the Exploit
Powered byMAZE
industry madness

Cybersecurity's Hottest New Go-to-Market Strategy: Refusing To Launch

Cybersecurity's Hottest New Go-to-Market Strategy: Refusing To Launch
The Exploit StaffThe Exploit Staff

SAN FRANCISCO - Multiple cybersecurity startups have announced this week that they are withholding their products from the market, citing concerns that their technology is too powerful for responsible deployment. One of them, a two-person team called NullHorizon, hasn't written any code yet. "We've scoped the architecture and the implications are severe," said co-founder Derek Lau. "Shipping would be irresponsible. We haven't built it yet, but when we do, we won't be releasing it."

The trend started on Tuesday, when Anthropic announced it was withholding Mythos, its most powerful model, from general availability after it autonomously discovered thousands of zero-day vulnerabilities. The announcement generated more coverage than most product launches. Investors noticed. "We used to look for product-market fit," a partner at Thornfield Ventures told The Exploit. "Now we're looking for product-market threat. If you can ship, you're probably not doing anything interesting."

On Thursday, Thornfield led an $85M Series B for Kova Labs, a seven-person startup building agentic exploit generation. The round valued Kova at $620M. It has no customers. Its founders describe the platform as "too effective to responsibly make available." Inbound tripled the day they announced they had nothing to sell.

By Wednesday morning, Spectra Defend ($180M raised across three rounds) announced it was "temporarily withholding" its cloud attack surface tool after an internal red team exercise produced results that were, per CEO Nadia Chen, "frankly terrifying." She declined to elaborate on the results, the methodology, or the team that conducted them. "We owe it to the community to be cautious," she told CyberWire in an interview that also, coincidentally, confirmed their Series D was open at a target valuation of $1.4B.

The most recent YC batch includes four companies in various stages of strategic non-release. Three have functioning prototypes. NullHorizon is the fourth. Lau says the company is "withholding out of an abundance of caution," though when pressed on what exactly is being withheld, he referred The Exploit to a forthcoming blog post that is also being withheld.

Advertisement - Maze
Advertisement

The language across these announcements has become remarkably standardized. Each one follows the same structure: a vague reference to internal testing, a gesture at the broader ecosystem, and a commitment to "working with the community" before any eventual release. No company has defined what community involvement looks like or provided a timeline. Several have launched waitlists.

One founder, who asked to remain anonymous because their board had not yet approved their withholding announcement, described the calculus bluntly: "You get all the credibility of being dangerous with none of the accountability of having users. It's stealth mode but you get to do press."

Gartner is reportedly considering a new category. A draft Magic Quadrant for "Pre-Release Threat Potential" was circulated internally last week, with Kova positioned as a Leader despite having no generally available product, no pricing page, and no documentation. Their placement was based on "vision completeness" and "the perceived severity of what they claim to be withholding."

At press time, NullHorizon had raised a $28M seed round. Their pitch deck was also being withheld.

About the Author

The Exploit Staff

The Exploit Staff

Staff Writer

The editorial team at The Exploit - bringing you the most absurd cybersecurity news before it's patched.

More articles by The Exploit Staff

Subscribe before we're patched

Like a vitamin you ingest with your eyes. The best cybersecurity parody, delivered.

Related Coverage

'Four Seasons Lobby Rated 4.9 Stars on G2 as 'Best Expo Hall at RSA Conference'''RSA Conference Creates 'Kinda AI' Expo Section for Companies That Added a Chatbot in 2025''Vendor Breaks the Mould with RSA Launch of Novel Company Values''Blue Bottle Coffee Wins RSA Innovation Sandbox for 'Solving the Most Critical Infrastructure Problem in Cybersecurity'''Stealth Startup Raises $40M to Unsubscribe You from Every Vendor Who Scanned Your Badge at RSA'
Powered byMAZE

Breaking Satire Before Its Patched

© 2026 The Exploit. A cybersecurity satire publication.

Categories

Resources

Subscribe before we're patched

Subscribe for cybersecurity satire that hits too close to home

Have a story tip? We want to hear from you.