Analysis
Website
Lupin & Holmes
Analysis
Website
Lupin & Holmes
Analysis
Website
Lupin & Holmes
Summary
About
Company
Lupin & Holmes
Overall Score of Website
24
Analysed on 2026-03-20
Description
Lupin & Holmes is a French offensive cybersecurity startup founded by brothers Roni 'Lupin' Carta (CEO, 23, self-taught, $800K+ in bug bounties from Google/Amazon/Facebook/Netflix/PayPal, named 'most useful hacker' at two live Google events, former Senior Security Engineer at ManoMano) and Oren 'Holmes' Carta-Lag (CTO, 33, Ruby on Rails backend developer, 42 school graduate). Product: Depi — a SaaS platform for software supply chain security. Depi plugs into code repositories, maps all software dependencies, continuously simulates known real-world attack techniques, and provides prioritised fixes. Proof point: Depi alerted Ledger to a critical Rollup vulnerability (60M weekly installs) before public disclosure. Funding: $5.9M pre-seed (March 2026), co-led by 20VC (Harry Stebbings) and Seedcamp; additional investors: Kima Ventures, Purple Fund, founders of Wiz, Hugging Face, and GitGuardian. Previously also at landh.tech domain.
Market
Cybersecurity / Software Supply Chain Security / SCA / Offensive Security
Audience
CISOs, security engineering leads, and platform engineering teams at tech companies managing complex software supply chains; developers using open-source dependencies at scale
HQ
Paris, France
Summary
Spider Chart
Freshness
12
Strategy
15
Content
18
Copy
25
SEO
22
Social Proof
20
Navigation
28
Content
30
Brand
32
Freshness
38
Freshness
$5.9M Pre-Seed (20VC + Seedcamp) Announced 3 Days Ago — Homepage Likely Not Updated
Score
12
Severity
Critical
Finding
Lupin & Holmes raised $5.9M in a pre-seed round co-led by Harry Stebbings' 20VC and Seedcamp, with Kima Ventures, Purple Fund, and the founders of Wiz, Hugging Face, and GitGuardian participating. The round was announced March 17, 2026. The lupinandholmes.com homepage previously described a small offensive security boutique (R&D, bug bounty, security tools). The $5.9M round at this stage — with 20VC as lead — is a significant validator. The site needs immediate updating to reflect this.
Recommendation
Update the homepage hero to feature the funding: '$5.9M pre-seed · 20VC · Seedcamp · Wiz · Hugging Face · GitGuardian founders.' The investor roster is exceptional for a pre-seed round: 20VC (Harry Stebbings, top-5 European VC podcast and fund), Seedcamp (earliest-stage champion of European founders), and the founders of Wiz (most successful cybersecurity exit in history at $32B), Hugging Face (most valuable European AI company), and GitGuardian (software supply chain security pioneer). This investor group is a tier-1 cybersecurity credibility signal.
Freshness
$5.9M Pre-Seed (20VC + Seedcamp) Announced 3 Days Ago — Homepage Likely Not Updated
Score
12
Severity
Critical
Finding
Lupin & Holmes raised $5.9M in a pre-seed round co-led by Harry Stebbings' 20VC and Seedcamp, with Kima Ventures, Purple Fund, and the founders of Wiz, Hugging Face, and GitGuardian participating. The round was announced March 17, 2026. The lupinandholmes.com homepage previously described a small offensive security boutique (R&D, bug bounty, security tools). The $5.9M round at this stage — with 20VC as lead — is a significant validator. The site needs immediate updating to reflect this.
Recommendation
Update the homepage hero to feature the funding: '$5.9M pre-seed · 20VC · Seedcamp · Wiz · Hugging Face · GitGuardian founders.' The investor roster is exceptional for a pre-seed round: 20VC (Harry Stebbings, top-5 European VC podcast and fund), Seedcamp (earliest-stage champion of European founders), and the founders of Wiz (most successful cybersecurity exit in history at $32B), Hugging Face (most valuable European AI company), and GitGuardian (software supply chain security pioneer). This investor group is a tier-1 cybersecurity credibility signal.
