In an affidavit released earlier today, the spy who was allegedly stealing sensitive information from HR tech company Rippling on behalf of Deel, one of its primary competitors, made a number of shocking confessions. From reportedly coordinating directly with Deel’s CEO Alex Bouaziz, to sending images of watches to someone known only as “The Watchman” in order to initiate payments, to the CFO of Deel (Philippe Bouaziz, Alex’s father) incredibly believing that Ethereum transfers would leave “no trace.” Oops! This instance of a multi-billion-dollar B2B SaaS company (allegedly) employing a spy to serve as an underpaid, Slack-searching James Bond, however, is just the newest episode in a longer tale of ongoing tech espionage — welcome to the perennial spy season.

Corporate espionage, in recent times, has been perceptually dominated by high-profile instances of foreign infiltration into tech companies. While the epidemic of Chinese spies in Silicon Valley is now a generally accepted fact, Peter Thiel faced significant backlash as recently as 2019 for implying that Google was “thoroughly infiltrated by Chinese intelligence” and that its AI-related trade secrets were being siphoned away into the hands of Xi Jinping. This, of course, is exactly what happened. Earlier this year, former Google software engineer Linwei Ding was charged by a federal grand jury for stealing artificial-intelligence trade secrets from Google on behalf of Chinese companies. Lascivious rumors of bombshell Chinese women approaching less-than-conventionally-attractive software engineers working in AI and defense tech have abounded. Dario Amodei, the CEO of Anthropic, said this month that he believes Chinese spies may already be stealing “$100 million secrets that are a few lines of code.” The U.S. Committee on Homeland Security stated in a report from October of 2024 that “there have been over 55 CCP-related espionage cases” between February 2021 and August 2024.

While critically important, frightening, and a little bit titillating, the foreign espionage narrative has overshadowed a long line of good-old-fashioned corporation-versus-corporation schemes of intrigue. In 2019, Anthony Levandowski, former technical lead at Google’s self-driving project Waymo, was charged with 33 counts of trade secret theft after allegedly stealing thousands of files to create his startup Otto (later acquired by Uber). Also in 2019, Tesla sued four employees of self-driving startup Zoox for stealing “proprietary information and trade secrets.” (One of the employees accidentally sent a proprietary Tesla document with the Zoox logo slapped on it to an old Tesla email address). In 2022, enterprise software company Pegasystems was slapped with a $2 billion judgment after it allegedly hired a contractor to spy on Appian and collect proprietary product information (though this verdict was vacated in 2024 via appeal and the case’s relitigation remains ongoing). Mohammad Moniruzzaman, who stole proprietary source code from Valeo and brought it over to Nvidia, was convicted in September of 2023. Hilariously, Moniruzzaman was caught after accidentally screensharing the stolen code while on a video call with his old company. Valeo’s lawsuit against Nvidia is still unresolved. Additionally, the founders of startup Salient Motion were sued in 2023 by Anduril for allegedly repurposing the company’s code on behalf of their new venture.

Outside of the Rippling v. Deel situation, the preeminent recent case of corporate espionage involves San Francisco-based logistics startup Flexport, who sued two former employees in March of this year for allegedly stealing source code and thousands of confidential documents in order to start their company Freightmate AI. Flexport CEO Ryan Petersen believes that Bryan Lacaillade and Jason (Yingwei) Zhao “secretly conspired to form a competing company in stealth mode” before resigning. Flexport claims that Zhao was downloading thousands of files per day from Flexport’s code repository and making efforts to evade detection. Freightmate AI, of course, insists that any crossover files were “inadvertently retained.”

There is a common thread of pervasive coincidence and startling incompetence that weaves itself through many of these tales of corporate espionage. Prototypical imagery of slick suits, clandestine meetings, and sophisticated plot webs dissolves into a very strange and almost comical sense of bumbling and fumbling. For better or for worse, the story unfolding between Deel and Rippling seems to fit in with many of these tropes. First, there appears to have been no move to preemptively isolate responsibility: Deel’s CEO allegedly recruited and coordinated directly with the spy, as did Deel’s CFO, and a Revolut account that paid the spy was connected to the wife of Deel’s COO, Dan Westgarth. Implicate whole swaths of the executive team at baseline, why not?

Bouaziz would allegedly frequently direct the spy, now identified as former Rippling employee Keith O’Brien, to conduct particular searches in Rippling’s Slack and to visit certain channels. According to the affidavit, Bouaziz would often respond to the receipt of stolen information with messages like “this channel is beast” or “these are badass.” (Both cringe and fairly obviously culpatory). I, of course, have not forgotten about the still-anonymous “The Watchman” character who was allegedly managing the spy’s payouts alongside Bouaziz. The affidavit states that the spy would send photos of watches in order to initiate transfers, at which point Philippe Bouaziz (CFO) would reportedly chime in with startlingly transparent (and dorky) code-word usage like “send that watch to London” and “the buyer is happy.” The kicker here is that the spy was allegedly laying his life on the line here for “approximately 5,000 euros per month,” something that seems like a paltry sum when the stakes are this high and the players are multi-billion-dollar companies.

How did this all come crashing down? Rippling set up a honeypot — according to the affidavit, a few minutes after Bouaziz directed the spy to find the “d-defectors” Slack channel, Deel’s CEO messaged the spy not to conduct the search because it was a “trap.” The spy informed Bouaziz that he had already located the channel, to which Bouaziz reportedly replied with “oh shit.” The spy was brought into Rippling’s offices, apparently believing that he was there to pick up a compliance award for one of his coworkers, at which point he was accosted by lawyers and given a court order mandating the inspection of his devices. The spy went into the bathroom and did a hard reset on his phone in a futile attempt to clear traces of his participation in the scheme. The spy then got a burner phone, was advised by Deel’s lawyer to fly to Dubai (he did not), smashed his phone with an axe, and deleted his LinkedIn account.

As the legal action and salacious details continue to unfold, and the identity of “The Watchman” is eagerly awaited, companies everywhere should take note that we are (and will continue to be) in spy season. It’s a ruthless world out there, folks: China, competitors, and feckless employees are all coming to eat your lunch. If we know anything for certain, it’s that. Is your OPSEC up to the challenge, or will you be featured in our next episode of spy season? Stay tuned.

— G. B. Rango

--

Feature image — Spy