Security Campaign

Why this angle works: Seznam.cz is the Czech Republic's largest domestic internet company — their homepage, email service (Email.cz), news portal (Novinky.cz), and map service (Mapy.cz) are critical national infrastructure. With 6M+ daily users and high visibility, they are a prime target for nation-state actors, DDoS attacks, and data theft. In 2023-2024, Czech critical infrastructure faced increased cyber threats (NÚKIB warnings). Seznam's status as a "national champion" means their security posture isn't just a business issue — it's a national security consideration. They need enterprise-grade WAF, DDoS protection, and bot management at a scale that matches their importance.

Source: Seznam is the #1 Czech internet portal by traffic. NÚKIB (Czech cyber security agency) has issued multiple warnings about threats to critical infrastructure. Seznam operates email, maps, news, and search — all high-value targets. Their 6M+ daily user base makes them an attractive DDoS target.

Draft email:

Hi [Name],

Seznam operates critical Czech internet infrastructure — Email.cz, Novinky.cz, Mapy.cz, and your homepage serve millions of Czech users daily.

NÚKIB has warned about increasing threats to Czech critical infrastructure. As the country's largest domestic internet company, Seznam is both a high-value target and a symbol of Czech digital sovereignty.

I'm curious about your current web security stack. Companies at similar national importance (e.g., Yandex, Naver) run enterprise WAF + DDoS protection that handles nation-state-level threats. Cloudflare protects critical infrastructure globally — including government sites and major national portals.

Would you be open to a conversation about how Seznam thinks about critical infrastructure protection?

Best,
[Your name]

Why this angle works: Phrase is scaling enterprise sales aggressively after their Forrester Leader recognition. Enterprise procurement teams (like Publicis) conduct thorough security due diligence before signing $100K+ SaaS contracts. Key requirements include: WAF protection for customer-facing APIs, DDoS resilience, bot management to prevent credential stuffing, and proof of security monitoring. Phrase currently handles sensitive client data (brand content, product information, marketing copy) across their TMS, Strings, and Studio products. A security incident or even a perception of weak security could derail enterprise deals. Proactively building enterprise-grade security becomes a sales enabler.

Source: Forrester Wave Leader 2023. Publicis partnership announced 2024. Enterprise SaaS vendor security questionnaires typically require WAF, DDoS protection, and bot management. Phrase handles client localization data which is commercially sensitive.

Draft email:

Hi [Name],

Phrase's Forrester Leader status and Publicis partnership are huge milestones. As you move upmarket, enterprise procurement teams will scrutinize your security posture.

We've seen SaaS companies lose 6-month sales cycles because they couldn't answer "What's your WAF strategy?" or "How do you prevent DDoS?" in vendor security questionnaires.

Cloudflare's enterprise security stack (WAF, bot management, DDoS protection) gives SaaS vendors the audit answers they need — and actually protects their APIs from real threats. It becomes a competitive advantage: "We're protected by the same infrastructure that secures 20% of the internet."

Would you be open to a brief conversation about how Phrase thinks about enterprise security requirements?

Best,
[Your name]

Why this angle works: Make operates a public automation platform with 1,000+ app integrations and publicly documented APIs. Their platform allows users to create workflows that call external APIs — but it also exposes Make's own APIs to the internet. At "millions of workflow executions" scale, Make's API endpoints are constantly bombarded with both legitimate traffic and malicious requests. Automation platforms are particularly attractive targets for credential stuffing (attackers test stolen credentials against login APIs) and API abuse ( attackers exploiting webhook endpoints or rate limits). Because Make stores OAuth tokens for 1,000+ third-party services, a successful API breach could cascade into compromises across customers' connected apps (Slack, Salesforce, Google Workspace, etc.). Celonis's enterprise acquisition amplifies the risk — enterprise attackers specifically target integration platforms as a lateral movement vector.

Source: Make connects 1,000+ apps via public APIs and webhooks. Automation platforms store OAuth tokens for connected services, making them high-value targets. API abuse and credential stuffing are top threats for SaaS platforms. Celonis enterprise clients increase attacker interest in the platform.

