Are you a licensed PI agency today?

Not yet. The founder qualifies as principal applicant in Florida, the founding jurisdiction. The 50-state licensure build-out is part of the use-of-funds. Today, the practice runs DFIR work in-house under court-admissible methodology, and surveillance / fieldwork is coordinated through a network of licensed-investigator partners. Every public-facing claim on this site is forward-looking where it concerns licensure.

What is in the investor room versus on this public page?

The public page covers the positioning, the category thesis, the team, the build-out roadmap, and the comparable-set pattern. The investor room contains the specifics: round size, valuation cap, SAFE terms, customer count, MRR / ARR, conversion rates, the unit-economic table, and exit-strategy buyer mapping. Access is granted by Quinn after a first call or a brief intro email.

How do I request access to the full investor briefing?

Email quinn@sleuthx.ai with a one-line note about your fund, check size, and stage focus. Response within one business day. Calendly is also fine. The first call is 30 to 60 minutes covering the practice, SleuthX, the comp set, and SAFE terms. Materials are NDA-protected from the first conversation.

What stage is the company at?

Currently raising on a SAFE. The SleuthX consulting practice is already revenue-generating and bootstrapped. Specific terms in the call.

Why is the round-and-traction page gated?

Round size, cap, MRR, and customer counts are confidential and shared with investors who have a real fit. Public publication of those specifics creates noise that does not help either side. The investor room handles that.

SleuthX · Investor Briefing · May 2026

The forensic layer for personal cybersecurity. Court-grade work at app prices.

Identity monitoring watches your credit. SleuthX investigates everything else. An AI agent built on a working DFIR methodology, layered on top of a captive practitioner team, with a licensed-PI agency build-out as the regulatory moat.

Two-founder team. Quinnlan Varcoe (Founder & CEO) — qualifies as PI principal in Florida, court-admissible methodology, named expert witness on litigation engagements. Alex Riffenburgh (Co-Founder & CTO) — leads the agent build and the offensive-security work that pressure-tests it.

Request investor room access Schedule a call (239) 241-8095

The Problem

The problem no one has solved.

The Scale

Roughly a third of Americans experienced identity theft in the last year. Tens of millions had accounts compromised, devices infected, or money stolen — and most never found out what actually happened.

The three options that don't work

Identity Monitoring ($10–25/mo)
Already bundled into most bank accounts. Tells you something might be wrong. Never tells you what.
Forensic Examiners ($300–500/hr)
Priced for litigation, not consumers. Weeks of waiting. Out of reach for the average victim.
Police
Rarely investigate consumer digital crime. Victims are left with no evidence, no answers, and no path forward.

The Gap

What identity monitoring can't see.

The entire device and account surface — where most consumer cybercrime actually happens — is invisible to the existing market. Monitoring services were built for credit fraud. Everything else falls through the cracks.

Monitoring services SEE

Credit file changes
Identity in public records
Dark-web mentions of your SSN
New credit inquiries
Address changes

Monitoring services DON'T see

Stalkerware on your phone
Account compromise beyond credit
Behavioral anomalies on your accounts
Real-world exposure mapping
Court-admissible evidence

The gap isn't a feature gap. It's a category gap. No consumer product has ever addressed it.

The Category

The category we're building.

Identity monitoring watches your credit.
SleuthX investigates everything else.

Forensic investigation, delivered as consumer software. Continuous surveillance of the surfaces monitoring services can't see — plus expert investigation when something happens. This isn't a better version of what exists. It's a different product in a category nobody owns.

Answers, Not Alerts

We tell users exactly what happened, not just that something might be wrong.

Evidence, Not Reports

Court-admissible findings that enter the legal system natively — something no monitoring product can produce.

Investigation, Not Monitoring

Active forensic analysis across devices, accounts, and behavioral patterns.

Why Now

Four converging tailwinds.

AI agents are finally capable

Running real forensic methodology on consumer data at consumer cost is now possible. Three years ago this required a $500/hr human. Today it doesn't.

Threat surface has expanded

Stalkerware deployments rising sharply. Romance scams hit $1.3B/year in US losses. SIM-swap incidents climbing. Crypto fraud at multi-billion scale.

Monitoring is commoditized

Free monitoring is bundled into nearly every bank account, credit card, breach settlement, and AAA membership. The category is racing to the bottom on price, not competing on capability.

Incumbents are stuck

Aura, LifeLock, and IdentityIQ have spent a decade optimizing the monitoring layer. Going deeper requires DFIR talent and methodology they simply don't have.