Freshness
$5.9M Pre-Seed (20VC + Seedcamp) Announced 3 Days Ago — Homepage Likely Not Updated
Score
12
Severity
Critical
Finding
Lupin & Holmes raised $5.9M in a pre-seed round co-led by Harry Stebbings' 20VC and Seedcamp, with Kima Ventures, Purple Fund, and the founders of Wiz, Hugging Face, and GitGuardian participating. The round was announced March 17, 2026. The lupinandholmes.com homepage previously described a small offensive security boutique (R&D, bug bounty, security tools). The $5.9M round at this stage — with 20VC as lead — is a significant validator. The site needs immediate updating to reflect this.
Recommendation
Update the homepage hero to feature the funding: '$5.9M pre-seed · 20VC · Seedcamp · Wiz · Hugging Face · GitGuardian founders.' The investor roster is exceptional for a pre-seed round: 20VC (Harry Stebbings, top-5 European VC podcast and fund), Seedcamp (earliest-stage champion of European founders), and the founders of Wiz (most successful cybersecurity exit in history at $32B), Hugging Face (most valuable European AI company), and GitGuardian (software supply chain security pioneer). This investor group is a tier-1 cybersecurity credibility signal.
Strategy
Depi' — Software Supply Chain Security Product — Not Confirmed as Primary Homepage Hero
Score
15
Severity
High
Finding
Dawn Liphardt coverage and the 20VC partner's Substack confirm: Lupin & Holmes' primary product is Depi — a SaaS platform that plugs into a company's code repositories, maps all software dependencies, continuously tries known real-world attack techniques against them, and offers prioritised fixes. The Depi alert that warned Ledger about a Rollup vulnerability before public disclosure is a concrete, newsworthy proof point. If the lupinandholmes.com homepage still leads with 'offensive cybersecurity and social engineering' generics rather than Depi specifically, the product is being undersold.
Recommendation
Make Depi the primary homepage product: 'Introducing Depi — the software supply chain security platform that finds how attackers would break into your codebase before they do. Plug into your repos. Map every dependency. Get real-world attack simulations, prioritised.' Feature the Ledger case: 'Depi alerted Ledger to a critical Rollup vulnerability before public disclosure — containing the risk before it reached production.' This specific proof point is immediately credible to security teams and demonstrates live production value.
Strategy
Depi' — Software Supply Chain Security Product — Not Confirmed as Primary Homepage Hero
Score
15
Severity
High
Finding
Dawn Liphardt coverage and the 20VC partner's Substack confirm: Lupin & Holmes' primary product is Depi — a SaaS platform that plugs into a company's code repositories, maps all software dependencies, continuously tries known real-world attack techniques against them, and offers prioritised fixes. The Depi alert that warned Ledger about a Rollup vulnerability before public disclosure is a concrete, newsworthy proof point. If the lupinandholmes.com homepage still leads with 'offensive cybersecurity and social engineering' generics rather than Depi specifically, the product is being undersold.
Recommendation
Make Depi the primary homepage product: 'Introducing Depi — the software supply chain security platform that finds how attackers would break into your codebase before they do. Plug into your repos. Map every dependency. Get real-world attack simulations, prioritised.' Feature the Ledger case: 'Depi alerted Ledger to a critical Rollup vulnerability before public disclosure — containing the risk before it reached production.' This specific proof point is immediately credible to security teams and demonstrates live production value.
Strategy
Depi' — Software Supply Chain Security Product — Not Confirmed as Primary Homepage Hero
Score
15
Severity
High
Finding
Dawn Liphardt coverage and the 20VC partner's Substack confirm: Lupin & Holmes' primary product is Depi — a SaaS platform that plugs into a company's code repositories, maps all software dependencies, continuously tries known real-world attack techniques against them, and offers prioritised fixes. The Depi alert that warned Ledger about a Rollup vulnerability before public disclosure is a concrete, newsworthy proof point. If the lupinandholmes.com homepage still leads with 'offensive cybersecurity and social engineering' generics rather than Depi specifically, the product is being undersold.
Recommendation
Make Depi the primary homepage product: 'Introducing Depi — the software supply chain security platform that finds how attackers would break into your codebase before they do. Plug into your repos. Map every dependency. Get real-world attack simulations, prioritised.' Feature the Ledger case: 'Depi alerted Ledger to a critical Rollup vulnerability before public disclosure — containing the risk before it reached production.' This specific proof point is immediately credible to security teams and demonstrates live production value.
