I started Kasada in 2015.
Which still feels a bit ridiculous to say, because at the time I’d basically just finished high school. In between, I spent some time at Macquarie Bank, and my job there was to look for weaknesses in systems. Try to break things, understand how they could be abused, what the failure modes were.
And honestly, it was one of the best ways possible to learn. You get past theory very quickly and into reality.
I learned the internet is fundamentally adversarial. If there’s money on the line, people will find a way to exploit whatever you’ve built.
And a lot of the tools big companies were relying on back then just weren’t going to hold up. They were designed for the threats that existed years earlier, and the problem was already moving.
So I started Kasada.
The Early Days
In the beginning, the focus was pretty straightforward.
Bots were scraping sites, buying inventory before real customers could, stuffing accounts with stolen credentials, doing all of it at a speed and scale most teams couldn’t handle with their tech stack in place.
The typical response was always to introduce more friction. CAPTCHA everything, block IPs aggressively, slow everyone down.
Which sort of works, but it also makes the experience worse for legitimate users, and that always felt like the wrong tradeoff for me.
The goal with Kasada from day one was to stop attackers without punishing real customers. Make it incredibly difficult to abuse a digital business, while keeping things frictionless for the people you actually want on the site.
The first version of Kasada was built in a shipping container under the Sydney Harbour Bridge, which sounds like a founder cliché, but it was literally true.
It was a tiny team of us trying to solve a problem we were seeing firsthand.
And we weren’t trying to just build another anti-bot tool.
We wanted to shift the economics of attack and to make it so hard and so annoying to operate that fraudsters would move on.

