Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup known as IRIS C2 is actively soliciting vulnerability research by offering payouts of up to $7 million for zero-day exploits, despite being operated by individuals with a documented history of fraud and criminal convictions. Public records and government contracting databases identify the company as an affiliate of Calvexa Group LLC, an entity linked to Jack Burkman and Jacob Wohl. The pair has previously been prosecuted for orchestrating large-scale disinformation campaigns and fraudulent schemes, including telecommunications fraud and the creation of fake intelligence firms.

The company, which maintains a presence on X (formerly Twitter) under the handle @C2IRIS, claims to be based in McLean, Virginia. According to its public-facing website, irisc2[.]com, the firm seeks to acquire “zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms.” The platform’s recruitment strategy specifically targets “junior engineers with raw talent” while explicitly stating that neither academic degrees nor traditional industry experience are required for applicants.

Corporate Structure and Regulatory Background

Government contracting records from g2exchange.com indicate that irisc2[.]com is operated by Calvexa Group LLC. While this entity is registered as a federal contractor, there is no public evidence that it has secured or is currently performing any direct government contracts. The contact information provided for Calvexa Group redirects users to the IRIS C2 domain, effectively linking the two business operations.

Incorporation records for Calvexa Group LLC list an address in Arlington, Virginia, that is occupied by Jack Burkman, a lobbyist and the founder of Burkman & Associates. When questioned regarding the operations of IRIS C2, Burkman directed all inquiries to Jacob Wohl. Wohl, 28, has been a frequent collaborator with Burkman on various ventures that have drawn significant legal scrutiny from state and federal regulators.

The duo’s history includes a 2023 settlement in a New York civil case where a judge ruled they had violated federal and state civil rights laws, resulting in a $1 million judgment against them. Additionally, in June 2023, the Federal Communications Commission (FCC) imposed a $5.1 million fine against Wohl and Burkman for their involvement in a robocall campaign, marking one of the largest fines ever pursued by the agency under the Telephone Consumer Protection Act.

History of Legal Challenges and Fraud Allegations

The professional history of Wohl and Burkman is marked by multiple criminal convictions. In 2022, both men pleaded guilty to a felony charge of telecommunications fraud in Ohio, receiving sentences that included probation and fines. These charges stemmed from a coordinated effort to disseminate false information regarding mail-in ballots during the 2020 election cycle. Furthermore, they were indicted in Cleveland on 15 felony counts related to an alleged scheme to suppress voter turnout in Detroit, for which they were sentenced to probation in late 2025.

History of Legal Challenges and Fraud Allegations

Wohl’s legal issues extend back to his early career in finance. In 2017, the Arizona Corporation Commission charged his investment funds with 14 counts of securities fraud, ordering him to pay $35,000 in restitution. By 2019, Wohl had pleaded guilty in California to four felony counts related to the sale of unregistered securities, for which he received a two-year probation sentence.

Beyond legal proceedings, the pair has been linked to the creation of “fake intelligence” companies. In September 2024, reports from Politico detailed how the two operated a defunct firm called LobbyMatic under the pseudonyms “Jay Klein” and “Bill Sanders.” The company claimed to leverage artificial intelligence for political lobbying, but internal operations were characterized by deception, leading some employees to resign upon discovering the true identities of the founders.

Operations and Industry Reception

In an interview regarding the current status of IRIS C2, Wohl stated that he lacks formal training in computer science or cybersecurity, describing his expertise as “self-taught.” He claimed that the firm employs approximately 40 people, though he noted that staff are prohibited from listing their employment on professional networking sites like LinkedIn due to “operational security reasons.”

Operations and Industry Reception

The cybersecurity industry has historically included a wide range of actors, from independent researchers to commercial vendors. However, the open, aggressive solicitation of zero-day vulnerabilities by a firm with this background is considered highly unusual. While legitimate government contractors frequently recruit researchers to secure exclusive rights to exploits, the practice at IRIS C2 contrasts with the circumspect nature typical of the defense contracting sector.

Recent reports have further complicated the firm’s profile. As noted in a March 31 publication by journalist Molly White, Burkman and Wohl were reportedly paid a $300,000 retainer by an individual wanted by international authorities for the alleged theft of $65 million from cryptocurrency platforms KyberSwap and Indexed Finance. The payment was reportedly for services intended to secure a presidential pardon for the accused hacker.

As of July 2025, there have been no further public announcements regarding the status of the company’s federal contracting pursuits or potential new legal developments. Interested parties and industry observers continue to monitor public filings for updates on the activities of Calvexa Group LLC and its associated ventures.

Leave a Comment