Twenty: The Offensive Cyber Weapons Startup That Became a Unicorn

What happened?

Twenty, a US startup developing offensive cyber weapons, has closed a $100 million Series B round led by Accel, with participation from Point72 Ventures, Caffeinated Capital, and Friends & Family Capital. The resulting valuation reaches $1 billion, making it the first unicorn dedicated exclusively to commercial cyberattacks. The news was initially reported by Axios and confirmed by The Next Web. Founded in 2021 by veterans of the intelligence and cybersecurity community, Twenty operates from undisclosed offices in the US and has a team of approximately 150 employees. The company describes itself as 'the first venture-backed cyber warfare firm in the United States.' Its flagship product, called 'Talon,' is a modular platform that enables offensive operations such as network penetration, data exfiltration, and targeted denial-of-service attacks. According to Axios, Twenty already has contracts with several US government agencies and NATO allies, although specific details have not been made public for national security reasons.

Why is it important?

Historically, cybersecurity startups have focused on defense: firewalls, antivirus, intrusion detection. Twenty represents a paradigm shift by selling 'the sword' instead of 'the shield.' This reflects a growing demand for offensive capabilities from governments and large corporations to conduct proactive hacking operations, competitive intelligence, and cyber warfare. The unicorn valuation indicates that investors see an expanding market, despite legal and ethical risks. For context, the global offensive cybersecurity market (including penetration testing, red teams, and attack tools) is estimated at around $15 billion in 2025, with a compound annual growth rate of 12% according to MarketsandMarkets data. However, most of that spending corresponds to traditional defense contractors like Raytheon, Northrop Grumman, and Lockheed Martin, which have dominated the supply of cyber weapons to governments for decades. Twenty seeks to democratize access by offering more agile and modular tools that can be deployed by smaller teams, potentially expanding the market to clients who previously could not afford expensive integrated systems.

Market impact

The entry of venture capital into offensive cyber weapons could accelerate the development of increasingly sophisticated tools, but also raises questions about regulation and control of these technologies. Companies like NSO Group have faced controversies over the use of their products (such as Pegasus) to spy on journalists and activists. Twenty will need to navigate a complex regulatory environment, especially in the US, where cyber weapon exports are controlled by the State Department under the International Traffic in Arms Regulations (ITAR). Unlike NSO, which is Israeli and operates under different regulations, Twenty is subject to stricter scrutiny in the US. However, the company has stated that it sells only to authorized government clients and that its tools include technical safeguards to prevent unauthorized use, such as geofencing and audit logs. Accel's investment, a fund known for backing companies like Facebook and Slack, suggests that venture capital sees a legitimate and growing market, although doubts persist about the ethics of investing in cyber weaponry.

Future consequences

If Twenty manages to maintain an ethical profile and comply with export laws, it could open the door to more investments in this sector. However, any scandal of misuse could trigger a regulatory backlash affecting the entire industry. A precedent is the case of NSO Group, which was blacklisted by the US Commerce Department in 2021, limiting its ability to do business with US companies. Twenty could face a similar fate if its tools fall into the wrong hands. Additionally, the growing sophistication of commercial cyber weapons could trigger a global cyber arms race, where states and non-state actors seek increasingly advanced countermeasures. On the other hand, Twenty could spur a necessary debate on the regulation of cyber weapons, similar to conventional arms control treaties. For now, the startup has stated that it sells only to authorized government clients, but transparency will be key to maintaining public trust and avoiding sanctions.

What readers should know

• Twenty is the first VC-backed cyber warfare startup in the US to achieve unicorn status, with a $1 billion valuation after a $100 million Series B.
• The $100 million Series B round was led by Accel, a fund known for investments in tech companies like Facebook and Slack, along with Point72 Ventures, Caffeinated Capital, and Friends & Family Capital.
• The offensive cyber weapons market is dominated by traditional defense contractors like Raytheon and Northrop Grumman; Twenty seeks to democratize access with modular and agile tools.
• There are significant legal and ethical risks; the company claims to sell only to governments and under strict controls, but the precedent of NSO Group shows the dangers of deregulation.
• The company employs about 150 people, mostly intelligence and cybersecurity veterans, and its 'Talon' platform is already in use by US agencies and NATO allies, according to Axios.

'Twenty sells the sword in a world that only bought shields. Its unicorn valuation shows that the commercial cyberattack market is ready to take off, but the path is full of regulatory and ethical landmines.' — Analyst at TheVortiq