How to Find Companies in Stealth Mode Before They Launch

The hardest prospecting question in B2B is not "how do I find more companies that match my ICP" but "how do I find a company that has chosen, deliberately, not to exist yet?" Stealth-mode startups are the inverse of the static-database ICP - no website, no Crunchbase row, no LinkedIn page, no press, sometimes no name. ZoomInfo and Apollo can't filter for them because there is nothing to filter on. By the time the company shows up in a prospecting tool's index, the founder has already been pitched by 200 vendors who got there through other means.

The other means are the leaks. Stealth-mode companies are stealth in their marketing, not in their plumbing - and the plumbing leaks in four places that any open-web search can pick up. The ranked-by-recency list, in roughly the order signals appear: certificate transparency logs, LinkedIn bio changes, indexed-but-unlinked Notion or Linear pages, and finally SEC Form D filings for the rounds.

Certificate transparency is the earliest tell. Every TLS cert issued by a public CA - Let's Encrypt and the rest all log mandatorily since 2018 - lands in a public log within hours. crt.sh indexes the logs, and a wildcard search on a guessed domain root, a founder's last name, or a sector keyword returns every staging subdomain, app subdomain, and internal hostname a stealth team has stood up. A company with `app.companyname.com`, `staging.companyname.com`, and `auth.companyname.com` in CT logs but no public homepage is a stealth team that started building infrastructure six to eight weeks before they're ready to announce.

LinkedIn is the second leak, and it's almost embarrassingly direct. Founders self-tag with "Stealth Startup," "Stealth," "Stealth AI Startup," "Founder, undisclosed," "Building something new," "Exploring something new," or "Working on a new project" - the bio strings are a small finite set. The "Stealth Startup" community page alone collects over a million self-tagged founders. A LinkedIn search for an ex-Stripe principal engineer who left in March and now lists "Stealth, Founder & CEO" with no employer URL is a near-deterministic founder-proof-of-life signal. Pair the bio change with a recent location move (a known YC city, say) and you have a high-confidence pre-launch lead.

The third leak is the indexed orphan. Notion, Linear, Vercel preview URLs, GitHub README files, and Figma share links all get indexed by Google long before the company links to any of them publicly. A `site:notion.so "company-name"` query, or a `site:vercel.app` search for a founder's last name, often surfaces an internal roadmap, a pitch-deck mirror, or a half-finished landing page weeks before launch. Founders forget that "share with anyone with the link" and "we don't link to it from anywhere" are not the same as "Google won't crawl it."

The last leak is the regulated one. Form D filings under Regulation D are required within 15 days of the first sale of securities, and they're public on EDGAR's full-text search. The fields that matter for outreach: issuer name and address, total offering amount, exemption claimed, and Item 3, the "related persons" list, which requires every executive officer, director, and promoter (within the last five years) to be named with full name and address. A stealth fintech that filed a Form D for $8M last week with three named officers and a Wilmington address has just told you who to email. The Form D is the trailing signal of the four - the cert went into CT logs first, the LinkedIn bio flipped second, the Notion page got indexed third, and the Form D shows up in week three or four. But it's the most authoritative, and it's the only one that comes with a dollar number attached.

Drake Dukes, who runs Stealth Startup Spy on top of the Gravity tracking platform, frames the underlying mechanic this way:

Stealth Startup Spy is a data-driven newsletter for investors, journalists and tech enthusiasts interested in uncovering the next big move for key talent, real-time stealth company launches and technology advancements not in plain sight. We leverage the technology built at Gravity to shine a light on the hidden world of stealth startups.

The quiet detail in the Stealth Startup Spy methodology is that what makes the newsletter is roughly 1% of what the underlying tracker picks up - the volume of detectable stealth activity is much higher than what's worth surfacing as news. For a sales team, that ratio inverts: you're not looking for the one stealth company worth a Substack post, you're looking for the fifty that match your ICP, and the long tail is exactly where the prospecting opportunity sits.

The reason this category of prospecting falls between the cracks of every static B2B tool is structural. ZoomInfo, Apollo, and the rest are catalog products - someone, somewhere, has to enter a company before you can filter for it. Stealth-mode companies refuse to be catalogued; that's the whole definition. The only way to find them is to read the open web at the moment it leaks them - CT logs, LinkedIn diffs, EDGAR full-text, Google's index of orphaned shareable URLs. We think about this a lot because Leadex runs exactly this kind of open-web composition: a chat brief like "find pre-launch AI infra startups in NYC, founders ex-Anthropic or ex-OpenAI, with crt.sh activity in the last 90 days and a Form D under $5M," with the research plan previewed before the agent touches any source. The honest caveat, though - and the one any vendor in this space should make explicit: Leadex still depends on the public web reflecting the company somewhere. A genuinely pure-stealth company with no Form D (bootstrapped, or family money), no public infrastructure (still on localhost), and no LinkedIn changes (everyone NDA'd, lying about employer) is invisible to Leadex too. That's not a tool limitation, it's a physics limitation - if a company has produced literally zero public signal, no search engine can find it.

Worth pushing back on the whole exercise, though, because most stealth-mode outreach is too early. A company that hasn't launched usually doesn't have a problem you can solve yet - they have a roadmap, two engineers, and a deck. Pitching them an SDR tool, a CRM, or a customer-success platform when they don't have customers is a wasted email and a slightly damaged reputation. The exception is dev tooling, observability, infrastructure, security, and anything else a stealth team needs to build with - those purchases happen pre-launch, before product-market fit, when the team is shopping vendors during the architecture phase. For most other categories, the right play with a stealth signal isn't outreach now but a watch-list - the company gets a tag, the founder gets a follow on LinkedIn, and the first email goes out fourteen days after public launch, when there's a budget, a website to reference, and a real problem.

If the watch-list approach sounds like it should connect to other prospecting work, it does - the same open-web composition applies to newly funded startups before competitors, to VC portfolio mapping, and to YC startups by batch and stage. Stealth is just the early end of the same continuum: stealth this month, Form D next month, portfolio-page update the month after, TechCrunch piece in six. The teams that win the meeting are the ones reading the leak, not the ones waiting for the press release.