Content
Roni Carta's Bug Bounty Track Record — $800K+ in Bounties, Google 'Most Useful Hacker' — Most Powerful Founder Signal
Score
18
Severity
High
Finding
Roni Carta has earned over $800,000 in bug bounties from Facebook, Google, Amazon, Netflix, and PayPal. He was named 'most useful hacker' at two live Google hacking events. He is 23 years old and self-taught (no degree). This founder background is categorically unusual — a 23-year-old with $800K in bug bounties from Google and Facebook has more practical offensive security credibility than most senior security engineers. This story is the company's most powerful brand asset.
Recommendation
Feature the founder track record prominently in the hero: 'Founded by Roni Carta — $800K+ in bug bounties from Google, Amazon, Facebook, Netflix, and PayPal. Named Most Useful Hacker at two live Google hacking events.' This positions Lupin & Holmes not as a VC-backed security SaaS with a PowerPoint demo, but as a product built by someone who has literally broken into Google and was paid for it. No CISO in the world will dismiss that credential.
Content
Roni Carta's Bug Bounty Track Record — $800K+ in Bounties, Google 'Most Useful Hacker' — Most Powerful Founder Signal
Score
18
Severity
High
Finding
Roni Carta has earned over $800,000 in bug bounties from Facebook, Google, Amazon, Netflix, and PayPal. He was named 'most useful hacker' at two live Google hacking events. He is 23 years old and self-taught (no degree). This founder background is categorically unusual — a 23-year-old with $800K in bug bounties from Google and Facebook has more practical offensive security credibility than most senior security engineers. This story is the company's most powerful brand asset.
Recommendation
Feature the founder track record prominently in the hero: 'Founded by Roni Carta — $800K+ in bug bounties from Google, Amazon, Facebook, Netflix, and PayPal. Named Most Useful Hacker at two live Google hacking events.' This positions Lupin & Holmes not as a VC-backed security SaaS with a PowerPoint demo, but as a product built by someone who has literally broken into Google and was paid for it. No CISO in the world will dismiss that credential.
Content
Roni Carta's Bug Bounty Track Record — $800K+ in Bounties, Google 'Most Useful Hacker' — Most Powerful Founder Signal
Score
18
Severity
High
Finding
Roni Carta has earned over $800,000 in bug bounties from Facebook, Google, Amazon, Netflix, and PayPal. He was named 'most useful hacker' at two live Google hacking events. He is 23 years old and self-taught (no degree). This founder background is categorically unusual — a 23-year-old with $800K in bug bounties from Google and Facebook has more practical offensive security credibility than most senior security engineers. This story is the company's most powerful brand asset.
Recommendation
Feature the founder track record prominently in the hero: 'Founded by Roni Carta — $800K+ in bug bounties from Google, Amazon, Facebook, Netflix, and PayPal. Named Most Useful Hacker at two live Google hacking events.' This positions Lupin & Holmes not as a VC-backed security SaaS with a PowerPoint demo, but as a product built by someone who has literally broken into Google and was paid for it. No CISO in the world will dismiss that credential.
Copy
Hack the Planet' Tagline — Memorable but May Create Enterprise Sales Friction
Score
25
Severity
Medium
Finding
The Lupin & Holmes mission statement ('Our mission is simple — Hack the Planet!') is authentic to the hacker culture and memorable. However, for enterprise sales to Fortune 500 security teams and CISOs who must justify procurement decisions to their boards, 'Hack the Planet' may create unnecessary friction. Security buyers are risk-averse by nature — a tagline that sounds like a teenage hacker slogan may trigger procurement hesitation despite the product's credibility.
Recommendation
Retain 'Hack the Planet' as the brand voice marker for culture/blog/social content, but use a more procurement-safe primary headline on the homepage product section: 'Depi finds the attack path into your software supply chain before attackers do.' The 'Hack the Planet' energy can live in the About section and socials — where it correctly signals the hacker culture that makes the product authentic. The product page should speak enterprise CISO.
Copy
Hack the Planet' Tagline — Memorable but May Create Enterprise Sales Friction
Score
25
Severity
Medium
Finding
The Lupin & Holmes mission statement ('Our mission is simple — Hack the Planet!') is authentic to the hacker culture and memorable. However, for enterprise sales to Fortune 500 security teams and CISOs who must justify procurement decisions to their boards, 'Hack the Planet' may create unnecessary friction. Security buyers are risk-averse by nature — a tagline that sounds like a teenage hacker slogan may trigger procurement hesitation despite the product's credibility.
