Moving Research into Practice

Cordyceps provides targeted information security services to address strategic challenges in the U.S. public and private sectors. Our clients range from U.S. federal government agencies to financial sector companies and cutting edge software development organizations. 

Our team is highly experienced in both high-level strategy and technology security consulting, providing an invaluable partnership between applied computer science and real world impact. Our research and development group focuses on technical solutions and their implications on the systems surrounding them.

In other words, we know how to break systems and occasionally, what to do about it.

Our Services

Applied Research

We blend proven techniques with innovative technologies: modern fuzzing, automated binary analysis and exploitation, large scale graph databases, and natural language processing. Our research is tailored to customer requirements with a focus on repeatable and scalable solutions.

Risk Management

Cordyceps blends a strategic and technical approach to assessing and prioritizing threats. From national defense programs to financial infrastructure, we review your systems in the context of the threat landscape specific to your industry.


We provide training services in information security on topics ranging from offensive capabilities to national security and big data analytics. Our offerings include conferences, seminars, classes, and workshops for both a general audience and as intra-company sessions.

Vulnerability Research

We research and exploit new vulnerability classes in high priority systems.

Big Data Analytics

Our goal is to identify valid signals within large data sets and the valuable correlations between and within them. In our experience, this is often aided by outside annotations to the data that highlight extra-dimensional relationships.

Policy Analysis

Cordyceps has expertise in export control and other complex aspects of modern national policy when it comes to offensive cyber technologies. We are often called to help predict the effects of new regulatory environments or investments.

Our Team

Cordyceps is a group of highly experienced information security professionals with decades of experience implementing strategy and technology solutions in both the public and private sectors. We use a matrixed approach to make sure each project receives the support it needs and the appropriate access to information, whether open source or proprietary.

Partner: Dave Aitel

With a successful career in the National Security Agency and then founding and exiting Immunity, Inc., Mr. Aitel has a proven track record in building teams that produce next-generation information security technologies. 

Our Story

Cordyceps Systems was founded to solve pressing national information security challenges using advanced research and analytics, big data and graph databases, and special purpose information security engineering. The team has multiple decades of software exploitation experience and are well known in the information security industry for leading edge solutions and technologies.

Cordyceps provides specialized cybersecurity capabilities backed by extensive experience in highly classified environments emulating nation-state adversaries and developing specialized products to create cutting edge national security programs. These capabilities were and are developed by strategically investing in and developing analytical tools that identify vulnerabilities for bug classes outside typical research scope, allowing rigorous evaluation and testing before system deployment. For example, Cordyceps team members were instrumental in developing new classes of vulnerabilities, including early research in fuzzing and development of one of the first fuzzers, SPIKE, released in 2001. 

In addition, Cordyceps has extensive experience in knowledge transfer and training, with decades of experience in running a world-class cybersecurity conference and providing top-tier instruction in the space of offensive information security. Currently, Cordyceps is one of the few offensive security firms heavily involved in open source security efforts sponsored by DARPA, focusing on modern graph databases and machine learning systems for intelligence and vulnerability discovery. These efforts are highly relevant to the design and build of modern software systems, allowing for the integration of supply chain assurance and automated vulnerability analysis.