‘Recently we expanded so that MSPs can automatically remove the same phishing email across all of their customers. That means if one customer gets hit, everybody else benefits automatically,’ says Cooper Edmunds, CEO of Petra Security.
Cooper Edmunds said sophisticated cyberattacks no longer look like they did just two years ago.
“2024 attacks looked like attacks,” Edmunds, CEO of San Francisco-based Petra Security, told CRN. “They were noisy. They came from bad IP addresses. The location was wrong. They’d come from Russia, or a VPN or a data center, and it was obvious from how the attacker gained access that something was wrong. In 2026, attackers don’t look like attackers anymore. They look like real users.”
That shift is the core mission behind Petra, the fast-growing MSP-focused cybersecurity startup built around detecting sophisticated account takeovers inside Microsoft 365 environments. Rather than relying heavily on suspicious IP addresses, Petra focuses on user behavior and intent.
“We’re going to keep iterating on that to remain extremely fast and reliable for our partners,” Edmunds said. “That’s what Petra exists to do.”
[Related: How MSPs Need To Prepare For AI-Accelerated Cyberattacks: Experts]
Founded in 2024, Petra set out to solve identity compromise for enterprise customers. But after conversations with MSPs, Edmunds realized the problem was a major pain point in the channel.
“The FBI’s [IC3 2025 Internet Crime Report] recently reported that there was $3 billion lost to business email compromise [BEC} alone. That’s vastly larger than ransomware losses,” the CEO said. “So if you’re an MSP and there’s one thing you absolutely need to be world-class at, it’s detecting BEC. That’s why we focused there.”
When sampling Petra’s tools, Antwine Jackson said his team was “blown away” by their ability to detect threats in Microsoft environments with accuracy and minimal noise.
“A lot of these platforms out there have a lot of noise,” Jackson, founder and president of Raleigh, N.C.-based Enitech, told CRN. “They kick off these alerts, and you have to determine how real it is or how actionable it is. One of the things I found very intriguing about their solution is when it’s kicking off something that is a threat, it’s like high confidence that it’s actually a threat, which eliminates all this noise.”
He also praised the startup’s young founders, calling the company “definitely a rising star in the space.”
“This group is very young, very hungry and very innovative in so many ways,” he said. “These guys are smart, they’re for real and it’s primarily because of the technology they’re bringing to the table.”
Petra protects more than 1.5 million users across the U.S., Canada, Australia and the U.K. With mid-seven figures in revenue today, Edmunds said Petra has a 12-month goal to grow that number by five times, and to decrease BEC response times.
“If we stop something in three minutes today, we want to know how we stop it in two and a half minutes tomorrow,” he said. “That’s our North Star.”
CRN spoke further with Edmunds about business email attacks, competition and how the company is not only going deeper, but wider, to stop sophisticated attacks.
Why did you start Petra? Take me back to 2024. What specific gap were you trying to solve?
Identity attacks and account takeovers had become 90 percent of compromises, and they were getting way more sophisticated while the defenses just weren’t keeping up. The stories kept getting worse. Attackers would get access to an account, stay stealthy longer and companies wouldn’t realize anything was wrong until there was reputational damage, financial fraud or data loss.
Originally, we were focused on enterprises. But while we were doing that, I had a call with a friend who owns an MSP in San Diego. Honestly, at that point, I barely even knew what an MSP was. But he described the exact same problem except across his entire client base. He said they were seeing literally 10 times more compromises than the enterprise customers we were working with.
That completely changed our perspective. I asked him what he was using to solve it, and it was the same story … the tools hadn’t evolved enough to keep up with how attackers had changed. So we made the decision to focus 100 percent on solving this for MSPs. Then I went to an MSP conference because I thought, ‘OK, maybe this one MSP just happens to have this problem.’ But after talking to a bunch of MSPs, it became obvious this wasn’t isolated. Everyone was dealing with it.
Why focus so heavily on Microsoft 365 and identity-based attacks?
Because that’s where the attackers are making money. They are an economy too … they want return on investment. The easiest way for them to turn effort into money is compromising a legitimate business email account. If someone gets access to your email account, they can send emails that look completely legitimate. Someone receives an invoice request from you and thinks, ‘Oh, that’s normal.’ Next thing you know, they’ve paid the attacker.
The FBI’s [IC3 2025 Internet Crime Report] recently reported that there was $3 billion lost to business email compromise alone. That’s vastly larger than ransomware losses. So if you’re an MSP and there’s one thing you absolutely need to be world-class at, it’s detecting BEC. That’s why we focused there.
What’s the biggest challenge partners are telling you they face today?
Convincing clients this is a real problem. MSPs see the scale because they protect 100 businesses at once. But each individual customer only sees their own environment, so they often think, ‘I already bought email security. Why do I need identity threat detection too?’
That’s where our Scan product comes in. An MSP can install it in about a minute, even without full Microsoft tenant access, and within 24 hours they get a report showing six months of compromise activity. What’s powerful is that clients almost always learn something they didn’t know. Sometimes they knew about an incident but didn’t realize how extensive it was. Other times, they had no idea at all. That changes the sales conversation immediately because the MSP walks in as the cybersecurity expert showing evidence nobody else surfaced.
MSPs constantly struggle with alert fatigue. How are you reducing noise while improving detection?
The hard part is detecting compromises without drowning people in false positives. That means you have to look beyond how they appear and focus on intent. What are they actually doing inside the mailbox, SharePoint, Teams and Microsoft 365? That’s where AI becomes really important for us. We use it to understand behavior patterns and context.
The easiest analogy is antivirus versus EDR [endpoint detection and response]. Antivirus asked, ‘Does this file look malicious?’ EDR asks, ‘What is this process trying to do?’ That’s the shift cybersecurity has needed in identity protection over the last two years.
Petra also ships updates constantly. Why move that fast?
We release features basically every Friday. The reason is simple: MSP feedback directly shapes the road map. Every week we send partners updates on what shipped, and the response rate is crazy. They tell us what’s helping, what they’re struggling with and what they want next. That creates this really tight feedback loop.
One example is when Petra detects a compromise, we identify the phishing email that caused it and remove it from inboxes. Recently we expanded so that MSPs can automatically remove the same phishing email across all of their customers. That means if one customer gets hit, everybody else benefits automatically. For MSPs, that’s huge because now they can proactively protect clients using threat intelligence generated from their broader customer base.
How do you differentiate from your competitors in the space?
Where we differ is in the sophistication of the attacks we focus on.
Traditional ITDR [identity threat detection and response] products are still very good at catching what I’d call ‘2024-era attacks’—things coming from suspicious IP addresses or obviously malicious infrastructure.
But attackers adapted. Modern attacks often look completely legitimate at the login layer. They use residential proxies, local IPs, normal browsers … everything looks clean. So instead of focusing primarily on indicators, we focus on intent and context across long periods of activity. That’s where AI really matters. For us, we’re looking at the story being told across months of behavior, not just isolated events.
So what’s your biggest focus over the next 12 months?
Stopping sophisticated attacks faster. If we stop something in three minutes today, we want to know how we stop it in two and a half minutes tomorrow. That’s our North Star.
Everything else—reporting, automation, workflows, AI classifiers—it all exists to make business email compromise easier for MSPs to handle operationally. Because at the end of the day, 90 percent of cybersecurity incidents are BEC. If MSPs can master that problem, they win.