Recommendation
Retain 'Hack the Planet' as the brand voice marker for culture/blog/social content, but use a more procurement-safe primary headline on the homepage product section: 'Depi finds the attack path into your software supply chain before attackers do.' The 'Hack the Planet' energy can live in the About section and socials — where it correctly signals the hacker culture that makes the product authentic. The product page should speak enterprise CISO.
Copy
Hack the Planet' Tagline — Memorable but May Create Enterprise Sales Friction
Score
25
Severity
Medium
Finding
The Lupin & Holmes mission statement ('Our mission is simple — Hack the Planet!') is authentic to the hacker culture and memorable. However, for enterprise sales to Fortune 500 security teams and CISOs who must justify procurement decisions to their boards, 'Hack the Planet' may create unnecessary friction. Security buyers are risk-averse by nature — a tagline that sounds like a teenage hacker slogan may trigger procurement hesitation despite the product's credibility.
Recommendation
Retain 'Hack the Planet' as the brand voice marker for culture/blog/social content, but use a more procurement-safe primary headline on the homepage product section: 'Depi finds the attack path into your software supply chain before attackers do.' The 'Hack the Planet' energy can live in the About section and socials — where it correctly signals the hacker culture that makes the product authentic. The product page should speak enterprise CISO.
SEO
Software Supply Chain Security — High-Value Search Category — Landing Page SEO Unknown
Score
22
Severity
Medium
Finding
Software supply chain security is a rapidly growing enterprise security category following the SolarWinds breach (2020), Log4Shell (2021), and dozens of subsequent supply chain attacks. Searches for 'software supply chain security platform,' 'SCA tool,' 'dependency vulnerability scanner,' and 'supply chain attack prevention' have significant enterprise buyer intent. If lupinandholmes.com is not optimised for these terms, the pre-seed press coverage SEO benefit will not translate to inbound leads.
Recommendation
Set page title: 'Lupin & Holmes — Depi: Software Supply Chain Security | Find Attack Paths Before Attackers Do.' Meta description: 'Depi plugs into your code repos, maps every dependency, and continuously simulates real-world attacks to find how an attacker could break in. Used to protect Ledger before public vulnerability disclosure. $5.9M backed by 20VC, Seedcamp, and the founders of Wiz.' Create a dedicated Depi product page at lupinandholmes.com/depi optimised for 'software supply chain security' and 'dependency vulnerability scanner.'
SEO
Software Supply Chain Security — High-Value Search Category — Landing Page SEO Unknown
Score
22
Severity
Medium
Finding
Software supply chain security is a rapidly growing enterprise security category following the SolarWinds breach (2020), Log4Shell (2021), and dozens of subsequent supply chain attacks. Searches for 'software supply chain security platform,' 'SCA tool,' 'dependency vulnerability scanner,' and 'supply chain attack prevention' have significant enterprise buyer intent. If lupinandholmes.com is not optimised for these terms, the pre-seed press coverage SEO benefit will not translate to inbound leads.
Recommendation
Set page title: 'Lupin & Holmes — Depi: Software Supply Chain Security | Find Attack Paths Before Attackers Do.' Meta description: 'Depi plugs into your code repos, maps every dependency, and continuously simulates real-world attacks to find how an attacker could break in. Used to protect Ledger before public vulnerability disclosure. $5.9M backed by 20VC, Seedcamp, and the founders of Wiz.' Create a dedicated Depi product page at lupinandholmes.com/depi optimised for 'software supply chain security' and 'dependency vulnerability scanner.'
SEO
Software Supply Chain Security — High-Value Search Category — Landing Page SEO Unknown
Score
22
Severity
Medium
Finding
Software supply chain security is a rapidly growing enterprise security category following the SolarWinds breach (2020), Log4Shell (2021), and dozens of subsequent supply chain attacks. Searches for 'software supply chain security platform,' 'SCA tool,' 'dependency vulnerability scanner,' and 'supply chain attack prevention' have significant enterprise buyer intent. If lupinandholmes.com is not optimised for these terms, the pre-seed press coverage SEO benefit will not translate to inbound leads.
Recommendation
Set page title: 'Lupin & Holmes — Depi: Software Supply Chain Security | Find Attack Paths Before Attackers Do.' Meta description: 'Depi plugs into your code repos, maps every dependency, and continuously simulates real-world attacks to find how an attacker could break in. Used to protect Ledger before public vulnerability disclosure. $5.9M backed by 20VC, Seedcamp, and the founders of Wiz.' Create a dedicated Depi product page at lupinandholmes.com/depi optimised for 'software supply chain security' and 'dependency vulnerability scanner.'
