If your LinkedIn feed isn’t already lighting up with takes on the Deel vs. Rippling case, you’re missing the juiciest HR tech scandal since the start of remote work. What began as a dry trade secrets lawsuit has exploded into a billion-dollar corporate standoff, with allegations of honeypots, crypto payments, and executive DMs.
At the centre? Two of the world’s most valuable HR tech unicorns: Deel (valued at $12B) and Rippling ($16.8B). Their courtroom slugfest has peeled back the polished veneer of SaaS to reveal a paranoid, high-stakes arms race where every Slack message could be evidence and every employee a potential mole.
The “sleeper agent” that sparked the fire
The drama burst in March 2025 when Rippling sued Deel, claiming it uncovered a secret intel operation inside its walls. The alleged double agent? Keith O’Brien is a payroll compliance manager based in Rippling’s Dublin office.
According to the suit, O’Brien spent four months conducting over 6,000 unauthorised searches across Slack, Salesforce, and Google Drive. His target: anything containing the word “Deel.” He accessed 728 sales prospects and 26 live deal negotiations on one particularly active day.
The kicker? Rippling says he was being paid €5,000 a month by Deel, with some payments routed through crypto wallets. Things escalated when Rippling’s security team created a fake Slack channel called #d-defectors and referenced it in legal correspondence with Deel. O’Brien allegedly took the bait and searched for it, triggering red flags.
When confronted by authorities, he reportedly locked himself in a bathroom, tried to wipe his phone, and told security: “I’m willing to take that risk.”
Deel’s counterstrike: “You spied on us, too”
Just weeks later, Deel hit back — hard. In a countersuit, it accused Rippling of running its six-month infiltration campaign.
The alleged scheme involved a Rippling employee posing as a fake customer and logging into Deel’s onboarding platform under a fabricated company name. Deel claims this “phantom client” accessed sensitive pricing data, contracts, and onboarding flows across more than 30 countries. The intelligence was allegedly funnelled back to Rippling HQ to accelerate their global payroll rollout.
Their legal team didn’t hold back, branding the tactics “snake oil marketing meets cyber subterfuge.” Deel also moved the legal fight to Ireland, where corporate liability laws are more lenient than California’s — a strategic move analysts say could save them millions.
Tactics and fallout
The details of the case read like a cybersecurity playbook:
- Honeypots: Rippling’s fake Slack channel was straight out of a counterintelligence manual.
- Impersonation-as-a-Service: Deel claims Rippling’s mole bypassed zero-trust protocols, a tactic more common in state-sponsored hacks than HR sales teams.
- Executive DMs: O’Brien’s affidavit details how he connected with CEO Alex Bouaziz via LinkedIn after being rejected for a Deel job. The €5,000/month “consulting” gig followed soon after.
Rippling later made the curious move to pay O’Brien’s legal fees, fueling Deel’s accusations of witness tampering. Meanwhile, the PR game escalated. Rippling launched a public hotline urging companies to report Deel’s “suspicious behaviour.” Deel retaliated by subpoenaing Rippling board members, including high-profile VC Anish Acharya of Andreessen Horowitz.
The corporate carnage is already spreading. Investors are scrambling to audit portfolio companies for potential espionage exposure. VC firms like Sequoia are adding competitive intelligence reviews to their due diligence process. Clients demand segregated data environments and advanced behavioural analytics to detect insider threats. The FTC has opened a preliminary inquiry into how HR tech firms handle customer data, with possible new guidelines looming.
The unanswered questions
- Boardroom strings: Rippling alleges that Deel CFO Philippe Bouaziz (Alex’s father) orchestrated the spying operation, but key evidence remains under seal.
- Revenue race: Deel claims $1.1B in annual revenue and profitability. Rippling reports $900M ARR. Both want the global payroll crown.
- Social surge and LinkedIn panic: One founder wrote, “If this is the new normal, every SaaS board needs a counterintelligence committee.”
What began as competitive intelligence has now crossed the grey zone of corporate spying. Insiders are manipulating zero-trust architectures designed to protect customers. The lawsuits are far from over. But one thing’s clear: this is about who’s watching, who’s vulnerable, and what gets rewritten in the playbook when SaaS becomes a spy gam
