Mission

Intelligence
before the incident.

Cybercrime is the third-largest economy on earth, compounding every year, augmented by automated tooling. Most of the security industry activates after the compromise. LeakTrace operates on the pre-attack layer: mapping the observable exposure attackers use as reconnaissance input, before it becomes an incident.

Canadian cybersecurity firm · PIPEDA compliant · Human-verified intelligence

Category
EASM Credential Intelligence BEC Monitoring

Enterprise-grade exposure intelligence. External Attack Surface Management, credential intelligence, and Business Email Compromise monitoring, productized for the small businesses enterprise vendors won’t sell to.

17B+
Credential records in documented breach events
ITRC, 2024
194
Days average time to detect a breach
IBM Cost of a Data Breach, 2024
$16.6B
Internet crime losses recorded in a single year
FBI IC3, 2024
1/3
People affected by identity fraud last year
ITRC, 2024
Why We Exist
01

Security tooling activates
after the compromise.

Incident response, breach notification, forensic recovery. The industry is built around post-compromise cleanup. By the time these tools activate, an attacker has been inside for an average of 194 days. The data is already outside the perimeter.

What We Do
02

The same sources
attackers use.

Before targeting a business, attackers run reconnaissance across breach databases, data broker sites, paste archives, and criminal forums. It takes minutes. LeakTrace runs those same checks so the target organization sees what the attacker sees, before an action is taken.

Our Position
03

The exposure
already exists.

It's not a future risk. It's a current condition. Statistically, the data is already indexed. The operational question is whether the organization has mapped its own exposure, and whether remediation has begun.

How We Operate

Six Operating
Principles.

Not marketing commitments. Hard rules that every product decision gets measured against.

01
Pre-Incident Deployment

We operate before the breach, not after. If an incident has already begun, we are not the right product.

02
Source Integrity

Our intelligence comes from the same sources attackers use. No simulated threats. No synthetic data.

03
Actionable Output

Every finding is paired with a specific remediation action. An exposure report without guidance is not useful.

04
Zero PII Retention

Personal information is not retained after scan completion. We find your exposure, we do not become part of it.

05
North American Compliance

Full compliance with PIPEDA and CCPA/CPRA. All data processing within North America.

06
No Scaremongering

We report what we find, sourced and documented. If there is no exposure, we state that clearly.

The Intelligence Engine

Built to Scale. Designed to Compound.

50+
Intelligence Sources
6
Risk Categories
0100
Risk Scoring
24/7
Continuous Monitoring

Every assessment compounds. Each entity scanned becomes a permanent intelligence record with temporal snapshots, change detection, and cross-entity correlation. Each scan refines the model and expands the exposure intelligence dataset for the North American small business landscape.

The Stack

Six inputs.
One verified output.

What we run on every domain. Every step is logged, audited, and reviewable. No black boxes.

01
Public-Surface Scan

Domain, DNS, MX records, email authentication (SPF, DMARC, DKIM), SSL certificate validity, infrastructure fingerprints, certificate transparency logs.

02
Breach Correlation

Cross-reference against 17 billion+ leaked credential records, publicly-disclosed breach databases, documented incidents (LinkedIn 2021, Adobe 2019, Yahoo), and active dark-web markets.

03
Business Records

Public corporate registry data, provincial filings, and government-published business directories. Findings are mapped to the entity, not inferred.

04
Risk Scoring

Real-time 0–100 composite score integrating credential exposure depth, infrastructure weakness, compliance gaps, and organizational profile.

05
AI Categorization

A frontier language model translates raw findings into plain-English explanations and powers the intel chat. Every output reviewed by a human analyst before delivery.

06
Report Generation

Analyst-grade PDF suite: executive briefing, technical findings, compliance mapping, remediation plan, monitoring baseline. Delivered within 24 hours.

On AI

Where we use it.
Where we don’t.

We use a frontier-grade language model selected for safety properties and interpretability. The data we send is your already-public findings plus business context. We never transmit raw credentials, payment data, or anything outside the scope of the audit.

Where We Use It
  • Classifying breach findings by severity, type, and business impact
  • Drafting plain-English narrative for your preview page
  • Powering the intel chat, with strict accuracy guardrails (only your data, no fabrication)
  • Personalizing outreach based on industry and region
  • Auto-enriching business records from public sources
Where We Don’t
  • Final security recommendations. Security analysts write these.
  • The audit reports themselves. Reviewed by humans before delivery.
  • Customer-facing decisions. Humans handle every account.
  • Compliance determinations. Manually reviewed for every audit.
  • Anything that could fabricate or invent a finding.
Boundary

What we are not.

Clarity about scope. Cybersecurity is a crowded category; we work in a specific layer of it.

×

Not a firewall or endpoint protection.

Blocking live attacks and monitoring endpoints is what CrowdStrike, SentinelOne, and Norton exist for. LeakTrace finds what is already exposed, before those tools have anything to defend against.

×

Not an IT services company.

We do not manage networks, fix servers, or run tickets. We audit the exposure surface and refer to Implementation if remediation is in scope.

×

Not an insurance company.

LeakTrace reduces risk; cyber insurers underwrite the residual. Many of our findings make insurance applications stronger.

×

Not a red-team or offensive-security firm.

Purely defensive. LeakTrace never attempts entry. Every check we run is read-only against public infrastructure.

×

We do not sell fear.

The data speaks. LeakTrace presents verified findings with action plans. No countdown timers. No threat scoring inflated to drive urgency. No fabricated incident statistics. The reality is severe enough on its own.

The exposure profile
already exists.
LeakTrace maps it first.

Individual Assessment Business Assessment