A Second Category Nobody Owns

Private investigation.

$21B

Global PI market (2025)

$32.8B

Forecast by 2035

43,600

US private investigators — overwhelmingly solo operators

The vacuums we're filling

Consumer-facing PI brand at scale

Doesn't exist.

AI tooling for working PIs

Doesn't exist.

AI-native, multi-state licensed PI agency

Doesn't exist — and SleuthX is being built toward it.

The PI industry is a vacuum on both sides of the market. The largest player (Pinkerton/Securitas) is enterprise-only with no consumer brand. SleuthX is being built as an AI-native PI agency on a roadmap to 50-state licensure. This isn't software for PIs — we are building a PI agency, with software as the operating layer. Today, the founder qualifies as principal in Florida and licensed-investigator surveillance work is delivered through partner-network coordination while we build out captive licensure.

Go-to-Market

Three ways we serve the $20B+ market.

Live today

Consumers

Subscribe via Triage / Watch / Investigate tiers at $100–$300/mo for self-serve forensic answers on their own digital life.

Live today

PI agencies

Subscribe via the Enterprise tier at $500/mo, multi-seat, and use SleuthX as the AI co-pilot on their existing caseload.

Roadmap · Building toward

Licensed PI casework

When cases escalate past self-serve, the workflow today routes through credentialed DFIR examiners in-house and licensed-investigator partners under chain-of-custody discipline. The build-out target is to bring that PI casework captive under our own multi-state licensure — court-admissible from start to finish, owned end-to-end.

The closest model is Hims and Ro: vertically integrated, licensed in their regulated domain, with software as the operating layer. The licensing moat is what produced their multi-billion-dollar outcomes despite competing against pure-software incumbents.

The Structural Moat

Why building toward licensed PI agency status changes everything.

Software companies serve adjacent markets. Licensed operators are the market. Four structural advantages a software-only competitor can't match — and won't be able to match within a venture-relevant timeframe.

Evidence admissible by default

A licensed PI's findings stand up in court, in police reports, and in insurance claims. Aura and LifeLock produce monitoring data — not investigative work product. The same finding is worth ~10x more when it can be used in a divorce filing or protective-order petition.

Distribution channels closed to software

Family-law attorneys, insurance fraud teams, and victim-advocacy organizations refer to licensed investigators. Bar ethics rules block referrals to unlicensed software vendors. Pure-software competitors don't have a path in.

Peer-to-peer enterprise tier

Once SleuthX itself is operating to professional PI standards, agencies subscribed to the $500/mo Enterprise tier aren't buying vendor software — they're using tools built by another licensed agency. The trust dynamic, retention, and pricing power are fundamentally different.

Regulatory moat compounds every quarter

43 of 50 states require state-level PI licensing. A well-funded competitor needs 24–36 months minimum to replicate a 50-state footprint. Every state we add hardens the moat further.

Build-out Plan

The regulatory moat: 50-state licensure roadmap.

The hard part is started

SleuthX is headquartered in Florida, where Quinn qualifies as principal applicant. The 50-state buildout proceeds via reciprocity where available, qualifying-manager hires in restrictive states, and targeted acquisition of existing licensed practices.

The moat doesn't erode. It hardens every quarter we add a state.

Licensing requirements by state

California
6,000 qualifying hours for the principal applicant — one of the most restrictive requirements in the country.
Florida
2-year Class C license requirement. SleuthX's home state and founding jurisdiction.
Texas, New York, New Jersey
Similarly hard licensing gates requiring state-level qualifying managers.
43 of 50 states
Require state-level PI licensing — creating a durable, capital-resistant barrier to entry.

The license stack is the hard part. The AI agent is the soft part. We're building both — but only one of them is unclonable by capital alone.

How It Works

Try it, then escalate when you need to.

Most cases resolve at the agent tier. For the rest, the agent surfaces exactly what needs human attention. Today, escalation routes to credentialed DFIR examiners in-house and a coordinated network of licensed-investigator partners. As licensure rolls out state by state, more of that escalation becomes captive.

Try It

Free 30-min consult or $100/mo Triage

Agent Investigates

AI forensic analysis of accounts and devices

Agent Reports Back

Plain-language findings and recommended actions

Escalate If Needed

DFIR examiners in-house, licensed-investigator partners on field work

The Strategic Pattern

TurboTax → TurboTax Live, applied to consumer cybersecurity.