Social Proof
Ledger Pre-Disclosure Alert — Most Powerful Proof Point — Needs Dedicated Case Study Page
Score
20
Severity
High
Finding
The 20VC partner's Substack describes the most concrete Depi proof point: 'When a critical flaw was discovered in Rollup, a JavaScript build tool with 60 million weekly installs, Depi alerted Ledger before its public disclosure, containing the risk before it reached production.' This is a tier-1 proof point because: (a) Rollup is a ubiquitous dependency used by millions of projects; (b) Ledger is a well-known crypto hardware wallet company; (c) being alerted before public disclosure means Depi's continuous monitoring caught it first. This case study is worth an entire dedicated page.
Recommendation
Create a case study page: 'How Depi protected Ledger from a zero-day Rollup vulnerability before public disclosure.' Include: what Rollup is (60M weekly installs), what the vulnerability was (high-level description without enabling exploitation), how Depi detected it, and how fast Ledger was notified vs. public disclosure timeline. This case study will be cited by security researchers, shared on HackerNews, and will become the primary inbound SEO and PR asset for Lupin & Holmes' product credibility.
Social Proof
Ledger Pre-Disclosure Alert — Most Powerful Proof Point — Needs Dedicated Case Study Page
Score
20
Severity
High
Finding
The 20VC partner's Substack describes the most concrete Depi proof point: 'When a critical flaw was discovered in Rollup, a JavaScript build tool with 60 million weekly installs, Depi alerted Ledger before its public disclosure, containing the risk before it reached production.' This is a tier-1 proof point because: (a) Rollup is a ubiquitous dependency used by millions of projects; (b) Ledger is a well-known crypto hardware wallet company; (c) being alerted before public disclosure means Depi's continuous monitoring caught it first. This case study is worth an entire dedicated page.
Recommendation
Create a case study page: 'How Depi protected Ledger from a zero-day Rollup vulnerability before public disclosure.' Include: what Rollup is (60M weekly installs), what the vulnerability was (high-level description without enabling exploitation), how Depi detected it, and how fast Ledger was notified vs. public disclosure timeline. This case study will be cited by security researchers, shared on HackerNews, and will become the primary inbound SEO and PR asset for Lupin & Holmes' product credibility.
Social Proof
Ledger Pre-Disclosure Alert — Most Powerful Proof Point — Needs Dedicated Case Study Page
Score
20
Severity
High
Finding
The 20VC partner's Substack describes the most concrete Depi proof point: 'When a critical flaw was discovered in Rollup, a JavaScript build tool with 60 million weekly installs, Depi alerted Ledger before its public disclosure, containing the risk before it reached production.' This is a tier-1 proof point because: (a) Rollup is a ubiquitous dependency used by millions of projects; (b) Ledger is a well-known crypto hardware wallet company; (c) being alerted before public disclosure means Depi's continuous monitoring caught it first. This case study is worth an entire dedicated page.
Recommendation
Create a case study page: 'How Depi protected Ledger from a zero-day Rollup vulnerability before public disclosure.' Include: what Rollup is (60M weekly installs), what the vulnerability was (high-level description without enabling exploitation), how Depi detected it, and how fast Ledger was notified vs. public disclosure timeline. This case study will be cited by security researchers, shared on HackerNews, and will become the primary inbound SEO and PR asset for Lupin & Holmes' product credibility.
Navigation
No Clear Enterprise Sales Path — Demo Request or Security Assessment CTA Not Confirmed
Score
28
Severity
Medium
Finding
lupinandholmes.com previously presented as an offensive security boutique with R&D, bug bounty, and tool development. With $5.9M in pre-seed funding and Depi as a SaaS product, the homepage needs a clear enterprise sales path: a Book a Demo CTA that routes to the sales team or a self-service Depi onboarding flow.
Recommendation
Add a prominent 'Get a Depi assessment' or 'Book a security review' CTA in the homepage hero. For security products, the typical conversion path is: homepage → demo request → technical assessment → POC → contract. The Depi demo needs to be frictionless — ideally, connect your GitHub/GitLab in 60 seconds and immediately see your dependency attack surface. A one-click GitHub OAuth connection as the hero CTA is industry-standard for developer security tools.
