INDEX / DIRECTORY / NINJA / V-DIG

Ninja V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-19
V-DIG Score 0.96 /10 E Ninja — BDS-1000 102
V-DIG 0.96

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

V-DIG Audit: NinjaOne

Audit Phase: V-DIG Domain Audit Target Entity: NinjaOne (legal name: NinjaRMM, LLC d/b/a NinjaOne) Headquarters: Austin, Texas, USA Entity Type: Private SaaS company (IT management / Remote Monitoring & Management) Audit Date: May 2026

Enterprise Technology Stack & Vendor Relationships

SentinelOne (Founded Israel; HQ San Jose, CA)

NinjaOne and SentinelOne announced a formal integration partnership in 2023 12. The integration is described as “bi-directional”: NinjaOne technicians can deploy SentinelOne agents to managed endpoints from within the NinjaOne dashboard, view security alerts, and initiate remediation actions without leaving the NinjaOne interface 13. A joint solution brief is publicly available on SentinelOne’s asset library confirming telemetry flows between the two platforms 3. NinjaOne covered the partnership announcement via its press channels 1, and trade press reported on it simultaneously 2.

The partnership positions SentinelOne as NinjaOne’s preferred endpoint security offering across its MSP channel. Community forum evidence from Reddit r/msp (2024) indicates NinjaOne has offered bundled SentinelOne licensing on terms that some users characterised as preferential compared to other distributors, with at least one thread discussing NinjaOne imposing a minimum spending commitment for SentinelOne licensing 4. This is community-reported and has not been independently confirmed via official procurement documentation. The practical effect, however, is that when NinjaOne MSP partners enable this integration, SentinelOne is positioned at the endpoint security layer for all managed client devices.

SentinelOne was founded in Israel and retains R&D operations there, though it is headquartered in the United States. The founders’ Israeli military and intelligence backgrounds are widely cited in industry profiles; their specific unit affiliations are frequently referenced in industry press but are not uniformly confirmed in official company filings.

The SentinelOne “Singularity Data Lake” — referenced in SentinelOne’s joint materials with Check Point as an endpoint for parsed firewall and endpoint telemetry data 5 — is the same data infrastructure that receives telemetry from NinjaOne-managed endpoints via the NinjaOne–SentinelOne integration 3. This creates a chain in which endpoint data from NinjaOne’s managed device estate flows into SentinelOne’s cloud-hosted data lake.

Check Point Software Technologies (Founded and HQ Israel)

A SentinelOne–Check Point joint solution brief (2024) describes integration between Check Point firewall/network products and SentinelOne’s endpoint platform, with firewall data parsed into the Singularity Data Lake 5. A direct, standalone NinjaOne–Check Point integration independent of the SentinelOne intermediary relationship was not confirmed from a primary NinjaOne-origin document in available materials. The prior analytical report asserts such an integration exists, but this could not be independently corroborated from an NinjaOne primary source. Confidence: SentinelOne–Check Point integration confirmed 5; direct NinjaOne–Check Point integration as a standalone relationship: not independently verified.

Wiz (Founded Israel; HQ New York, NY)

A job posting for “Vulnerability & Cloud Security Manager” at NinjaOne (2024–2025) explicitly listed administration of “vulnerability management and CSPM platforms” with Wiz cited as a named tool 67. This constitutes evidence that Wiz is or was used internally at NinjaOne to secure its own cloud infrastructure. This is internal use, not a customer-facing product or bundled offering. Wiz’s founding team previously led Microsoft’s Israel R&D Center following Microsoft’s acquisition of their prior company, Adallom. The scope of Wiz’s internal deployment at NinjaOne is not publicly quantified beyond this single job posting 67.

CyberArk (Founded Israel; HQ Newton, MA)

A SentinelOne–CyberArk joint solution brief confirms that SentinelOne and CyberArk integrate with each other 8. Whether NinjaOne has a direct integration with CyberArk as a standalone relationship, distinct from the SentinelOne ecosystem, is not confirmed by a primary NinjaOne source in available materials. Confidence: SentinelOne–CyberArk integration confirmed 8; direct NinjaOne–CyberArk integration: unverified from primary NinjaOne source.