Draft email:

Hi [Name],

Make's automation platform is incredibly powerful — and that power creates unique security exposure.

You store OAuth tokens for 1,000+ connected apps and expose public APIs that process millions of requests daily. Attackers increasingly target integration platforms as lateral movement vectors: breach Make, extract stored credentials, pivot into customers' Slack workspaces and Salesforce instances.

We've seen similar automation platforms face sophisticated API abuse campaigns — credential stuffing against login endpoints, webhook exploitation, and DDoS attacks designed to trigger rate-limiting failures. Enterprise clients specifically ask about API protection in vendor assessments.

Cloudflare's API security and bot management protect platforms with similar integration footprints. Worth a brief conversation about how Make thinks about API threat surface?

Best,
[Your name]

Why this angle works: Apify runs a marketplace where developers deploy web scraping "Actors" — essentially arbitrary code that runs on Apify's infrastructure to extract data from websites. This creates a fascinating security paradox: Apify's platform is designed to scrape others, but their own infrastructure is equally exposed. Their platform hosts user-generated scraping code, serves public APIs for dataset access, and stores scraped data for 25K+ customers. Malicious actors could: (1) upload scraping Actors designed to exploit Apify's own infrastructure, (2) abuse dataset APIs to exfiltrate other customers' data, (3) DDoS Apify's proxy infrastructure to degrade service, or (4) scrape Apify's own platform data. Additionally, Apify's Store (marketplace of pre-built scrapers) is a supply chain risk — a malicious Actor could compromise downstream users. As a platform running arbitrary user code, Apify needs defense-in-depth that goes far beyond standard WAF.

Source: Apify hosts user-generated scraping code (Actors) on their infrastructure. Their platform includes public dataset APIs and a marketplace (Store). Running arbitrary user code creates unique security challenges. Platform companies with marketplaces face supply chain and multi-tenant data isolation risks.

Draft email:

Hi [Name],

Apify has built something unique — a platform that lets developers deploy scraping code at scale. But that uniqueness creates unique security challenges.

You host arbitrary user code (Actors), serve public dataset APIs, and operate a marketplace of community-built scrapers. Each of these is an attack surface: malicious Actors targeting your infrastructure, API abuse attempting to access other customers' data, or marketplace supply chain risks.

Platform companies running user-generated code (GitHub, Vercel, Replit) have invested heavily in defense-in-depth: WAF for public APIs, bot management for marketplace abuse, and DDoS protection for proxy infrastructure. Cloudflare protects similar platform companies from exactly these threats.

Would you be open to a conversation about how Apify approaches platform security for a scraping marketplace?

Best,
[Your name]

Why this angle works: Recombee serves 1 billion+ recommendation API requests daily. Their API is public, fast, and returns structured data — making it an ideal target for systematic scraping, API abuse, and DDoS attacks. Competitors or malicious actors could scrape recommendation data to reverse-engineer Recombee's algorithms or steal their customers' product catalogs. At 1B requests/day, distinguishing legitimate traffic from abuse is extremely difficult without sophisticated bot management. Additionally, Recombee's customers (e-commerce sites, content platforms) rely on their API being available 24/7 — a DDoS attack that degrades recommendation delivery directly impacts customer revenue. Recombee's pricing is often based on request volume, meaning API abuse doesn't just cause operational pain — it directly inflates infrastructure costs and erodes margins.

Source: Recombee publicly states 1B+ daily API requests. Public APIs returning structured data are prime targets for scraping and abuse. API abuse directly impacts infrastructure costs for usage-based platforms. DDoS attacks on recommendation APIs cause direct customer revenue impact.

Draft email:

Hi [Name],

Recombee's scale is remarkable — 1B+ recommendation API requests daily. But that visibility creates exposure.

Your API is public, fast, and returns structured product data — exactly what scrapers and competitors want. At billion-request scale, distinguishing legitimate traffic from abuse is nearly impossible without bot management. And because your pricing is request-based, every bot request directly costs you money.

