused, and well-designed platform that cuts out the fluff, and then passes those savings along to you. That's what Dark Horse is about - from design to delivery to marketing to culture and beyond. No bloat, no nonsense, no brake, all gas.
At the risk of getting too philisophical, DarkHorse is also an attempt to answer the question of "what if a business was built to maximize value instead of maximizing profit?" Not because we don't like money, but because we're genuinely curious if it's possible to run a business that doesn't exist to massively enrich its investors - and instead, exists to enrich (1) the world; and (2) the employees. We're not saying DarkHorse is a nonprofit (though we've considered it), but for the avoidance of confusion, we are also 100% not building a billion dollar business here. The economics aren't there for that, and intentionally so. If that sounds like some sort of socialist malarkey, we would argue that DarkHorse is the apex of capitalism - there is nothing more free-market than a business willing to play outside the well-established lines. From here, it's all up to the invisible hand.
Finally, DarkHorse is also our answer to "how would we build a company the right way, if we had the chance?" With a focus on radical transparency, truthful honesty, getting real work done, and a hacker mindset, DarkHorse is a return to roots, reason, sensibility, hacker-culture, and simplicity.
If this sounds interesting to you and you might want to work with us, feel free to drop us a line at info[at]darkhorse.sh.
Some FAQ
Why "DarkHorse"?
The wikipedia entry for "dark horse" starts with "A dark horse is a previously lesser-known person, team or thing that emerges to prominence in a situation, especially in a competition involving multiple rivals, that is unlikely to succeed but has a fighting chance..."
In our view, that's a perfect encapsulation of who we are. We're an upstart in the space, but despite having a large disadvantage in terms of starting position, we really do feel that we have a shot at making a mark on this industry. And for that reason, we believe we're literally and figuratively a Dark Horse. Also, it sounds cool. Or at least we think so.
In our view, that's a perfect encapsulation of who we are. We're an upstart in the space, but despite having a large disadvantage in terms of starting position, we really do feel that we have a shot at making a mark on this industry. And for that reason, we believe we're literally and figuratively a Dark Horse. Also, it sounds cool. Or at least we think so.
You have VDP, Bug Bounty, and Pentesting right now; what's next?
A lot. But first and foremost, there's a lot more to do on the platform to support those first three products... for instance, there's points and gamification to be built for bug bounty, as well as reporting (for all engagement types), and a whole lot more. There's other types of pentests to be able to support, other methodologies to build, and so on. There's a ton of other features we want to build, and are slowly working our way through (SDLC integrations, more and and more advanced predictive platform driven guidance, and a whole lot more). And so on... there's no shortage of things we're excited to build!
Is this really "for the greater good"?
We assure you that this isn't about building a cash machine. We're all about transparency, so we'll just run some quick numbers for you...
- Let's assume in year one we get ~10,000 reports. This is an astronomical number for an organization that is just starting out, but let's be ambitious.
- With 10,000 reports, we'll say that 80% of them come from paid programs. At $3 per report - that's a mere $24,000 for a full year. For context, that's less money than working at McDonalds. Keep in mind that we also offer to refund anyone this fee if they're not happy.
- But then there's the bounty commission - let's again pick a round number that's probably too high. Let's say we facilitate $100,000 in reward payments in the first year as well. With an average commission of 6%, that's a whopping $6,0000 - and of that, at least $5,000 or more will go into paying for currency exchange fees, transaction fees, identify verification fees, and so on.
- Add in hosting, marketing, and other costs, and there's hardly anything left over to pay anyone anything. Not to mention the months of unpaid effort that's gone into building the platform, let alone trying to sell and market it... and that's not even to speak of the costs of supporting it and our clients!
- Said differently: if we were doing it for the money, we'd be better off working at McDonalds. We went as low as we thought was safe, and then we went lower - because we're committed to the mission of making crowdsourced and offensive security accessible and affordable for everyone. Full stop.