Armis (Founded Israel; HQ San Francisco, CA)

Armis maintains a public integrations and adapters page listing supported platforms 9. A prior analytical report asserts NinjaOne integrates with Armis for IoT asset discovery; this is plausible given both platforms operate in the endpoint and asset management space, but a specific NinjaOne–Armis integration is not confirmed from a primary NinjaOne or Armis source in available materials. Confidence: Unverified from primary sources.

Non-Israeli Vendor Relationships

NinjaOne’s subprocessors list 10 and Trust Center documentation identify data processing and infrastructure relationships consistent with standard SaaS operations. The cloud infrastructure is hosted on AWS and GCP 11. NinjaOne’s investors include ICONIQ Growth, Summit Partners, and CapitalG (Google’s independent growth equity fund) 1213. NinjaOne is listed on the NASDAQ Private Market 14 and has been covered in growth equity market analyses 1516. Its most significant documented acquisition is Dropsuite, an Australian cloud backup provider, announced and progressed through regulatory approval in 2025 171819.

Procurement & Integrator Relationships

No public evidence identified of specific systems integrators, digital transformation consultancies, or IT outsourcing partners engaged by NinjaOne for major technology programmes that have mandated Israeli-origin technology. NinjaOne operates a channel-first MSP model. Trade press coverage confirms NinjaOne is active in the MSP channel market 20 and is recognised as a leading patch management platform 21. NinjaOne participated as a sponsor at Black Hat Europe 2025 22, reflecting its positioning in the enterprise security ecosystem.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometrics

No public evidence identified that NinjaOne procures or deploys facial recognition, biometric identification, behavioural analytics, or gait analysis technologies from Israeli-origin vendors (including Trigo, BriefCam, AnyVision/Oosto, Trax, or comparable firms). NinjaOne is an IT management and RMM platform and does not operate physical retail environments. Source classes checked: NinjaOne product documentation, press releases, trade press, NGO databases.

Predictive Analytics & Workforce Monitoring

No public evidence identified of NinjaOne using Israeli-origin predictive policing, sentiment analysis, social media monitoring, or workforce surveillance tools. NinjaOne’s blog documentation confirms its platform can enforce role-based application stacks on managed client devices 23, which is a standard IT policy management function and not a surveillance capability in the relevant sense.

Third-Party Deployment Pathways

A prior analytical report constructed a hypothetical scenario in which NinjaOne, as an RMM platform, could be used to manage servers running Israeli retail analytics software. This is a logical inference based on NinjaOne’s generic platform capabilities and does not constitute a documented specific deployment. No public evidence identified of Israeli-origin retail surveillance technologies reaching NinjaOne customers indirectly via NinjaOne’s platform or bundled product suites. Source classes checked: NinjaOne integration marketplace documentation, trade press.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Cloud Hosting & Infrastructure

NinjaOne’s Trust Center explicitly identifies AWS and GCP as its cloud infrastructure providers for its SaaS platform and backup services 11. Data residency options documented in NinjaOne’s Trust Center include the United States and Germany 1011; no Israeli data residency region is listed in available NinjaOne materials.

IP Presence in Israel

Netify.ai’s network intelligence data reports IP addresses associated with NinjaOne’s services as located in Tel Aviv, Israel 24. Netify identifies these as consistent with CDN or edge-compute nodes, which is technically consistent with AWS CloudFront or comparable CDN infrastructure operated by the cloud provider and allocated to Israeli geographic endpoints — not NinjaOne-owned data centre infrastructure. The prior analytical report identifies 31 such IPs 24. Whether these represent NinjaOne-owned or cloud-provider CDN nodes is not definitively established from available sources; the CDN node interpretation is technically more probable given NinjaOne’s documented reliance on AWS and GCP rather than owned infrastructure. Confidence: IP presence in Tel Aviv reported by Netify 24; characterisation as owned vs. CDN infrastructure not definitively confirmed.