Try the software, hit a wall on complexity, click for human help, pay premium. The AI is both the product and the demand-generation engine.

Most consumer cyber companies face a chicken-and-egg problem: how do you know you need monitoring before something happens? We don't have that problem. People come to SleuthX when they already suspect something has happened. The agent confirms or denies, and routes them to the right next step.

Minutes instead of weeks

AI forensic analysis in real time, not on a consulting engagement timeline.

Answers instead of alerts

Structured findings in plain language — not a dashboard of amber warnings.

Self-discovery instead of sales pressure

Users self-qualify into higher tiers as their case complexity demands it.

Product

Three engagement modes.

The full ladder from $100/mo subscription to $50K multi-actor forensic investigation. Customers self-select into the mode that matches their situation — with a 1-week free trial and a free 30-minute first call.

Mode 1 — Subscription

Four agent tiers, 1 week free. From reactive triage to full practitioner-mode forensics with expert time included.

Mode 2 — Project

Six-rung ladder from $995 triage assessment to $50,000+ complex multi-actor investigations and expert witness engagements.

Mode 3 — Hourly

$400/hr flat rate across every service. Same rate Cellebrite-tier work commands at boutique DFIR firms — delivered at consumer accessibility.

Sliding scale for DV survivors. Refundable retainers. Written scope before any billable work begins.

The Four-Rung Agent Ladder

Subscription tiers.

Tier	Price	What it does
Triage	$100/mo	Agent responds when something happens. Entry point for reactive users with a specific concern.
Watch	$200/mo	Agent watches continuously across accounts, devices, and public exposure surfaces.
Investigate	$300/mo	Practitioner mode — forensics + OSINT + 2 hours of expert practitioner time per month.
Enterprise	$500/mo	Multi-seat for advanced consumers, DFIR practitioners, and PI agencies. Deeper integrations, 4 hrs practitioner consult.

The Specialist Bench

Captive workforce + licensed-investigator partner network.

At every escalation point, we capture the work with our own specialist team where licensure permits, and through chain-of-custody coordination with licensed-investigator partners where it doesn't — yet.

DFIR consultants

In-house · Live now

Deep technical forensics on devices, networks, and accounts. Account compromise, device infection, ransomware on personal devices.

TA negotiators

In-house · Live now

Communication and recovery negotiation with adversaries. Ransomware, sextortion, BEC recovery, romance-scam exit, executive sextortion.

Credentialed examiners

In-house · Live now

Daubert/Frye-qualified expert-witness work. Litigation, depositions, and trial testimony with court-admissible findings.

Licensed PIs

Partner network now · Captive on the roadmap

Surveillance, attribution, fieldwork, and evidence collection. Active stalking, custody, harassment cases. Coordinated through licensed-investigator partners today; brought captive as state-by-state licensure comes online.

The Channel Thesis

Bidirectional attorney channel.

Inbound referrals

Family-law, litigation, and divorce attorneys refer clients to us. Bar ethics rules require licensed investigators — not software vendors. Once SleuthX licensure is in place, pure-software competitors are structurally locked out of this channel entirely. Today, attorneys engage us for the DFIR / expert-witness side directly under attorney privilege.

Outbound referrals

We refer clients to attorney partners for the legal proceedings that follow our forensic findings: divorce filings, protective orders, civil litigation, and criminal referrals. Bidirectional flow creates a relationship economy that compounds with every case closed.

Aura can't run this play (no practitioners). Harvey can't (wrong vertical). Pinkerton can't (no software, no consumer surface). The combination is structurally ours to build.

Business Model

What we own. What we VAR.

Same playbook the incumbents used to build the monitoring layer. We add the forensic layer they never built.

What we own (the moat)

Forensic AI agent

Trained on real case data. Compounds with every case closed.

Investigation methodology

DFIR practitioner depth built into the product layer.

Court-admissible reporting

Chain-of-custody discipline embedded in every output.

DFIR practitioner team

Captive specialists in-house across DFIR, negotiation, and expert-witness work.

What we VAR (commodity layer)

Credit monitoring

Experian / Equifax APIs — same data the incumbents use.

Dark-web exposure

SpyCloud, HaveIBeenPwned — best-in-class data feeds.

Data-broker removal

Optery / Kanary white-label for privacy protection.

ID-theft insurance

AIG / Chubb underwritten. Restoration via Sontiq / Generali.

Market

Three overlapping addressable markets.

