CrowdStrike is one of the world’s foremost Internet and cybersecurity companies. It has a market capitalization of $100 billion and more than 10,000 employees. It was so massive that when it pushed a botched software update to customers in 2024, it caused the largest internet outage in history, costing major U.S. companies $5.4 billion.
But what if the entire company was built on stolen intellectual property? That’s what the lawsuit in Austin’s 3rd Commercial Court is arguing.
California cybersecurity company GoSecure said CrowdStrike Holdings Inc. “has improperly used GoSecure’s trade secrets and confidential information for many years to develop its Falcon platform.” This allowed CrowdStrike to outpace competitors while passing off GoSecure’s intellectual property as its own.
Another set: Federal judge dismisses lawsuit against Austin-based CrowdStrike over 2024 global outage
CrowdStrike denied the allegations in a statement Thursday.
“GoSecure’s claims – more than a decade later – are prima facie baseless,” a spokesperson said. “We will vigorously defend the company.”
It has also denied the allegations in court filings, which also challenge GoSecure’s timeline and the Texas court’s jurisdiction.
The lawsuit was originally filed in California in 2024. GoSecure said it chose to dismiss the lawsuit because it would take too long to go to trial there. In August, the case was refiled in Texas Commercial Court, but that court has a much smaller caseload.
Among the accusations is that CrowdStrike co-founder Dmitri Alperovitch and a senior engineer he recruited collected highly sensitive engineering data from GoSecure, as well as knowledge of its source code and business plans.
“Mr. Alperovich vehemently denies this allegation,” said his attorney Thomas Crossman. “Those statements regarding Mr. Alperovich’s intentions and conduct are false. The fact that Mr. Alperovich has been personally dismissed from the lawsuit confirms this.”
He left CrowdStrike in 2020.
From 2024: CrowdStrike apologizes for estimated $5.4 billion in losses caused by $10 Uber Eats gift cards
Although he is not a defendant in the Texas version of the lawsuit, allegations that he provided information to CrowdStrike remain. Alperovitch, who was working for computer security giant McAfee at the time, joined the board of directors of GoSecure (then known as NeuralIQ/CounterTack) in November 2011, GoSecure said. He started his own rival company in February 2012 and left the board in May of that year.
At the time, GoSecure was developing an endpoint detection and response product that would perform beneath the surface of a computer’s operating system, something no one had ever successfully done. It finally worked. Over the next few years, GoSecure received numerous accolades from the cybersecurity industry.
After Alperovitch and another person who left GoSecure to join CrowdStrike assured CrowdStrike that their trade secrets would not be misused, GoSecure said it did not doubt that CrowdStrike’s Falcon platform, on which the giant company is largely built, is based on its code and knowledge.
The company said that following an outage in July 2024, independent auditors released analysis and product details that found its intellectual property was being used by CrowdStrike.
“(GoSecure) first learned that CrowdStrike’s Falcon platform was copied from GoSecure after reading it,” the lawsuit states.
The company said it stole its trade secrets and used data it spent hundreds of millions of dollars to develop to engage in unfair competition and unjust enrichment.
CrowdStrike, in turn, argued that GoSecure’s timeline was irregular, that it should have filed the lawsuit years ago and that the statute of limitations had long since passed. It argued that no trade secrets existed when Alperovitch served on the board and that GoSecure has not proven misappropriation.
CrowdStrike also expressed displeasure at being sued in Texas.
Read next: $500 million lost in five days: Delta CEO says Austin’s CrowdStrike outage costly
“California has the best interest in litigating disputes between two citizens regarding events, if any, that occurred in California,” the report said.
Although CrowdStrike announced in 2021 that it would move its headquarters to Austin, it now argues that it was really just a “satellite office” with no senior leadership and only low-level sales staff. It is said that these products and executives are from California, and the case should be heard in California.
GoSecure also said it has struggled to obtain records from CrowdStrike since the lawsuit was filed, despite court orders.
“There is a vast disparity between the products CrowdStrike was ordered to produce and the products its own statements reveal existed but were not produced,” GoSecure said.
It prompted the court to issue sanctions.
The Third Commercial Court is scheduled to hold a hearing on February 24 to determine whether the case can continue.