Navigation
No Clear Enterprise Sales Path — Demo Request or Security Assessment CTA Not Confirmed
Score
28
Severity
Medium
Finding
lupinandholmes.com previously presented as an offensive security boutique with R&D, bug bounty, and tool development. With $5.9M in pre-seed funding and Depi as a SaaS product, the homepage needs a clear enterprise sales path: a Book a Demo CTA that routes to the sales team or a self-service Depi onboarding flow.
Recommendation
Add a prominent 'Get a Depi assessment' or 'Book a security review' CTA in the homepage hero. For security products, the typical conversion path is: homepage → demo request → technical assessment → POC → contract. The Depi demo needs to be frictionless — ideally, connect your GitHub/GitLab in 60 seconds and immediately see your dependency attack surface. A one-click GitHub OAuth connection as the hero CTA is industry-standard for developer security tools.
Navigation
No Clear Enterprise Sales Path — Demo Request or Security Assessment CTA Not Confirmed
Score
28
Severity
Medium
Finding
lupinandholmes.com previously presented as an offensive security boutique with R&D, bug bounty, and tool development. With $5.9M in pre-seed funding and Depi as a SaaS product, the homepage needs a clear enterprise sales path: a Book a Demo CTA that routes to the sales team or a self-service Depi onboarding flow.
Recommendation
Add a prominent 'Get a Depi assessment' or 'Book a security review' CTA in the homepage hero. For security products, the typical conversion path is: homepage → demo request → technical assessment → POC → contract. The Depi demo needs to be frictionless — ideally, connect your GitHub/GitLab in 60 seconds and immediately see your dependency attack surface. A one-click GitHub OAuth connection as the hero CTA is industry-standard for developer security tools.
Content
GitGuardian Founder Investment — Strategic Validation for Software Supply Chain Category
Score
30
Severity
Medium
Finding
The GitGuardian founders invested in this round. GitGuardian is France's leading application security company ($56M raised), best known for detecting secrets leaked in source code. Their investment in Lupin & Holmes signals: (a) the Depi product is adjacent but not directly competitive with GitGuardian; (b) the GitGuardian founders see Lupin & Holmes as addressing a complementary layer of the software supply chain security problem. This strategic validation from a sector-adjacent company is worth featuring.
Recommendation
Add a strategic investor section: 'Backed by the founders of Wiz (acquired by Google for $32B) · Hugging Face · GitGuardian.' The Wiz founders' participation is the headline — Wiz was the most successful cybersecurity exit in history, and the founders backing a 23-year-old's security startup is a categorical endorsement. Feature the three founder investor names above all other investor logos.
Content
GitGuardian Founder Investment — Strategic Validation for Software Supply Chain Category
Score
30
Severity
Medium
Finding
The GitGuardian founders invested in this round. GitGuardian is France's leading application security company ($56M raised), best known for detecting secrets leaked in source code. Their investment in Lupin & Holmes signals: (a) the Depi product is adjacent but not directly competitive with GitGuardian; (b) the GitGuardian founders see Lupin & Holmes as addressing a complementary layer of the software supply chain security problem. This strategic validation from a sector-adjacent company is worth featuring.
Recommendation
Add a strategic investor section: 'Backed by the founders of Wiz (acquired by Google for $32B) · Hugging Face · GitGuardian.' The Wiz founders' participation is the headline — Wiz was the most successful cybersecurity exit in history, and the founders backing a 23-year-old's security startup is a categorical endorsement. Feature the three founder investor names above all other investor logos.
Content
GitGuardian Founder Investment — Strategic Validation for Software Supply Chain Category
Score
30
Severity
Medium
Finding
The GitGuardian founders invested in this round. GitGuardian is France's leading application security company ($56M raised), best known for detecting secrets leaked in source code. Their investment in Lupin & Holmes signals: (a) the Depi product is adjacent but not directly competitive with GitGuardian; (b) the GitGuardian founders see Lupin & Holmes as addressing a complementary layer of the software supply chain security problem. This strategic validation from a sector-adjacent company is worth featuring.
Recommendation
Add a strategic investor section: 'Backed by the founders of Wiz (acquired by Google for $32B) · Hugging Face · GitGuardian.' The Wiz founders' participation is the headline — Wiz was the most successful cybersecurity exit in history, and the founders backing a 23-year-old's security startup is a categorical endorsement. Feature the three founder investor names above all other investor logos.