100M+

Americans affected

50–100M+ Americans experienced a digital incident in the last 12 months — the unaddressed sub-segment monitoring services don't serve.

$50B+

Consumer cyber TAM

Global consumer cybersecurity market. Identity-protection segment alone is $14B+ with double-digit growth.

$21B

PI services market

Global private-investigation services market today — projected $32.8B by 2035. Fragmented across 37,000+ solo US practitioners with no AI tooling.

Aura's $165M ARR at 50% YoY growthproves consumers will spend at premium ARPU on personal cyber. The PI category proves there's $20B+ of demand for investigation services with no consumer brand serving it — and 37,000+ practitioners with no AI tooling on the supply side. We monetize both sides simultaneously.

Competitive Landscape

The forensic layer is a column nobody owns.

Product	Price	Watches credit	Investigates devices	Court-admissible	Forensic AI
Aura / LifeLock / IdentityIQ	$10–25/mo	✓	—	—	—
Bank / AAA bundled monitoring	Free	✓	—	—	—
Mandiant / CrowdStrike (enterprise DFIR)	$500+/hr	—	✓	✓	Limited
SleuthX	$100–$500/mo	✓ (via partners)	✓	✓	✓

We're not competing on monitoring breadth. We own the forensic layer — a column no incumbent has checked, and none can quickly acquire.

The Build vs Buy Asymmetry

Why incumbents can't ship this.

Aura's moat

Brand awareness, ad spend, distribution channels, and partner relationships. Real — but replicable. These advantages erode when a better product exists.

Our moat

DFIR practitioner depth, forensic AI trained on real cases, court-admissible methodology, hybrid AI+human delivery, and PI licensure across multiple states (in build-out). Hard to replicate in under 3 years.

A monitoring company can't acquire DFIR capability overnight. They'd need to hire credentialed examiners (rare and expensive), build chain-of-custody discipline, train an AI on real case data they don't have, develop court-admissible methodology, and start the multi-year multi-state PI licensure process — all while their existing product roadmap competes for resources. We've already built the foundation. They haven't started.

The Comp Set

Two reference categories, one intersection.

Consumer cyber benchmark

Aura — Proving consumer demand

$165M ARR in 2025
~50% YoY growth
$1.6B Series G valuation (~10x ARR)

Vertical AI benchmark

Harvey — Proving the multiple

$190M ARR (up from $100M Aug 2025)
$11B valuation (~58x ARR)
4 years founded → $11B by 2026

Aura proves the demand. Harvey proves the multiple. SleuthX sits at the intersection: AI agents with credentialed human sign-off, in a legal-adjacent forensic vertical, sold to consumers and B2B partners.

The Vertical AI Playbook

Forensic investigation fits every criterion.

Harvey, EvenUp, and Casetext established the pattern. SleuthX is executing it in a category none of them are in.

Choose Vertical

Deploy Agents

Human Sign-off

Premium Pricing

Compound Data

Sierra

$15.8B valuation · $150M ARR · ~105x ARR. Vertical AI for enterprise CX.

Harvey

$11B valuation · $190M ARR · ~58x ARR. Vertical AI for legal — closest analog.

EvenUp

$1B+ valuation. AI demand letters for personal-injury law. Same expert-bottlenecked, high-stakes pattern.

Casetext

$650M acquisition by Thomson Reuters. Legal research AI — proves vertical data compounds into M&A.

The vertical AI checklist

Expert-bottlenecked ✓ — $300–500/hr DFIR examiners are scarce.
Document & evidence-heavy ✓ — Every case has structured files, chain-of-custody logs, expert reports.
Stakes require human sign-off ✓ — Court, evidence, recovery decisions demand credentialed-examiner oversight.
Premium pricing justified ✓ — Court-admissible evidence commands premium pricing.
Vertical data compounds ✓ — Every case makes the forensic AI smarter.

Why the Harvey multiple translates

Vertical AI multiples aren't earned by customer type. They're earned by the value dynamic — AI replacing expert-bottlenecked, high-stakes workflows that require credentialed human sign-off.

Harvey: replaces associate attorney; partner sign-off; litigation/M&A stakes.

EvenUp: replaces PI attorney; senior-attorney sign-off; settlement/court stakes.

SleuthX: replaces forensic examiner; credentialed-examiner sign-off; court / evidence / recovery stakes.

Practice Team

The four people building SleuthX.

