Zero-Day Bounty Hunter IRIS C2 Linked to Convicted Felons and Conspiracy Theorists
A cybersecurity startup, **IRIS C2**, publicly offering millions for zero-day exploits, is reportedly operated by **Jack Burkman** and **Jacob Wohl**. These individuals, known for their history of far-right conspiracy theories, fake intelligence operations, and multiple felony convictions, raise significant questions about the legitimacy and ethical implications of their new venture in the sensitive realm of offensive cybersecurity.
A new player in the zero-day exploit market, **IRIS C2**, has emerged, promising millions for vulnerabilities in popular software. However, investigations reveal that the company is allegedly run by **Jack Burkman** and **Jacob Wohl**, individuals with a documented history of spreading disinformation, operating under assumed names, and multiple felony convictions.
The **IRIS C2** (@C2IRIS) X/Twitter account, established in January 2025, has rapidly gained over 4,000 followers by frequently posting about security vulnerabilities, AI, and software exploits. The company, which claims to be based in McLean, Virginia, states its business model is to "Attract the very best vulnerability researchers and exploit developers in the world." They explicitly target "junior engineers with raw talent/extremely high IQ," emphasizing a disregard for traditional qualifications like college degrees or industry experience.

The website, **irisc2[.]com**, actively recruits for various positions, claiming to acquire "zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms." Payouts are advertised to range from $10,000 to $7 million, contingent on target, reliability, and operational value.
According to the government contracting portal **g2exchange.com**, **irisc2[.]com** is operated by **Calvexa Group LLC**, a Virginia-based business. The contact link on **calvexagroup[.]com** redirects to **irisc2[.]com**. While **Calvexa Group LLC** is registered as a federal contractor, it does not appear to have any active direct government contracts.
An address listed in the incorporation records for **Calvexa Group LLC** in Arlington, Virginia, is reportedly occupied by **Jack Burkman**, the 60-year-old founder of the lobbying firm **Burkman & Associates**. When questioned about **IRIS C2**, Burkman directed inquiries to his long-time associate, 28-year-old **Jacob Wohl**.

**Burkman** and **Wohl** are notorious for their history of creating fictitious intelligence companies to disseminate false claims and frame public figures. Their past exploits include fabricated sexual assault allegations against then-FBI Director **Robert Mueller** and former presidential candidate **Pete Buttigieg**, as well as false claims against **Sen. Elizabeth Warren** (D-Mass.) and **Kamala Harris**.
Following the 2020 presidential election, **Wohl** and **Burkman** faced prosecution in multiple U.S. states for orchestrating robocall schemes aimed at voter suppression, particularly targeting the Black vote in Detroit. They were indicted on 15 felony counts in Cleveland and sentenced to probation in late 2025 after their appeals were denied. In 2022, both pleaded guilty to a felony charge of telecommunications fraud in Ohio, resulting in fines, probation, and community service. A New York civil case in March 2023 found them in violation of federal and state civil rights laws, leading to a $1 million settlement agreement. The **Federal Communications Commission** (FCC) further imposed a record-breaking $5.1 million fine against them in June 2023 for their robocall campaigns.

**Wohl's** history of legal troubles extends beyond these incidents. By age 17, he had already started multiple investment firms, earning the moniker "Wohl of Wall Street." However, in 2017, the Arizona Corporation Commission charged him and his investment funds with 14 counts of securities fraud, ordering him to pay $35,000 in restitution. In 2019, he pleaded guilty in California to four felony counts of selling unregistered securities and received two years of probation.
The market for zero-day vulnerabilities is typically a complex landscape involving researchers, academics, and ethical hackers, alongside less scrupulous actors. However, the open and brazen recruitment strategy employed by **IRIS C2** is atypical for government contractors seeking offensive security capabilities.

In an interview, **Wohl** stated that **Burkman** is not involved in the day-to-day operations of **IRIS C2**. He claimed the company initially focused on penetration testing before shifting to selling phone-hacking services to the government, though he declined to provide specific details about any federal contracts. Wohl, who admits to no formal education or training in computer science or information security, boasted about his self-taught technical prowess, stating, "I know more about tech than anyone." He claims **IRIS C2** receives unique vulnerability findings regularly, often in the form of preliminary "exploit primitives" that require further development for stability and reliability.
Wohl asserts that **IRIS C2** employs approximately 40 individuals, none of whom are permitted to list their employment on LinkedIn due to operational security concerns. The lack of transparency surrounding **IRIS C2's** operations, coupled with the extensively documented controversial past of its alleged operators, raises significant concerns within the cybersecurity community regarding its legitimacy and potential implications for the vulnerability market.