The journey of a young ethical hacker gaining recognition from industry giants like Meta and WeWork, then transforming that expertise into a thriving cybersecurity enterprise—this is a story that exemplifies grit, innovation, and the power of vision. But here’s where it gets controversial: can one individual or small startup truly make a lasting impact in the vast and complex world of cybersecurity? Let’s explore how Sandeep Hodkasia, at just 29, is challenging norms and paving his way through this high-stakes industry.
In India’s bustling startup landscape—rich with stories of perseverance and ingenuity—unsung heroes emerge from often unexpected backgrounds. Sandeep Hodkasia hails from the tranquil town of Bhadra in Rajasthan’s Hanumangarh district. Growing up in a middle-class family, his early fascination with computers during school years in Rajasthan set him on a remarkable path towards ethical hacking and entrepreneurship.
His interest in white-hat hacking was sparked by his elder brother even before he had graduated from school, providing him with an edge that many did not possess at the time. By completing his grade 12 in Pilani, Rajasthan, in 2014, Sandeep was already experimenting with bug bounty programs—earning rewards for finding vulnerabilities before companies even knew they existed. This passion motivated him to pursue a degree in computer science at Jaypee University of Information Technology in Himachal Pradesh, starting in 2016.
Spotting a Gap in the Cybersecurity Market and Launching AppSecure
Shortly after beginning his engineering studies, Sandeep identified a glaring gap in India’s cybersecurity industry. At that time, most Indian firms provided services mainly focused on compliance standards—like SOC 2 or GDPR—rather than proactive security measures. Inspired by more advanced practices in the US and Europe, he founded AppSecure Security in May 2016, registering it as a startup in Singapore to access global markets.
"Back in 2016, India lacked firms offering hacker-led penetration testing beyond basic compliance checks. My vision was to create a comprehensive hub for real-world security testing—offering both compliance and genuine threat mitigation," explains Sandeep, now CEO of AppSecure.
The company specializes in Vulnerability Assessment and Penetration Testing (VAPT), red teaming, and offensive cybersecurity solutions tailored for tech companies across the globe. Think of it as providing organizations with an insider’s view of their security vulnerabilities through the eyes of ethical hackers — a vital service in today’s increasingly digital and interconnected world.
Overcoming Early Challenges
Like many startups, initial hurdles loomed large. Without significant investment, Sandeep managed multiple roles—juggling his engineering studies with sales, marketing, operations, HR, and finance. Finding skilled white-hat hackers was difficult at the time, as the expertise required—advanced penetration testing and red teaming—was rare in India.
Client acquisition was also tough, especially in a cost-conscious market with low cybersecurity awareness. But perseverance paid off: in early 2017, a tech company became AppSecure’s first client, paving the way through word-of-mouth referrals that kept costs manageable and quality high.
The COVID-19 pandemic posed new challenges, forcing Sandeep to pivot. During lockdowns, he shifted focus to international expansion, targeting the Asia-Pacific region. This strategic move saw AppSecure establishing a presence in Singapore by 2021, strengthening ties with Southeast Asian clients and notably elevating the company’s stature.
"We saw the pandemic not as a setback but as an opportunity to rethink and grow. Diversifying our clientele across APEC countries, the US, UK, and India, showcased our resilience," Sandeep shared during an exclusive interview.
Today, AppSecure has proudly served over 400 clients worldwide, including fintech giants like Groww, insurance firms like SBI General, and tech innovators such as Truecaller and MyGate. With a dedicated team of more than 20 experts, the firm acts essentially as an extension of its clients’ security teams—building long-term relationships based on trust and collaboration.
Bug Bounty Discoveries That Reshaped Ethical Hacking
Sandeep’s reputation as a top bug bounty hunter—finding critical flaws responsibly—has placed AppSecure in the spotlight. These real-world feats of security research underline his and the company’s commitment to proactive threat prevention.
Let’s look at some notable case studies that not only secured digital platforms for millions but also showcased how personal talent fuels corporate growth.
Case Study 1: Meta AI
In early 2025, Sandeep uncovered a significant vulnerability in Meta AI’s GraphQL API. His investigation revealed that unauthorized users could access private AI interactions—like prompts and images—by exploiting a flaw where server-assigned IDs were easily guessable due to weak authorization checks.
He responsibly reported the issue, prompting Meta to implement both a quick fix and a lasting solution. For this, Meta awarded him $10,000, plus an additional $12,550 for related vulnerabilities. While no malicious abuse was recorded, the incident highlighted potential privacy risks in AI tools—especially regarding sensitive or personal content.
Case Study 2: WeWork India
In July 2022, Sandeep identified a critical flaw in WeWork India’s online check-in app. By manipulating user IDs—simply incrementing or decrementing sequential IDs—he was able to access unencrypted personal data of thousands of visitors, including names, phone numbers, emails, and images.
He publicly disclosed his findings via social media and contacted media outlets like TechCrunch, which verified the vulnerability. The company responded swiftly by removing the compromised app, acknowledging that the bug had exposed basic visitor information.
This responsible disclosure not only prevented potential data breaches but also served as a wake-up call for the industry—highlighting systemic security issues within India’s tech ecosystem.
Sandeep emphasizes that his work and the platform of AppSecure are not driven by bounty rewards but by a mission to secure systems relied upon by millions. Their relentless focus on hands-on security testing allows their clients—large firms like Meta, PayPal, Google, and Microsoft—to identify and fix vulnerabilities before they can be exploited.
Services and Unique Selling Points
In a rapidly expanding cybersecurity market—projected to grow from USD 218.98 billion in 2025 to USD 562.77 billion by 2032 (a CAGR of 14.4%)—AppSecure offers differentiated solutions. Its clients value the tangible return on investment (ROI) from proactive risk detection, rather than solely relying on reactive measures.
Key offerings include:
- Pentest as a Service (PTaaS): Continuous, integrated penetration testing during development cycles, providing real-time vulnerability detection, proof-of-exploit reports, and automated compliance checks.
- Red Teaming as a Service (RTaaS): Multi-stage attack simulations—including reconnaissance, spear-phishing, lateral movements—over weeks, uncovering gaps in processes, people, and technology based on frameworks like MITRE ATT&CK.
What makes AppSecure stand out? Their promise is delivering ROI-focused, hacker-led security tests that go beyond typical scanners—saving clients money on bounty programs, ensuring compliance, and revealing vulnerabilities overlooked by automated tools.
Vision for the Future
Since inception, AppSecure has remained bootstrapped and financially sustainable, reinvesting all revenue without external funding—a rarity among startups. They are committed to organic growth, prioritizing stability and long-term impact over rapid valuation jumps.
Looking ahead, the focus is on expanding globally. Sandeep envisions making offensive cybersecurity services accessible worldwide, helping organizations safeguard their online assets and proactively defend against threats. He also hopes to extend this mission for the benefit of the general public by protecting personal data and online transactions.
Plans include opening more offices across Asia-Pacific and the US and onboarding more clients and team members globally. This expansion aims to create more meaningful employment opportunities and raise cybersecurity standards worldwide.
From the fields of Rajasthan to the tech hubs of Singapore, Sandeep exemplifies how curiosity, courage, and relentless innovation can turn a small-town dream into a global impact. But here’s a question for you—do you believe the industry is doing enough to leverage ethical hacking for better security, or is there still resistance to truly proactive defense? Feel free to share your thoughts below.
