Hack The Box, a gamified cybersecurity training platform with 1.7M users, raises $55M

There's long existed a divide in the world of computer hacking between those who are taking a malicious approach to crack a system, and those who are using the same techniques to understand the system's vulnerabilities, help fix them and at the same time fight against the malicious actors. Today, Hack The Box, one of the startups that's built a platform to help cultivate more of the latter group with a gamified approach, is announcing $55 million in funding to expand its business after racking up 1.7 million users.

The funding is being led by Carlyle, with Paladin Capital Group, Osage University Partners, Marathon Venture Capital, Brighteye Ventures and Endeavor Catalyst Fund also participating.

The U.K. startup is not disclosing valuation at the moment. But for some context, according to PitchBook, the startup, based out of England but with offices in New York and with founding roots out of Greece -- where it also has an office (and where it seems rumors of this round leaked out a couple of days ago) -- had raised just over $24 million since being founded in 2017 (with about $15 million of that in equity: the company says it's now raised about $70 million). Its last valuation, previously updated in 2021 after it raised $10.6 million, was a very modest $52 million.

"Modest" because the scale of what the company has achieved is pretty impressive. The 1.7 million community members that use the platform cover both individuals who have joined HTB on their own steam to learn skills and get certifications, as well as some 1,500 enterprises, universities, governments and other organizations that have sent their teams to HTB to be put through their paces.

The company says it currently runs some 450 "hacking labs" across more than 300 machines. Similar to companies like Kahoot (which works in a very different environment to be clear, K-12 education and corporate training) the idea with HTB is that its learning environment is built around gamification, simulations with avatars and narrative scenarios that are designed to throw users into what are built to mimic classic cyber hacks of varying and increasing sophistication. It also has a "pro lab" tier that takes on typical network configurations, such as Active Directory or fully patched environments, to test and train people on different attacks and approaches around common enterprise tools and scenarios. Penetration testing, misconfigurations and evading endpoint protections are among the situations that are thrown at users.

On top of this, in addition to its training platform for individuals and teams, it offers a careers platform, where those looking to hire ethical hackers, or ethical hackers looking for work, can connect.

HTB is not the first nor only company to build cyber training around a gamified environment. US Cyber Games, built in conjunction with U.S. government organizations, is built out as a mass-player environment that is used to identify and train would be white-hat hackers. (It also has a careers service.) HTB is actually one of the US Cyber Games' sponsors and supporters. Others like SafeTitan, Phished and Immersive Labs offer a range of approaches both for technical teams as well as employees to help raise awareness. The latter is not a category currently addressed by HTB, although it's an obvious area into which it might grow.

“Our mission is to create and connect cyber-ready humans and organizations through highly engaging hacking experiences that cultivate out-of-the-box thinking," said Haris Pylarinos, the CEO and co-founder, in a statement. "The game in cyber has changed with defensive, reactive and recovery postures not being fit-for-purpose in the face of an ever-increasing and ever-evolving wave of sophisticated attacks. A new proactive offensive & defensive approach is needed to take the fight to cybercriminals rather than waiting to be hit. From individual security professionals to companies, this means adopting a ‘hacker mindset’, learning to think and act like an attacker. This is the kind of mindset that we cultivate through Hack The Box.”

Something we have been regularly returning to on TechCrunch at the moment is the fact that funding has become a lot harder to come by in certain segments of tech. HTB is in one of the categories that is continuing to see attention, not least because security breaches certainly have not slowed down with the rest of the economy. That's one reason why investors would back those in the field that are scaling and have so far done so with relatively little outside capital.

“The demands on security and IT professionals have never been greater. An industry-wide talent shortage and an exponentially growing number of cyber threats place great importance on professionals and organizations to maintain best-in-class security practices," Constantin Boye, a director at Carlyle, in a statement. "Hack The Box is a pioneer in constantly providing fresh and curated training and upskilling content, in a fully gamified and intuitive environment, enabling individuals and organizations to tackle real-world hacking problems. We are excited for the next stage of Hack The Box’s evolution and are proud to be part of this journey.”