A decade in, bootstrapped Thinkst Canary reaches $20M in ARR without VC funding

TechCrunch

29-05-2025

This month, cybersecurity company Thinkst will mark its 10th anniversary since the launch of its now-flagship product, Canary. The company debuted Canary after seeing companies spend millions of dollars on cybersecurity products, yet were still taking months or longer to realize that they had been breached.
Thinkst believed it could make a digital tripwire product that would catch hackers in the act, and by all accounts, it did just that.
Over the past decade, the company has grown to around 40 employees, mostly developers and engineers; hasn't taken on any outside funding; and is on track this year to make a healthy profit on $20 million in annual recurring revenue, almost double from 2021, Thinkst founder Haroon Meer told TechCrunch.
It's an impressive, if not refreshing feat, at a time when many cybersecurity companies are driven by breakneck growth and speed and fueled by venture capital.
Meer, who founded Thinkst and serves as its chief executive from Cape Town in South Africa, told TechCrunch in a call earlier this month that Thinkst made it this far by focusing on its customers and what they need — specifically a product that does what it says it does — and not growing the company at an uncontrolled rate. Meer said this approach is working, pointing to 60% of its first-year customers who are still with the company today.
'We're not artificially holding back growth, but we're also not doing any of the really silly, 'pour gasoline on the fire' growth-at-all-costs stuff,' said Meer. 'What you have to do is keep the promises that you make, and you'll grow into the people that are right for you.'
In 2015, Thinkst launched its Canary hardware product — named after a canary in a coal mine, essentially a very early warning system — that can detect and alert when hackers are present on a company's network.
A canary is set up like a honeypot, so that when a malicious hacker (or an authorized pen-tester stress-testing a company's defenses) accesses the canary thinking they struck it lucky by accessing a Windows PC with an open file share, or a server packed with customer data, secret API keys, or a vital service for a company's operations, the canary will send an alert about the breach and allow the company to take immediate action.
The canary's purpose is to reduce the amount of time that hackers have to sneak around on a victim's network to search for sensitive data, plant malware, or otherwise cause damage before getting caught. The average hacker has around 24 days on a victim's network before detection, according to Verizon's most recent annual data breach report.
The company also offers Canary Tokens, its free and public offering that lets anyone drop an item of ostensible value, like a password, document, or a credit card number, for example, in a safe place so that when someone accesses or opens the item, you are alerted at the same moment your safe place was compromised.
'One of the things we got accidentally lucky with is it's really hard to deploy a canary wrong,' said Meer. 'If you make it fit in, then you catch attackers, and if you make it stick out, you catch attackers.' After all, if a malicious hacker sees an advantage to get what they need faster, they're going to take the opportunity.
'It's rare for us to have a week without getting an email from a customer saying this saved our lives, or we had a pen test and this is the only thing that caught our attackers,' said Meer.
It is these success stories that 'fuels' the company, said Meer, and helps drive the company's organic sales growth. Thinkst does not have an outbound sales team; instead, the company relies largely on word of mouth, or existing customers who want to buy more of the company's honeypots.
Meer said that while Thinkst hasn't taken any outside funding to date, he does not begrudge the VC industry and values its insights. While conceding that some companies cannot get to where they are without heavy cash injections, he argues that money is 'not the gate that stops you from doing stuff.' Meer said that companies focusing on making their products work and their customers happy is core to good business.
'My main thing is that you should run the business in a way that you are still attractive for investment or acquisition,' said Meer. 'If you build a good enough business so that you don't need it, you can always ask for it when you do.'
Meer was not shy about his company's ambitions. 'We think every company should be running at least five canaries now,' he said. Some companies have a handful of canaries and some into the hundreds or more. 'There's a bunch of stuff that we could do to make more money; we just don't think that's necessary right now, because what we're doing is offering a good product at a fair price, and that's growing.'
'We are $20 million now, but we don't think $20 million is our ceiling,' said Meer.