Recommendation API companies like Pinterest and Etsy have faced sophisticated scraping campaigns designed to steal product graph data. Bot management that analyzes behavioral signals (not just rate limits) is the difference between profitable API delivery and margin erosion.

Would you be open to a conversation about how Recombee approaches API abuse protection at scale?

Best,
[Your name]

Why this angle works: Threatmark sells fraud prevention and threat detection to banks and financial institutions. Their clients trust them to protect against sophisticated attacks. But Threatmark's own web infrastructure — customer portals, API endpoints, and demo environments — faces the same threats they help clients defend against. This is the ultimate "physician, heal thyself" angle. If a fraud prevention company's own APIs are vulnerable to SQL injection or bot abuse, it undermines their credibility. They need enterprise WAF and API protection to maintain trust with banking clients who expect their vendors to practice what they preach.

Source: Threatmark provides fraud detection to major Czech and Slovak banks (ČSOB, Komerční banka, Slovenská sporiteľňa). Their clients are regulated financial institutions with strict vendor security requirements. Banking regulators (ČNB, NBS) require third-party vendors to demonstrate robust security.

Draft email:

Hi [Name],

Threatmark protects some of the largest banks in CZ/SK from fraud. Your clients trust you to detect threats they can't see.

Here's an uncomfortable question: who protects Threatmark's customer portals and APIs from the same injection attacks, bot abuse, and API scraping that you help banks prevent?

I've seen security companies lose enterprise deals because a prospect ran a basic WAF scan on their demo environment and found vulnerabilities. Banking regulators (ČNB, NBS) now require third-party vendors to demonstrate enterprise-grade web security.

Cloudflare protects security companies like CrowdStrike and Palo Alto Networks. Would you be open to a conversation about how Threatmark ensures its own infrastructure matches the standards it sells?

Best,
[Your name]

Why this angle works: Resistant AI provides document fraud detection and identity verification to banks and financial institutions across Europe. Their AI models analyze passports, ID cards, driver's licenses, and utility bills to detect forgeries — handling the most sensitive personal data imaginable. Their clients include major Czech and Slovak banks that are themselves regulated by ČNB and NBS. Banking regulators require third-party vendors to demonstrate not just data security, but infrastructure security — WAF protection for customer-facing portals, DDoS resilience, and API security for document upload endpoints. If Resistant AI's document upload API were compromised, attackers could inject malicious files, exfiltrate processed documents, or poison the AI training data. For a fraud prevention company, a security breach would be existential — it would destroy the trust that their entire business is built upon. Their clients perform regular security audits, and any weakness in web security becomes a deal-breaker.

Source: Resistant AI serves major CZ/SK banks with document fraud detection. Their platform processes passports, IDs, and sensitive documents. Banking regulators (ČNB, NBS) require strict vendor security. AI training data poisoning is an emerging threat for ML-based security companies.

Draft email:

Hi [Name],

Resistant AI's document fraud detection is impressive — and your banking clients depend on it to catch sophisticated forgeries.

Here's what keeps me up at night on your behalf: you process passports, ID cards, and sensitive identity documents through public APIs. Banking regulators require your infrastructure to be as secure as the banks themselves. A compromised upload endpoint or DDoS attack that disrupts your API could damage both your clients' operations and your reputation.

Cloudflare protects security companies including CrowdStrike and Palo Alto Networks. Would you be open to a conversation about how Resistant AI ensures its infrastructure meets the standards its banking clients require?

Best,
[Your name]

Why this angle works: Smartsupp provides live chat and chatbot services to 60,000+ e-commerce stores, embedding directly into checkout flows and product pages. Their chat widget is a JavaScript snippet loaded on thousands of websites — making it a potential supply chain attack vector if compromised. Additionally, Smartsupp's chat APIs are public and handle real-time messaging. Attackers frequently target live chat platforms for: (1) chatbot manipulation — injecting malicious links into automated responses, (2) DDoS during peak shopping periods to disrupt customer service, (3) credential stuffing against agent login portals, and (4) data exfiltration through chat transcripts. During Black Friday and holiday shopping seasons, chat volumes spike 5-10x — exactly when DDoS attacks are most damaging. E-commerce clients depend on chat for conversions; downtime directly costs revenue. Smartsupp's clients include stores handling payment data, raising the stakes for any security incident.

