Our Story
Spice Labs was founded in June 2024 with a clear mission: to create the definitive system of record for cloud and data center deployments. We recognized a critical gap for cybersecurity engineers and incident responders – the urgent need to quickly and accurately identify what code is running and has been deployed across their entire organizational estate. Our goal is to provide unparalleled visibility, empowering these crucial teams with the immediate intelligence they need to maintain robust security postures and respond effectively to incidents.
Our Vision
Spice Labs provides cybersecurity engineers and incident responders with a mathematically accurate view of their organization's cloud and data center environments. We help you visualize and manage daily changes in cluster vulnerabilities, accelerate compliance reporting, and quickly respond to incidents. For major events like Log4Shell, Spice Labs can give you the list of vulnerable packages, where they were deployed, and when- in minutes- and enables burn-down charts for remediation, allowing your team to focus on resolving issues rather than research.
Technology
Spice Labs’ technology is based upon a cutting-edge approach endorsed by the federal Cybersecurity and Infrastructure Security Agency (CISA) – artifact dependency graphs – and follows the leading specification in the ADG space, OmniBOR. OmniBOR was created in 2021 by a group of security engineers from Cisco and Microsoft with the goal of developing a standard schema for generating unique and unambiguous identifiers for software artifacts and their dependencies.
How it Works

Artifact Dependency Graph Technology
Spice Labs has mapped 25 million open-source software artifacts resulting in a graph of more than 2.5 billion nodes – currently Java, Ubuntu, and Debian- and computed a unique cryptographic hash identifier following the OmniBOR schema for generating a software “bill of receipts.”

Cybersecurity engineers can deploy Spice Labs’ tools to map their organization’s software assets by generating an artifact dependency graph (ADG). The ADG combined with deploy events describing where and when a software asset was deployed allows Cybersecurity professionals to have a “General Ledger” or system of record for what was run where and when.
Spice Labs is the first security product leveraging the CISA-endorsed ADG solution. We are the cryptographic system of record of what you have in your environment and its provenance – both at present and anytime in the past.
The Spice Labs Difference
-
Cryptographic composition & provenance
-
Provable & irrefutable
-
Identify what your current security tools miss
-
Time travel- know what was running, when, and where, at any point in the past

Meet the Team
We bring together our unique industry backgrounds, experience in building and scaling tech startups, and our mutual passion for helping companies secure their digital fences, defend against ransomware, prevent data breaches, and maintain business continuity.

David "DPP" Pollak
Co-founder, CEO & CTO
_edited.jpg)
Jennifer Kenyon
Co-founder, COO

Aria Stewart
Engineer

Brendan McAdams
Forever in our hearts ♡

Dani Pletter
Product Manager

David Churbuck
Public Relations

James (JT) Perry
Chief Customer Officer

Jim Holland
Engineering Manager

Jim Langevin
Advisor

Kat Fey
Engineer

Manjula-Jayne Kumar
Engineer

Mathew Lodge
Advisor
