A Pinocchio GIF and a clown emoji — that was Ben Folland’s curt public reply after Huntress disclosed it was among the “hundreds of Klue customers” impacted by a supply‑chain attack.
Ben Folland’s claims and timeline
Ben Folland, a former security operations analyst at Huntress who left the company on February 19, shared a resignation letter and a series of LinkedIn posts that lay out his grievances. In his resignation letter he said he left for “personal reasons, and due to a conflict of interest,” and in subsequent posts he accused a Huntress colleague of far graver conduct.
Folland wrote that in December he discovered “another Huntress employee passed communications from US law enforcement to a cybercriminal, DevMan, who is actively and publicly targeting my family and me.” He also alleged that “since December 2025, I believe Huntress has been actively trying to conceal a serious security incident from its partners, customers, and employees involving an insider who is still employed at the company.”
Folland went further on LinkedIn, alleging the employee was “caught by the FBI” and “continues to work as a Huntress employee.” He told readers he would publish, “over the next two weeks, evidence supporting the claims made in my resignation email,” naming items he intended to release: communications with the FBI, messages between the Huntress employee and DevMan, recorded phone calls, internal Huntress memos, and threats targeting Folland and his family.
The Register reached out to Folland for additional information and did not receive a response.
DevMan and the alleged disclosure to a cybercriminal
Folland’s posts name DevMan as the cybercriminal recipient of the alleged disclosures. The source material notes DevMan “first emerged in April 2025 and uses modified DragonForce code.” The allegation, as reported, is that a Huntress employee passed law enforcement communications to that operator — a claim that, if proven, would implicate both an insider risk and a liaison between company personnel and an active ransomware operation.
Huntress’ response — CEO Kyle Hanslovan
Huntress responded publicly after Folland’s posts. The company’s disclosure about the Klue supply‑chain issue included the statement that “Huntress believes in radical transparency about security incidents, including when it affects our company.”
CEO Kyle Hanslovan, via a spokesperson, said: “A former employee raised concerns that a teammate exercised poor judgment in communicating with a cybercriminal. By nature of our work as security researchers, teammates occasionally need to communicate with possible cybercriminals to gather intel that ultimately supports our partners and customers. I appreciate the hell out of that former employee's concerns and we've taken them seriously every step of the way. I also have to make sure Huntress upholds its responsibility to protect the confidentiality of our teammates involved and the investigation underway.”
Hanslovan added an assurance to partners, customers, and employees: if he learns “new information that changes our assessment of the current situation, I will take quick and appropriate action.”
On Reddit, Hanslovan wrote more directly that he “firmly disagree[s]” and doesn’t “understand Ben's accusations.” He said the company “strongly disagree[s] with this ‘insider’ narrative,” and insisted: “We sure af didn’t prioritize an IPO over the safety of our partners, customers, or team.” On the question of law enforcement and public detail, he wrote: “Some aspects of this matter involve ongoing active coordination with law enforcement and legal proceedings that prevent us from providing a complete public account. We're not gonna litigate this on LinkedIn with Ben but will likely publish some form of official comms to make our stance clear for those needing something more than my reddit reply.”
Klue supply‑chain disclosure and immediate context
Huntress acknowledged it was among the “hundreds of Klue customers” affected by a supply‑chain incident, and used that disclosure to reiterate its stated commitment to transparency. Folland’s posts, the company replies and the reference to law enforcement coordination all surfaced around that same public disclosure, although Folland’s LinkedIn notes specify his grievances are distinct from the Klue incident.
What this means for Huntress customers, law enforcement, and security teams
- Huntress partners and customers: will watch for any “official comms” Hanslovan said might be published, and will weigh Huntress’ assurance of “radical transparency” against Folland’s pledge to release evidence within two weeks.
- Law enforcement and legal proceedings: the posts refer repeatedly to FBI involvement — Folland said an insider was “caught by the FBI,” while Huntress cited “ongoing active coordination with law enforcement and legal proceedings” as a limit on what it can disclose publicly.
- Security teams and incident responders: the episode raises the dual themes Hanslovan mentions — that researchers sometimes must interact with potential criminals to gather intelligence, and that allegations of a staff member tipping a ransomware group would be a major insider‑risk event requiring forensic review and potential remediation.
For now, the public record rests on competing public statements and a promise from the former analyst to publish supporting material. Huntress has signaled it will update if new information emerges and has cited law enforcement coordination as a reason for restraint; Folland has set a two‑week timeline for releasing documents he says prove his claims. Whether that evidence appears and how law enforcement or Huntress will respond remain the concrete next steps the parties have set for themselves.