Source: Smartsupp serves 60,000+ e-commerce businesses with live chat and chatbots. Chat widgets are embedded in checkout flows. Live chat platforms face unique threats: bot manipulation, DDoS during peak seasons, and credential stuffing. E-commerce chat is critical for conversion — downtime during peak periods is extremely costly.

Draft email:

Hi [Name],

Smartsupp powers live chat for 60,000+ e-commerce stores — that's a huge responsibility, especially during peak shopping seasons.

I'm thinking about your unique threat profile. Your chat widget loads on checkout pages across thousands of domains. Your APIs handle real-time messaging. During Black Friday, chat volumes spike 10x — and attackers know this is when disruption hurts most.

Live chat platforms face specific threats: chatbot manipulation, DDoS during peaks, and credential stuffing against agent portals. Companies like Intercom and Zendesk have invested heavily in WAF and bot management specifically for these attack patterns.

Would you be open to a conversation about how Smartsupp approaches chat platform security during peak e-commerce periods?

Best,
[Your name]

Why this angle works: Glami is a fashion search engine indexing millions of products from 1,000+ e-shops across 20+ European markets. Their entire business depends on accurate, real-time product data — prices, availability, images, and descriptions. Competitors and price comparison engines constantly scrape Glami's data to monitor pricing trends and redirect traffic. Bot networks systematically crawl Glami's search results to build competing databases. This scraping isn't just a nuisance — it directly impacts Glami's competitive position (their data is their product) and inflates infrastructure costs (bots consume the same resources as real users). Additionally, Glami's affiliate relationships depend on accurate attribution — bots that fake clicks steal commission revenue. During sales seasons, competitors deploy aggressive scraping to undercut prices in real-time. Without sophisticated bot management that distinguishes legitimate users from automated scrapers, Glami leaks valuable data and revenue to competitors.

Source: Glami indexes millions of products from 1,000+ e-shops. Fashion aggregators face persistent scraping from competitors and price monitors. Affiliate attribution fraud costs the industry billions annually. Sales season scraping is particularly aggressive in fashion e-commerce.

Draft email:

Hi [Name],

Glami's fashion search index is a valuable asset — millions of products, prices, and availability data from 1,000+ shops across Europe.

I'm thinking about your competitive exposure. Price comparison engines and competitor aggregators scrape fashion search results constantly to monitor trends and redirect traffic. During sales seasons, this scraping becomes aggressive — competitors undercut prices in real-time using your data.

Beyond data theft, bots inflate your infrastructure costs and commit affiliate fraud by faking clicks. Fashion aggregators like Lyst have invested in bot management that uses behavioral analysis to block scrapers while preserving legitimate user access.

Would you be open to a conversation about how Glami protects its product data from competitive scraping?

Best,
[Your name]

Why this angle works: Bonami operates a curated home decor marketplace across CZ, SK, PL, and RO, running high-profile seasonal campaigns (Black Friday, spring refresh, holiday sales) that drive 5-10x traffic spikes. These peak periods are when DDoS attacks and bot fraud are most damaging — attackers know that disrupting a flash sale or inventory drop costs maximum revenue and customer trust. Home decor e-commerce faces specific bot threats: (1) inventory hoarding — bots add limited items to cart and abandon, blocking real customers, (2) payment fraud — stolen cards tested during high-volume periods when fraud detection is strained, (3) DDoS during peak sales to drive customers to competitors, and (4) content scraping — stealing product descriptions and lifestyle images. Bonami's visual-first shopping experience (large lifestyle images, room inspiration) means page load times directly impact conversion. A DDoS attack or bot surge that degrades performance during a campaign is catastrophic for ROI.

