A cybersecurity startup, IRIS C2, has been found to be operated by individuals with questionable backgrounds, including convicted felons and far-right conspiracy theorists. The company, which claims to be based in McLean, Virginia, has been actively soliciting zero-day security vulnerabilities in popular software, offering millions of dollars for acquisitions. Through its Twitter account, IRIS C2 has gained a significant following since its creation in January 2025, frequently posting about security vulnerabilities, AI, and software exploits. The company's true intentions and capabilities are unclear, but its focus on offensive cybersecurity raises concerns about potential malicious activities. Given the company's interest in zero-day vulnerabilities, including those targeting Intel, the window for patching is rapidly closing, making it essential for organizations to assess their exposure immediately1. This situation highlights the importance of vigilance in the cybersecurity landscape, where malicious actors can easily hide in plain sight.