Cyberbay provides cybersecurity services to protect organizations from digital threats by offering threat detection, incident response, and proactive security solutions. Pulse 2.0 interviewed Cyberbay founder and CEO Felix Kan to gain a deeper understanding of the company.
Felix Kan’s Background
Could you tell me more about your background? Kan said:
“I started as PwC Hong Kong’s first ethical hacker, before ‘red teaming’ was mainstream. Over the years, I helped global enterprises uncover blind spots, founded Darklab and Hackbot, and led cyber strategy as a partner.”
“But I saw a deeper issue: most security tooling was static, and real resilience required a mindset change, not just technology to enable proactive security. That’s what led me to launch Cyberbay – where we help businesses model real-world threats and shift from checkbox and often reactive compliance to continuous readiness.”
Formation Of The Company
How did the idea for the company come together? Kan shared:
“It was born out of frustration. I kept seeing smart companies invest millions into reactive tools – yet still get breached. Why? Because the rules of engagement had changed, but defenders hadn’t adapted and weren’t proactive.”
“Cyberattackers think like startups: agile, innovative, relentless. I wanted to build a platform that could do the same – help organizations stay dynamic, test their defenses continuously, and learn to think like adversaries.”
Favorite Memory
What has been your favorite memory working for the company so far? Kan reflected:
“One standout moment was the success of our 2024 Hong Kong Bug Hunting Campaign, the most impactful event we’ve ever run.”
“For context, the Bug Hunting Campaign is a city-wide cybersecurity initiative, backed by the Hong Kong Police Force and powered by Cyberbay. It enables vetted ethical hackers to safely test real-world systems for vulnerabilities, helping organizations uncover critical weaknesses before attackers do, all in a secure, government-endorsed setting. While not entirely free, the program offers generous subsidies, free credits, and in 2025, we’re offering the first month of participation free of charge to encourage broader adoption.”
“In 2024, we saw a 150% increase in corporate participation, uncovered 90+ real-world vulnerabilities across 150+ organizations, and most telling of all, recorded a 54% drop in critical bugs compared to the previous year. That signals a real mindset shift.”
“Companies are no longer just reacting to threats; they’re investing in resilience, learning to think like attackers, and closing gaps before they’re exploited. Watching that cultural change take root across sectors has been incredibly rewarding.”
“We’re now gearing up for the 2025 Cyberbay Bug Hunting Campaign, and we’re expanding every aspect from the size of our ethical hacker pool to platform features to make this year’s campaign even more successful.”
Core Products
What are the company’s core products and features? Kan explained:
“Cyberbay is built around one core principle: continuous adversarial security.”
“At the heart of our offering is our curated Bug Bounty Platform, which connects organizations with a vetted global community of ethical hackers. These hackers continuously test real systems, uncovering vulnerabilities through real-world attacker tactics. What sets us apart is the way we extract deep insights from every bug submission, not just raw data, but clear, contextualised business impact.”
“We also offer Cyberscan, our Attack Surface Management and threat intelligence tool. It monitors for leaked credentials, darknet signals, and misconfigured assets like floodlights on your cyber perimeter, while the bug bounty acts as always-on guards patrolling the walls.”
“To reinforce resilience, we provide 1:1 consultations, bug reviews, and structured workshops to help companies build security muscle, not just plug holes. It’s about changing the culture as much as fixing the code.”
Challenges Faced
Have you faced any challenges in your sector of work recently? Kan acknowledged:
“One of the biggest challenges is the speed of change. Threat actors don’t wait – they automate, iterate, and innovate faster than most companies can respond. We address this by treating cyber defense as a continuous feedback loop, rather than an annual project. Our shift toward real-time testing, deeper insight reporting, and proactive scenario modeling has helped our partners stay ahead – not just react. Cyberbay’s focus on innovation plays a key role here, constantly feeding insight into our roadmap and ensuring we meet tomorrow’s threats head-on.”