Project Nimbus

Project Nimbus is the Israeli government cloud contract awarded to Google Cloud and AWS in 2021. NinjaOne hosts its platform on both AWS and GCP 11. NinjaOne is not a party to, named participant in, or documented sub-contractor within Project Nimbus. No public evidence was identified that NinjaOne’s use of AWS and GCP results in its workloads running on Project Nimbus-designated infrastructure. The relationship between NinjaOne and Project Nimbus is a multi-hop inferential extrapolation (NinjaOne customer of AWS/GCP → AWS/GCP contractor to Israeli government), not a documented contractual relationship. Source classes checked: Israeli government procurement public summaries, Google Cloud and AWS Project Nimbus announcements, NinjaOne press materials.

FedRAMP & GovRAMP Authorisations

NinjaOne achieved FedRAMP Moderate Authorization in 2024 25 and GovRAMP Moderate Authorization in 2024 26. These authorisations allow NinjaOne to provide services to US federal and state/local government agencies. The FedRAMP/GovRAMP authorization boundary documents (specifying whether third-party integrations such as SentinelOne fall inside or outside the authorized boundary) were not reviewed in available materials; this is an identified evidence gap. NinjaOne’s achievement of FedRAMP/GovRAMP indicates its platform is in active use or available for use in US government IT environments.

Sovereign Cloud & Israeli State Participation

No public evidence identified that NinjaOne markets or contracts services specifically to ensure digital sovereignty, data residency, or infrastructure resilience for Israeli state institutions or military bodies. Source classes checked: NinjaOne Trust Center, press releases, Israeli government procurement public summaries.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence identified of contracts, partnerships, or service agreements between NinjaOne and the Israeli Ministry of Defence, Israel Defence Forces (IDF), Israeli intelligence agencies (Mossad, Shin Bet, Unit 8200/SIGINT National Unit), or other Israeli state security bodies. Source classes checked: NinjaOne press releases, Israeli MoD procurement public summaries, trade press, Israeli defence technology directories.

Dual-Use Technology Provision

No public evidence identified of NinjaOne’s platform being documented by researchers or official sources as deployed for military, intelligence, or law enforcement surveillance applications within Israel or occupied territories. The generic cybersecurity risk that RMM platforms can be abused as command-and-control infrastructure — a risk applicable to all RMM vendors — has been noted in industry literature, but this is not documented as a specific NinjaOne–Israel deployment scenario in any available source. Source classes checked: academic cybersecurity literature, NGO reports, Israeli press.

Offensive Cyber & Weapons Technology

No public evidence identified. NinjaOne is an IT management and RMM vendor with no documented development, sale, or licensing of offensive cyber capabilities, zero-day tools, or digital weapons systems. NinjaOne does not appear on the US Bureau of Industry and Security (BIS) Entity List in available training-data knowledge. Source classes checked: export control databases, cybersecurity industry press, US BIS Entity List, OFAC SDN List.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to State Bodies

No public evidence identified of NinjaOne providing AI, ML, computer vision, or autonomous decision-support systems to Israeli state, military, or security bodies. Source classes checked: NinjaOne product announcements, Israeli government AI procurement public summaries, trade press.

AI Product Capabilities

NinjaOne’s platform incorporates AI-assisted IT management features consistent with the broader RMM/endpoint management industry trend. No NinjaOne AI capability has been documented as purpose-built for population monitoring, predictive policing, or automated targeting applications. Source classes checked: NinjaOne product documentation, press releases.

Training Data & Model Development

No public evidence identified of NinjaOne’s AI or automation models being trained on civilian population data, intercepted communications, or surveillance-derived datasets from Israel or occupied territories. Source classes checked: NinjaOne AI product documentation, academic literature.

Autonomous Systems & Lethality

No public evidence identified. NinjaOne’s product set has no documented application in lethal autonomous weapons systems, drone targeting, or military automation. Source classes checked: same as above.

Technology Ecosystem & R&D Footprint

Corporate Presence & Office Locations

NinjaOne’s publicly documented office locations include Austin, TX (headquarters), Baton Rouge, LA, and international offices in Europe and Australia, the latter referenced in the Dropsuite scheme booklet filed with ASIC and the ASX in 2025 1718. No Israeli office, R&D centre, engineering hub, innovation lab, or accelerator participation is listed in any available NinjaOne corporate communication. Source classes checked: NinjaOne website, Crunchbase, Dropsuite scheme booklet 1718, trade press.