Founder & CEO

Quinnlan Varcoe

Founder and CEO

Founder and CEO. Bachelor of Science in cybersecurity from SANS Technology Institute. 15 active certifications across SANS GIAC, AWS, Splunk, and CompTIA — including GCIH, CySA+, and GCIA — the credential mix that supports expert-witness qualification under Daubert and Frye. Designed the court-admissible forensic methodology that SleuthX encodes and trains on. Roughly a decade in incident response and threat intelligence for Fortune 50 enterprises and the defense industrial base before founding the company.

Designed the methodology SleuthX is built on.

Connect on LinkedIn

Co-Founder & CTO

Alex Riffenburgh

Co-Founder & CTO

OSCP-certified offensive security engineer with experience across red teaming, penetration testing, digital forensics, and AI security. Bachelor of Science in Computer Science from Western Governors University, completed in six months. In 2025 she shipped exploit proof-of-concepts and patches against AI training infrastructure as a contractor in the AI security space — the same threat surface SleuthX defends consumers from. Active CTF competitor, DEFCON and BSides regular, contributor to non-profit OSINT projects. At SleuthX, she leads the engineering and the offensive-security work that pressure-tests the agent before any finding ships.

Leads the technical build of the AI agent.

Connect on LinkedIn

Practitioner Lead

Jose Santana

Lead Technical Consultant

Twelve-plus years of practitioner cybersecurity work focused on threat detection, incident response, and digital forensics. Works directly with individuals and small businesses on active incidents — the front-line case load that produces the labeled forensic data SleuthX trains and validates on. Hands-on methodology, practical deliverables, written for the people paying for them.

Front-line case load that produces the data SleuthX trains on.

Connect on LinkedIn

Founding AI Engineer

Alisa Tsurko

Founding AI Engineer

Founding AI Engineer. Information Technology graduate from the University of Washington. Has developed anti-scam AI tools aimed at the general population — the same threat surface SleuthX is built to defend against. Project manager and lead researcher on her UW capstone Noova, a guide for domestic violence survivors on securing their online presence. Works full-time on the agent's AI development under the forensic methodology Quinn designed.

Builds the AI that turns Quinn's methodology into product.

Quinnlan designed the forensic methodology the agent is built on. Alex leads engineering and the offensive-security work that pressure-tests the agent. Jose runs the front-line case load that produces the labeled data SleuthX trains and validates on. Alisa builds the AI that turns the methodology into product. The company operates under Blueberry Security Global, Inc..

The Briefing

Three reasons to take the call.

Why now

Vertical AI is pattern-matching at scale.

Capital, comp set, and consumer demand are aligned. Cybercrime losses, scam volume, and stalkerware deployment all compounded over the past five years. SleuthX sits where that demand crosses the affordability gap.

Request the full briefing

Market

Two open categories, one operator.

$50B+ consumer cyber TAM with the forensic layer vacant. $21B PI services market with no consumer brand and no AI tooling. SleuthX monetizes both sides simultaneously.

Request the full briefing

Team

Working practice with the agent layered on top.

Quinn owns case judgment and the methodology — qualifies as PI principal in Florida and is the named expert witness. Alex leads engineering. The product is the productized version of an already revenue-generating practice, not a cold-start.

Request the full briefing

The Ask

Currently raising on a SAFE.

Round size and valuation cap are calibrated for AI/ML pre-seed. Use of funds covers product development on the agent, scaling the working SleuthX practice, and the state-by-state PI licensure build-out. Specific terms — round size, valuation cap, SAFE structure, MRR, customer count, and the unit-economics table — are shared in the investor room after a first call.

Investor Room

Request access to the investor room.

Email quinn@sleuthx.ai. Response within one business day. NDA-protected from the first conversation. Specific terms in the call.

Email Quinn for access Schedule a 30-minute call (239) 241-8095

Also available

Press kit and one-pager.

Founder bio, photos, and public press metrics live on the press kit. Investor-grade numbers live in the investor room.

View press kit

Investor FAQ

Forward-looking statements. Multi-state PI licensure, captive licensed-investigator workforce, attorney-channel access, and 50-state regulatory moat are part of the company's stated build-out plan and use of funds. Today, SleuthX operates a DFIR practice in-house under court-admissible methodology, the founder qualifies as principal applicant in Florida, and surveillance / fieldwork is performed through a coordinated network of licensed-investigator partners. SleuthX makes no claim of current PI agency licensure. Comp-set valuations and revenue figures (Aura, Harvey, Sierra, Decagon, EvenUp, Casetext) are public-record. Specific buyer interest cannot be inferred from this page.