Brand
lupinandholmes.com vs landh.tech — Two Active Domains; Canonical Not Confirmed
Score
32
Severity
Medium
Finding
Search results return both lupinandholmes.com (submitted URL) and landh.tech (appears in some results, e.g. the LinkedIn description links to landh.tech/about/). Having two active domains with different content is a standard SEO anti-pattern — it splits domain authority and confuses press/investor links.
Recommendation
Establish one canonical domain. Given the press coverage all links to lupinandholmes.com, that should be the canonical. Implement a 301 permanent redirect from landh.tech → lupinandholmes.com. Update the LinkedIn company profile, AngelList, and all database profiles to use lupinandholmes.com exclusively. This consolidation funnels all the press cycle SEO authority onto one domain.
Brand
lupinandholmes.com vs landh.tech — Two Active Domains; Canonical Not Confirmed
Score
32
Severity
Medium
Finding
Search results return both lupinandholmes.com (submitted URL) and landh.tech (appears in some results, e.g. the LinkedIn description links to landh.tech/about/). Having two active domains with different content is a standard SEO anti-pattern — it splits domain authority and confuses press/investor links.
Recommendation
Establish one canonical domain. Given the press coverage all links to lupinandholmes.com, that should be the canonical. Implement a 301 permanent redirect from landh.tech → lupinandholmes.com. Update the LinkedIn company profile, AngelList, and all database profiles to use lupinandholmes.com exclusively. This consolidation funnels all the press cycle SEO authority onto one domain.
Brand
lupinandholmes.com vs landh.tech — Two Active Domains; Canonical Not Confirmed
Score
32
Severity
Medium
Finding
Search results return both lupinandholmes.com (submitted URL) and landh.tech (appears in some results, e.g. the LinkedIn description links to landh.tech/about/). Having two active domains with different content is a standard SEO anti-pattern — it splits domain authority and confuses press/investor links.
Recommendation
Establish one canonical domain. Given the press coverage all links to lupinandholmes.com, that should be the canonical. Implement a 301 permanent redirect from landh.tech → lupinandholmes.com. Update the LinkedIn company profile, AngelList, and all database profiles to use lupinandholmes.com exclusively. This consolidation funnels all the press cycle SEO authority onto one domain.
Freshness
© Year in Footer — Confirm Updated to 2026 Post-Funding Announcement
Score
38
Severity
Low
Finding
The lupinandholmes.com footer copyright year is not confirmed but should be updated to © 2026 if still showing 2024 or 2025. For a company that just announced a $5.9M pre-seed round 3 days ago, any stale copyright year in the footer signals that the site was not refreshed before the announcement.
Recommendation
Audit the footer and update to © 2026 Lupin & Holmes. While at it, ensure the footer includes: press contact email, privacy policy link (required for GDPR/any EU users), and the company's registered address (required for French company compliance). A professional footer is particularly important when the company's pitch to enterprise security buyers is built on trust and rigour.
Freshness
© Year in Footer — Confirm Updated to 2026 Post-Funding Announcement
Score
38
Severity
Low
Finding
The lupinandholmes.com footer copyright year is not confirmed but should be updated to © 2026 if still showing 2024 or 2025. For a company that just announced a $5.9M pre-seed round 3 days ago, any stale copyright year in the footer signals that the site was not refreshed before the announcement.
Recommendation
Audit the footer and update to © 2026 Lupin & Holmes. While at it, ensure the footer includes: press contact email, privacy policy link (required for GDPR/any EU users), and the company's registered address (required for French company compliance). A professional footer is particularly important when the company's pitch to enterprise security buyers is built on trust and rigour.
Freshness
© Year in Footer — Confirm Updated to 2026 Post-Funding Announcement
Score
38
Severity
Low
Finding
The lupinandholmes.com footer copyright year is not confirmed but should be updated to © 2026 if still showing 2024 or 2025. For a company that just announced a $5.9M pre-seed round 3 days ago, any stale copyright year in the footer signals that the site was not refreshed before the announcement.
Recommendation
Audit the footer and update to © 2026 Lupin & Holmes. While at it, ensure the footer includes: press contact email, privacy policy link (required for GDPR/any EU users), and the company's registered address (required for French company compliance). A professional footer is particularly important when the company's pitch to enterprise security buyers is built on trust and rigour.