Acquisitions & Investments

NinjaOne’s most significant publicly documented acquisition is Dropsuite (ASX: DSE), an Australian cloud backup and archiving company 171819. The Dropsuite scheme booklet was registered with ASIC and filed with the ASX in April 2025 1718, and the deal was characterised by Fintech Global as the largest global RegTech deal of Q1 2025 19. No Israeli-origin technology company acquisition is identified in available public records. Source classes checked: Crunchbase, NinjaOne press releases, trade press, ASX filings.

NinjaOne closed a $500 million funding round in 2025, achieving a $5 billion valuation, led by ICONIQ Growth with participation from CapitalG (Google’s independent growth equity fund) 12. The round was described by Crunchbase as roughly doubling NinjaOne’s prior valuation 1227. Rothschild & Co’s Growth Equity Update (Edition 36, 2025) references the round 15. GrowthCap named relevant investors among top software investors of 2024 13. No Israeli state-linked investment fund or Israeli venture capital firm is identified as a direct investor in NinjaOne in available public records. Source classes checked: Crunchbase, NinjaOne press releases, NASDAQ Private Market 14.

Founder & Leadership Profile

NinjaOne was founded by Sal Sferlazza and is described in trade and investor press as a founder-led company 2829. Sferlazza’s background and NinjaOne’s leadership team are documented on the company’s leadership page 28 and in a Frontlines.io podcast interview (2025) 29. No Israeli co-founders, Israeli institutional co-founders, or leadership figures with documented connections to Israeli intelligence or defence institutions are identified in available materials.

Patent & IP

No public evidence identified of significant patent portfolios, licensing agreements, or co-development arrangements between NinjaOne and Israeli-domiciled entities or Israeli research institutions. NinjaOne’s known USPTO filings relate to IT management software and do not document Israeli co-inventors or Israeli institutional co-assignees in available training-data knowledge. Source classes checked: USPTO public patent database (training-data knowledge), NinjaOne press materials.

Industry Ecosystem Positioning

NinjaOne is consistently ranked among the leading platforms in the patch management and RMM categories 21 and has been profiled in enterprise tech startup watchlists 16. It participates in industry events such as Black Hat Europe 22 and is active in the MSP channel ecosystem 20.

Civil Society Scrutiny & Regulatory History

NGO & Academic Reports

No public evidence identified of NGO investigations, academic studies, or UN reports specifically addressing NinjaOne’s technology relationships with the Israeli state or operations in occupied territories. NinjaOne is not identified in any known BDS-movement target list, Who Profits database entry, or Amnesty Tech/Access Now report in available training-data knowledge. Source classes checked: Who Profits database (training-data knowledge), Amnesty International Tech reports, Access Now publications, UN Special Rapporteur reports on digital rights and occupation.

Boycott & Divestment Campaigns

No public evidence identified of organised boycott, divestment, or sanctions campaigns specifically targeting NinjaOne related to Israel/Palestine technology provision. Source classes checked: BDS Movement official website (training-data knowledge), Palestinian Campaign for Academic and Cultural Boycott, trade press.

Regulatory & Legal Actions

No public evidence identified of regulatory inquiries, legal challenges, export control actions, or sanctions-related investigations involving NinjaOne’s technology sales or services to Israeli state entities. NinjaOne does not appear on the US BIS Entity List, US OFAC SDN List, or EU sanctions registers in available training-data knowledge. Source classes checked: US BIS Entity List, US OFAC SDN List, EU sanctions registers, Israeli press.

FedRAMP/GovRAMP Authorisation Boundary

NinjaOne’s FedRAMP Moderate 25 and GovRAMP Moderate 26 authorisations are confirmed. These authorisations subject NinjaOne to ongoing US federal compliance and audit obligations, including continuous monitoring requirements. No regulatory adverse findings against NinjaOne in connection with these programmes are identified in available materials.

Peripheral Entities

The following entities share the “Ninja” brand but are legally and operationally distinct from NinjaOne. They are assessed briefly for completeness.