Evolution Of The Company’s Technology
How has the company’s technology evolved since its launch? Kan noted:
“We started as a bug bounty platform, at a time when most security testing was still point-in-time and consultant-led. We believed that continuous, human-driven, community-powered testing was the future. That belief shaped our foundation.”
“From there, we evolved into a full-spectrum cybersecurity ecosystem. While bug bounty remains at our core, as I mentioned previously, we’ve expanded to include threat intelligence fused with our attack surface management tool, Cyberscan, and behavioral analytics through Lighthouse – our secure audit trail system for ethical hacking missions.”
“Today, we are currently building and refining AI red teaming, voice deepfake detection, and vCISO services, but our mission hasn’t changed: to empower organizations with continuous, adversary-aware cybersecurity, powered by the crowd and scaled by technology.”
Significant Milestones
What have been some of the company’s most significant milestones? Kan cited:
- Innovation & R&D
- Launching Cyberbay Labs to tackle emerging threats in AI and Web3
- Deploying Lighthouse, our audit-grade tracking system for all bounty missions
- Client Impact
- Securing a global fintech wallet provider with a continuous bounty program.
- Ran the HK Bug Hunting Campaign to help bring about a social mindset shift toward proactivity.
- The Cyberbay Community
- Reaching over 2000 ethical hackers across 20+ countries.
- Partnering with law enforcement for public bug hunting campaigns, ethical hacker verification, and threat sharing.
- Building relationships with cybersecurity education centres to help more researchers enter the industry – ultimately strengthening local talent pipelines.
Customer Success Stories
Can you share any specific customer success stories? Kan highlighted:
“A standout case was with a fast-scaling fintech in APAC. They believed they had solid controls until our bounty hunters uncovered a critical flaw in a marketing subdomain. The vulnerability could’ve enabled full account takeover. We patched it within 48 hours – and they later told us it changed how their whole engineering org approached security. They now run monthly bounty missions and have embedded red teaming into sprint planning.”
Funding/Revenue
Are you able to discuss funding and/or revenue metrics? Kan revealed:
“We’re currently operating lean and strategically, supported by early backers who share our long-term vision. As a pre-seed company, we’re focused on building proof points, expanding ARR through long-term contracts, and validating our tiered cybersecurity-as-a-service model. We’re preparing for a fundraising round in the near term, aimed at scaling sales and R&D.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Kan assessed:
“We’re targeting a TAM that exceeds $10B across the bug bounty, attack surface management, and continuous red teaming categories. As regulatory pressure increases globally and threats become more advanced, we believe “continuous adversarial security” will become the new normal – across fintech, SaaS, telcos, and critical infrastructure.”
Differentiation From The Competition
What differentiates the company from its competition? Kan affirmed:
“Cyberbay offers more than just bug reports – we offer perspective. Traditional testing is point-in-time and generic. We offer continuous, human-led adversarial testing with 1:1 support, workshops, and technical bug review sessions. Our insight reports are decision-grade, no fluff or noise, and with clear bug business impact. And our platform is built to teach, not just test.”
Future Company Goals
What are some of the company’s future goals? Kan emphasized:
- Growth
- Expand CyberBay’s presence across new regions to help more organizations shift to proactive security
- Continue to scale our GTM team globally
- Product Innovation
- Develop deepfake resistance tooling for voice-based social engineering
- Build out integrations with DevSecOps pipelines for real-time remediation
- Commercial Strategy
- Launch our new pricing tiers to fit better and support startups and scale-ups through to corporate and enterprise clients.
- Raise our next funding round and scale our GTM team globally.
Additional Thoughts
Any other topics you would like to discuss? Kan concluded:
“Cybersecurity is moving from IT to the boardroom. What’s exciting is that we’re no longer talking just about firewalls – we’re talking about trust, reputation, and resilience. That shift creates space for innovation and leadership. At Cyberbay, we want to help define what modern security leadership looks like – human-led, attacker-aware, and built for tomorrow. Cyberbay Labs plays a central role in that mission – it’s our way of shaping the future, not just reacting to it.”