Source: Bonami runs seasonal campaigns with 5-10x traffic spikes across CZ/SK/PL/RO. E-commerce flash sales are prime DDoS targets. Inventory hoarding bots are a growing problem in home goods. Payment fraud increases during high-volume sales periods. Page load time directly impacts conversion in visual e-commerce.

Draft email:

Hi [Name],

Bonami's seasonal campaigns are visually stunning — but they're also high-risk periods for attacks.

Home decor e-commerce faces specific threats during peak sales: inventory hoarding bots that block real customers, payment fraud tested during high-volume periods, and DDoS attacks designed to disrupt your flash sales when revenue matters most.

Companies like West Elm and MADE.com have invested in bot management and DDoS protection specifically for seasonal campaign protection. The result: flash sales run smoothly, bots are blocked before they reach checkout, and page load times stay fast even under attack.

Would you be open to a conversation about how Bonami secures its seasonal campaigns?

Best,
[Your name]

Why this angle works: Slevomat operates a daily deals marketplace where limited-quantity offers sell out in minutes. This creates perfect conditions for bot abuse: automated scripts that monitor deals, bypass purchase limits, and hoard vouchers for resale. Deal sniping bots harm Slevomat's business in multiple ways: (1) real customers can't buy popular deals, leading to complaints and churn, (2) merchants see deals "sell out" to bots instead of genuine customers, damaging partner relationships, (3) voucher resale on secondary markets hurts Slevomat's brand, and (4) bots create artificial scarcity that distorts inventory planning. Additionally, Slevomat's email-driven model means their email infrastructure is a target for list bombing and subscription abuse. During peak deal events, DDoS attacks can disrupt the time-sensitive purchase flow. The daily deals model depends on trust — if customers believe bots are winning, they stop engaging.

Source: Slevomat operates daily deals with limited quantities across CZ/SK/PL. Deal platforms face persistent bot abuse: sniping, hoarding, and resale. Daily deals depend on customer trust in fair access. Email-driven marketing is vulnerable to list bombing and subscription abuse.

Draft email:

Hi [Name],

Slevomat's daily deals create urgency — but that urgency also attracts bots.

Limited-quantity deals are prime targets for automated sniping, hoarding, and voucher resale. When bots buy up restaurant deals and spa packages in seconds, real customers are locked out and merchants see their offers wasted.

Deal platforms like Groupon and LivingSocial have invested in bot management that distinguishes real buyers from automated scripts — using behavioral signals, device fingerprinting, and checkout pattern analysis. This preserves fair access while blocking abuse.

Would you be open to a conversation about how Slevomat ensures fair access to limited deals?

Best,
[Your name]

Why this angle works: Allegro is the largest CEE marketplace with 14M+ buyers and 135K+ sellers. Their platform faces unique security threats that pure e-commerce doesn't: seller fraud, fake listing abuse, review manipulation, and API exploitation. Malicious sellers create fake accounts to list counterfeit goods, manipulate search rankings, or scam buyers. Competitors scrape seller pricing and inventory via APIs to undercut listings. Bots create fake reviews to boost product rankings. During major sales events, DDoS attacks target Allegro's seller APIs to disrupt inventory updates and order processing. The Mall Group acquisition added complexity — integrating multiple marketplace platforms with different security postures. Allegro's scale means even small fraud rates translate to massive absolute numbers: 0.1% fraud at 135K sellers = 135 fraudulent sellers causing real customer harm. Their API handles millions of seller requests daily for inventory, pricing, and order management — each a potential attack vector.

Source: Allegro operates largest CEE marketplace (14M+ buyers, 135K+ sellers). Marketplaces face unique fraud: fake listings, review manipulation, seller scams. API abuse for competitive intelligence is common. Mall Group acquisition created multi-platform security complexity.

Draft email:

Hi [Name],

Allegro's marketplace scale is unmatched in CEE — but that scale attracts sophisticated abuse.

