Through phishing and other cyber breaches, criminals can steal credentials and sell them on the dark web. And these details may be used in ransomware campaigns.

The sooner an organisation knows its credentials have been compromised, the sooner it can act to protect itself.

SOS Intelligence spotted a gap in the market for an affordable and flexible solution capable of providing real-time information on data breaches.


SOS Intelligence wants to make cyber threat intelligence affordable and accessible to everyone. Its automation technology collects pre-selected keywords from organisations and then scans the dark web, ingesting threat data in any language and looking for mentions of those keywords in Telegram channels or hacker forums.

It’s also able to retrospectively go through a database that’s known to have been hacked and has just become available to bad actors.

If your credentials have been leaked to the dark web, SOS Intelligence can alert you when they’re mentioned. This gives organisations early warnings about data loss before criminals get a chance to misuse them.

Automating the entire process and removing the need for human talent reduces the cost. There’s no machine learning involved: the startup helps the client pick effective keywords before carrying out automated pattern matching.

Its curated feeds of open-source and closed-source intelligence include closed hacking forums, paste sites, phishkits and crawling and indexing of the dark web.

It’s available as a web portal, a more advanced Application Programming Interface for threat hunters or a white-label commercial service for managed security providers.

Founder Amir Hadzipasic comes from an offensive cyber security background and is a qualified OSINT practitioner. He believes that the odds are always stacked against the defender and is particularly determined to give public sector bodies like the NHS an upper hand. Through its intelligence gathering, it’s detected thousands of compromised usernames and passwords on the dark web, many of which belong to critical national infrastructure or public sector organisations.

The startup is also on a mission to make breach detection and digital risk monitoring affordable for smaller companies as well as managed security service providers that could offer it to their customers.


The startup would benefit from the NCSC’s ransomware and technical teams sharing feedback on its product and how it might be integrated with third-party tools. It wants to attract funding and find more customers, especially managed security service providers.

SOS Intelligence adds any keyword matches to a database as it goes along, so it has four years’ worth of data from the dark web in multiple languages. It’s open to partnering with other startups, especially those that work with AI, machine learning and human language analysis.

“Every single thing that’s advanced our product has come from customer feedback. So getting feedback from the NCSC and potential customers will be hugely useful.”

– Amir Hadzipasic, CEO and founder, SOS Intelligence