Why we dropped "Security" from our name

If you found this post through a redirect from borgsecurity.io, borgresearch.io, or watchdog.app, this is the right place. All of those are now Borg, and this is the story of how we got here.

It started as a side project

A little over two years ago, a few of us were doing bug bounties in web3 projects on the side. We'd find vulnerabilities, submit them through the designated channels, and collect the rewards. What surprised us wasn't just how well it paid, but how responsive and collaborative these teams were. For most of us, this was something we genuinely looked forward to doing after clocking out of our regular jobs.

Then something unexpected happened. A major web3 gaming platform, one of the biggest by daily active users, had been pentested multiple times on a scheduled basis and had maintained a public bug bounty program for years. We found things others had missed. They asked if we'd be available for something more long-term.

That question changed the trajectory for all of us. If a project of that scale, with that level of existing security coverage, still had gaps we could find, maybe this could be more than a hobby.

The living room era

Summer 2024. Five of us, me, Alexander, Theodor, Jonas and Herman, were working, living and eating out of Alexander's living room. Most of us had been working together on smaller and bigger projects through high school and the years that followed, but we all knew this was something different. Something more serious.

We had incorporated Borg Research as the parent entity, and under it we ran Borg Security: the team that jumped into your webapp with no prior knowledge of your codebase and found the vulnerabilities that earlier pentesting teams had missed. That reputation is what put us on the map.

The thesis

Borg Security was founded to secure the gap between web2 and web3. A huge number of web3 platforms aren't fully decentralized. They operate with smart contracts, tokens and wallets, but they still depend on web2 infrastructure underneath. That opens the door to classic web vulnerabilities: XSS, IDOR, broken access controls, the full list.

The difference is what happens when those vulnerabilities get exploited. An XSS on a traditional web app is bad. An XSS on a platform where users have connected crypto wallets can mean stolen funds with no way to recover them. The decentralized layer that makes web3 powerful also makes it unforgiving. We called these "web2.5" platforms, and securing them required people who understood both worlds.

That thesis held up. The work kept coming.

Getting serious

In August 2024, we got our own office. We were actually renting in the same building where me, Theodor and Alexander had rented a space back in high school, but this time we got a proper setup. At the time it felt enormous for how few of us there were.

We painted the walls, put up Borg signs (the very same logo you see on borghq.io today; it's actually older than most people think), and things accelerated. New people joined. More work came in. We were delivering what's now known as Borg's Embedded Research Service, long-term offensive security partnerships where we operate as an extension of the client's team.

Things moved so fast that by May 2025, barely nine months later, we had to move offices again. We got lucky and stayed in the same building, just closer to the river, with a much bigger space all to ourselves. We're sitting in that office right now, and we're already starting to outgrow it.

Watchdog and the path to Odin

While Borg Security was growing, we had another project running under Borg Research: Watchdog.

Watchdog came from a pattern we kept hearing from clients, both in Norway and internationally. Teams didn't really know what assets they had exposed. Subdomains, related domains, IP ranges, open ports. The basics that every assessment should start with, but that most teams had no continuous visibility into.

We decided to build our own framework from the ground up to identify these things with precision, and it worked. But we quickly realized the real opportunity was in combining what Watchdog could do with the offensive expertise we'd built through manual work. Automated discovery feeding into real attack capabilities, not just a list of assets but an understanding of what's actually exploitable.

January 2, 2026

I think it was literally the first day back in the office after New Year's. We made the call: everything is now Borg. Not Borg Security. Not Borg Research. Not Watchdog. Just Borg.

The reasoning was simple. We'd outgrown every name we'd given ourselves. "Borg Security" described a pentest team. We were building a platform. "Watchdog" described a monitoring tool. We were building something that discovers, attacks, reports, and retests. None of the old names fit what we were becoming.

Shortly after, the Odin concept came together. Odin is the platform that brings everything under one roof: the discovery capabilities from Watchdog, the offensive depth from Borg Security, and new layers of automation, integration and continuous testing on top. Four verticals: Discover, Attack, Report & Confirm, Mitigate & Retest. One platform.

What Borg is now

We still secure the gap between web2 and web3. That hasn't changed. But we've grown well beyond it. Today we work with companies in fintech, AI, infrastructure and high-traffic consumer apps. The common thread isn't the industry. It's teams that ship fast, operate at scale, and need security that keeps pace with their development.

The entire idea behind Borg is that security should be automated and embedded into developer workflows, not something that lives in reports in a drawer, managed once a year by someone three levels removed from the codebase. With the pace code ships today, annual pentests are a losing game. You can't catch up.

Odin and everything we're building at Borg exists to close that gap. And there's a lot more coming, both in depth and in breadth.

If you're here from an old link

borgsecurity.io, borgresearch.io, and watchdog.app all redirect here. The work we did under those names is the foundation of what Borg is today. If you worked with us under any of those names, you already know what we're about. Now you know where to find us.

Welcome to Borg. We're just getting started.