# my doppel / approach
# for gary, by carl

I sold the perimeter at Cloudflare. The fight already moved past it.

The attack vectors that matter now (brand, executives, domains, deepfakes) do not touch the firewall, the endpoint, or the SIEM. They live in the space between the stack and the customer's trust. That space is the territory. Here is the campaign I would run against it, to make Doppel the standard for the AI-Native Social Engineering Defense Platform.

// 01 the hook

The stack I sold at Cloudflare can't see this fight.

I saw this at Cloudflare with bad actors impersonating Bank sites at scale well before AI. None of it crossed a WAF or an endpoint. A cloned site on a lookalike domain harvests a member's credentials before a single packet reaches the real bank's edge.

Today the same chain runs on deepfake voice. The whole attack lands in a 6-minute call. The perimeter holds. The attack walks through trust, not packets.

I sold the perimeter to CISOs for years, so I know exactly where it ends. This is the first thing past it I would want to carry. But a category this new is not won on the product alone. It's won on the carefully crafted outbound and getting in front of the right exec while the pain is live.

I drive outbound like PLG at Cloudflare. Use the platform's own recon to walk in already knowing what they're losing to.

So that is what I built below: the campaign I would run.

// 02 the campaign

How I would actually hunt this. Fast, recon led, inside the window.

A category this new is not won via RFP, and even less so via inbound until the problem is already too prevalent. Crisis compresses buying timelines, and the orgs that act before the crisis are the exception. Question I keep asking: how do you see the crisis before it accelerates? Trigger to watch for and be proactive to reach out within 72 hours. Strategically outbound while the pain is live.

Lead with their own fakes, not a pitch. Before the first email, I dig: platform agents + OSINT, PII leaks, breaches. Scan the prospect's brand and exec list and open with what is live against them right now: the lookalike domains, cloned exec profiles, fraudulent ads, deepfake voice samples that their current process missed. The exposure is the opener. That's the basis for deep disco on first call.
Build a trigger watchlist. Watch for the moments that spike impersonation: viral trends, exec media hits, earnings, sponsorships, platform glitches, AI product launches. Reach out inside 72 hours.
Work the warm channel. Network sell via a16z and Bessemer. Participate in a16z Exec Briefings for warm connections to the F500 CISO list. I would run a parallel warm intro motion with the Doppel leadership team against the top named accounts and treat it as a channel.
Sell with peer proof using Doppel's published numbers. 1B+ indicators analyzed daily. <10h median takedown across domains, social, and paid ads. 100% belief rate in deepfake simulations. CISO can carry them straight to the CFO. Reinforce with the customer roster: OpenAI, Coinbase, Notion, Shopify, Ramp. The orgs whose threat surfaces look the most like the prospect's.
Beat the status quo, not a logo. The competition is the manual queue and the in-house "we've got it handled." The win is convincing the exec that analyst hours and slow takedowns are the real cost. "You are paying for people to chase this by hand. The scams moved faster than a queue can clear." Lead with platform-consolidation story: an agent platform that produces outcomes. Time saved, fraud loss avoided, analyst hours recovered.

recon-scan : pre-call, illustrative

$ scan --target coinbase.com --surfaces all

scanning domains, social, ads, telco, crypto, dark web ...

> 6 lookalike domains registered in the last 30 days

> 11 impersonation accounts across TikTok, X, Telegram

> 3 fraudulent ad creatives live right now

> 1 cloned support page harvesting logins

> 2 deepfake voice samples on Telegram targeting execs

done in 38s :: signals correlated into 3 distinct campaigns

I run scans like this against my own target list before any first call. The last line, signals correlated into campaigns and not isolated alerts, is the graph-driven advantage made visible.

doppel :: 1B+ indicators / day :: <10h median takedown :: 100% deepfake belief openai :: AI brand surface :: anchor logo for AI sector :: peer ref ammunition coinbase :: crypto + impersonation :: high-value target :: fraud-loss attributable

// 03 why this works

The outbound comes straight out of how the product works.

Enable the platform to create its own opportunity. First move pointed at a prospect instead of an adversary. Doppel runs every threat through three stages, and each stage maps to a step in the sales cycle.

DETECT & GRAPH →

the opener. The stage that correlates a threat and its infrastructure across domains, social, ads, telco, dark web, and crypto is the same move I run pre-call to surface a prospect's live exposure. The findings are the reason they take the meeting. The graph is what makes it irrefutable: not one signal, but a connected campaign.

ACT →

the qualifier. Volume, surfaces, who is being targeted, and the cross-channel graph tell me whether this is real budget or a nice-to-have, and which exec owns the pain. That read shapes who I bring into the room and what the first call is about.

REDUCE RISK →

the promise. The meeting lands on outcomes, not features: network comes down at machine speed, attack chains break before they reach contact, and analyst hours collapse from days to minutes. Time-to-takedown, analyst hours recovered, and deepfake-simulation belief rate are the numbers an exec signs against.

// 04 the map

Where I'd point it first.

[01]

Financial services

Doppel's wedge industry: high-value targets, regulatory pressure, direct fraud loss attribution. Existing logos here mean peer references and reference-call ammunition. OCC's Spring 2026 report on AI threats in banking gave every FinServ AE a clean "why now" opener. Compliance pressure is doing half the qualifying work for you.

proof: Coinbase, Ramp targets: Stripe, Plaid, Brex, Mercury, Robinhood, SoFi, Affirm

[02]

Money movement and P2P

User base moves funds, so fraud converts straight to cash. Neobanks, P2P payments. Loss is quantifiable.

targets: Cash App, Venmo, Zelle, Wise, Revolut

[03]

AI labs and frontier model providers

Every AI-themed scam borrows a foundation model's logo. OpenAI is already a Doppel customer. Expand the wedge to the next tier and the model-marketplace layer.

proof: OpenAI targets: Anthropic, Mistral, Cohere, Hugging Face, Replicate, xAI

[04]

High-support consumer brands

Any company with heavy inbound support, especially over social and chat, is a target because scammers can pose as support and intercept. Fintech, telco, airlines, retail, anything with a help desk people DM.

targets: Delta, United, Verizon, Best Buy, Chewy

[05]

Consumer and retail with mass social reach

Constant promotions and giveaways get cloned at scale. High volume, repeatable, fast to land.

targets: Starbucks, McDonald's, Wendy's, Target, Sephora

// 05 why me

Category creation needs a hunter who can sell the idea, not just the product.

Someone who can sell the idea before the market has language for it. That is how I have always sold: technically, and to the buyer in front of me. I did both at Cloudflare.

The threat landscape evolved with AI. So did I. I live in the AI stack now. I build my own agents with Claude Code and Openclaw, and being AI-native multiplies pipeline. That's the problem a new category has to solve early.

I've won key deals by building trust early, finding the right champion, and staying multi-threaded across stakeholders until the deal has its own momentum.

I sell the platform, not just the wedge. DRP gets us in. HRM and Email Security are where the expansion lives. Long deals come from accounts that consume all three, not just the wedge.

I'm looking to build in my next role, and help shape the winning playbook, not inherit one. I helped build a better Internet at Cloudflare. I would like to do it again, and help make Doppel the trust layer the modern internet runs on.

Does any of this track with how the team is hunting successfully? Where am I off?

contact: carl@neowave.ai :: linkedin.com/in/carlgarcia