Marketplaces face threats that pure e-commerce doesn't: fake listings, review manipulation, seller account takeover, and API scraping for competitive intelligence. At 135K sellers, even small fraud percentages create real customer harm.

Global marketplaces like eBay and Etsy have invested in multi-layered security: bot management for fake account creation, WAF rules for API abuse, and DDoS protection for seller infrastructure. The key is distinguishing legitimate seller activity from abuse without adding friction to honest sellers.

Would you be open to a conversation about how Allegro approaches marketplace fraud and API security?

Best,
[Your name]

Why this angle works: Windy.com serves 50M+ users with weather visualization data through public APIs and map tile services. Their weather API is massively exposed — it serves GRIB data, model outputs, and map tiles to anyone who requests them. This makes Windy a prime target for: (1) API scraping — competitors or researchers systematically harvesting weather data, (2) DDoS attacks during severe weather events when usage spikes 3-5x and infrastructure is already strained, (3) tile server abuse — bots downloading massive amounts of map data for offline use or resale, and (4) injection attacks against weather model APIs. Severe weather events (hurricanes, winter storms) are when Windy is most valuable to users — and when DDoS attacks are most damaging. Emergency services, aviation, and maritime users depend on Windy during crises; downtime isn't just inconvenient, it's dangerous. Additionally, Windy's API is embedded in third-party apps and websites, expanding the attack surface beyond Windy's own domain.

Source: Windy.com reports 50M+ users and serves weather data via public APIs and map tiles. Weather platforms see 3-5x usage spikes during severe weather. Emergency services and aviation depend on weather data availability. API scraping for weather data is common in agriculture, insurance, and logistics sectors.

Draft email:

Hi Ivo,

Windy has become essential infrastructure for sailors, pilots, and emergency services — especially during severe weather.

That essential status makes you a target. Your public weather APIs and map tiles are massively exposed. During hurricanes and winter storms, when usage spikes 3-5x and first responders need you most, DDoS attacks are most damaging.

Weather platforms face unique threats: API scraping for commercial resale, tile server abuse, and DDoS timed to coincide with peak demand. Companies serving critical weather data have moved to edge-based DDoS protection that absorbs attacks without origin impact — keeping data flowing when it matters most.

Would you be open to a conversation about how Windy protects its weather infrastructure during critical events?

Best,
[Your name]

Why this angle works: Smartlook records user sessions for 200,000+ websites and apps — capturing behavioral data that is among the most sensitive in analytics. While Smartlook masks sensitive inputs, the platform still handles massive amounts of user behavioral data, personal identifiers, and screen content. Smartlook's JavaScript tracking snippet is embedded across 200K+ domains, making it a potential supply chain attack vector. If Smartlook's CDN or script delivery were compromised, attackers could inject malicious code into thousands of websites simultaneously — similar to the Magecart attacks that targeted payment forms through compromised third-party scripts. Additionally, Smartlook faces API abuse risks: attackers could attempt to access session data through compromised API keys or scrape aggregated analytics. Their enterprise clients in regulated industries (healthcare, finance, e-commerce) require their analytics vendors to maintain strict security postures and provide evidence of web application protection.

Source: Smartlook serves 200K+ websites with session replay tracking. Third-party script compromises (Magecart-style attacks) have targeted analytics providers. Session replay data is classified as personal data under GDPR. Enterprise clients require vendor security assessments including WAF and DDoS protection evidence.

Draft email:

Hi [Name],

Smartlook provides incredible behavioral insights — but that visibility creates unique security exposure.

200,000 websites embed your JavaScript snippet. If your script delivery infrastructure were compromised, the blast radius would be enormous — similar to Magecart attacks that targeted analytics and payment scripts across thousands of domains.

Additionally, your APIs hold session data for millions of users. Enterprise clients in regulated industries now require proof of WAF protection, DDoS resilience, and API security in vendor assessments. Analytics platforms are increasingly targeted because they provide a pathway into thousands of downstream websites.

Would you be open to a conversation about how Smartlook protects its script delivery and API infrastructure?

Best,
[Your name]