Security firm Huntress allegedly has a turncoat insider leaking info to a ransomware operation, according to an ex-employee who took his grievances to social media after claiming the security shop tried to “silence” him with legal threats.

And it all started with a Pinocchio GIF and clown emoji. 

Late last week, Huntress disclosed that it is among the “hundreds of Klue customers” compromised in the supply-chain attack, stating that “Huntress believes in radical transparency about security incidents, including when it affects our company.”

Ben Folland, a former security operations analyst at Huntress who left the company in February, responded with a Pinocchio GIF and clown emoji - although, to be clear, his complaints about his former employer have nothing to do with the Klue incident. These stem from an earlier incident that Folland also detailed in a series of posts.

According to Folland’s resignation letter, which he also shared on LinkedIn, he left the security firm for “personal reasons, and due to a conflict of interest,” with his last day of work being February 19.

This conflict, Folland alleges, arose from his December discovery that “another Huntress employee passed communications from US law enforcement to a cybercriminal, DevMan, who is actively and publicly targeting my family and me.”

DevMan is a ransomware operation that first emerged in April 2025 and uses modified DragonForce code.

“Since December 2025, I believe Huntress has been actively trying to conceal a serious security incident from its partners, customers, and employees involving an insider who is still employed at the company,” Folland said in a LinkedIn post. 

The alleged insider was “caught by the FBI,” according to Folland, and continues to work as a Huntress employee.

“The incident in question would cause significant reputational damage to Huntress and, in my view, continues to put clients at risk,” his LinkedIn post continued. “With an IPO on the horizon, it appears their priority was not transparency, but keeping this away from the press.”

Folland also promised to publish, over the next two weeks, “evidence supporting the claims made in my resignation email,” such as communications with the FBI and those between the Huntress employee and DevMan, recorded phone calls, internal Huntress memos, and threats targeting Folland and his family.

The Register reached out to Folland for more information and did not receive a response.

“If you are an employee at a cybersecurity company, you should not be helping cybercriminals,” he wrote on LinkedIn. “You should not be informing them of active investigations. You should not be engaging in cybercriminal activity yourself.”

We also contacted Huntress about Folland’s accusations, and CEO Kyle Hanslovan responded via a spokesperson.

"A former employee raised concerns that a teammate exercised poor judgment in communicating with a cybercriminal,” Hanslovan said. 

“By nature of our work as security researchers, teammates occasionally need to communicate with possible cybercriminals to gather intel that ultimately supports our partners and customers,” he continued. “I appreciate the hell out of that former employee's concerns and we've taken them seriously every step of the way. I also have to make sure Huntress upholds its responsibility to protect the confidentiality of our teammates involved and the investigation underway.”

Hanslovan also assured Huntress’ partners, customers, and employees that if he learns “new information that changes our assessment of the current situation, I will take quick and appropriate action.”

In a more direct response on Reddit, Hanslovan said he “firmly disagree[s]” and doesn’t “understand Ben's accusations.” His company “strongly disagree[s] with this ‘insider’ narrative,” he wrote. “We sure af didn’t prioritize an IPO over the safety of our partners, customers, or team.”

And about the FBI allegations: “Some aspects of this matter involve ongoing active coordination with law enforcement and legal proceedings that prevent us from providing a complete public account,” Hanslovan wrote. “We're not gonna litigate this on LinkedIn with Ben but will likely publish some form of official comms to make our stance clear for those needing something more than my reddit reply.”®