Ninja Van (Singapore-based logistics)

Ninja Van is a Singapore-founded last-mile logistics company. It uses Google Cloud Platform for its logistics operations, documented in a Google Cloud case study 30. A prior analytical report claimed that Ninja Van’s “operational system emerged from an Israeli startup called Shookit” 31; the cited source is a Supply & Demand Chain Executive article drawing on a Global Market Insights market research aggregator report. Ninja Van’s own corporate communications publicly attribute its founding to a team of Singaporean entrepreneurs in 2014, with no reference to Shookit as a foundational technology source. No Ninja Van press release, investor announcement, or co-founder statement in available materials confirms a foundational technology relationship with Shookit. This claim is treated as unverified and requiring primary source confirmation before use. Ninja Van is also listed as a delivery partner in Asendia Oceania’s partner documentation 32; Asendia is a Swiss-French postal logistics company, and this is a standard cross-border logistics partnership with no Israeli technology dimension identified. No evidence was identified confirming a specific Ninja Van–Israel Post partnership beyond what might exist in routine international postal exchange agreements.

SharkNinja (Consumer Products; NYSE: SN)

SharkNinja was named among Fast Company’s world’s 50 most innovative companies for 2025; a Jerusalem Post article reporting this fact noted that Sarig is the official importer and distributor of SharkNinja products in Israel 33. This is a standard commercial import distribution arrangement. No evidence identified of SharkNinja having Israeli-origin technology dependencies in its product development, R&D infrastructure, or enterprise software stack beyond standard commercial vendor relationships. Source classes checked: SharkNinja SEC 10-K filings (training-data knowledge), press releases, trade press.

End Notes

Footnotes

  1. https://www.ninjaone.com/press/ninjaone-and-sentinelone-launch-joint-integration-to-enhance-risk-mitigation-and-it-security/ 2 3

  2. https://www.channele2e.com/news/ninjaone-and-sentinelone-announce-partnership 2

  3. https://assets.sentinelone.com/singularity-marketplace-briefs/ninjaone-joint-sb-en 2 3

  4. https://www.reddit.com/r/msp/comments/1exrvx6/ninja_forcing_us_to_pay_20000_for_sentinelone/

  5. https://assets.sentinelone.com/singularity-marketplace-briefs/checkpoint-joint-sb-en 2 3

  6. https://jobright.ai/jobs/info/695a50179f1b381eb272ef1c 2

  7. https://jobs.jobvite.com/ninjaone/job/o6mYYfwI/ 2

  8. https://assets.sentinelone.com/singularity-marketplace-briefs/sentinelone-cyberark-sb 2

  9. https://www.armis.com/integrations-adapters/

  10. https://trustpage.ninjaone.com/subprocessors/ 2

  11. https://trustpage.ninjaone.com/saas-backup/ 2 3 4

  12. https://news.crunchbase.com/cybersecurity/ninjaone-valuation-doubles-iconiq-capitalg/ 2 3

  13. https://growthcapadvisory.com/growthcaps-top-software-investors-of-2024/ 2

  14. https://www.nasdaqprivatemarket.com/company/ninjaone/ 2

  15. https://www.rothschildandco.com/siteassets/publications/rothschildandco/global_advisory/2025/growth_equity_update/03/en_ga_growth_equity_update_edition_36.pdf 2

  16. https://www.121sv.com/insights-from-silicon-valley/10-enterprise-tech-startups-to-watch-innovations-in-spend-management-it-ops-and-cybersecurity 2

  17. https://www.listcorp.com/asx/dse/dropsuite-limited/news/scheme-booklet-registered-with-asic-3172702.html 2 3 4 5

  18. https://announcements.asx.com.au/asxpdf/20250402/pdf/06h8yqg5k4585w.pdf 2 3 4 5

  19. https://fintech.global/2025/04/04/texas-based-ninjaone-secured-the-biggest-global-regtech-deal-for-the-first-quarter-of-2025/ 2 3

  20. https://www.channele2e.com/news/channel-brief-upstack-atera-ninjaone-manageengine 2

  21. https://www.g2.com/categories/patch-management 2

  22. https://blackhat.com/eu-25/event-sponsors.html 2

  23. https://www.ninjaone.com/blog/how-to-enforce-role-based-app-stacks/

  24. https://www.netify.ai/resources/applications/ninjaone 2 3

  25. https://www.ninjaone.com/blog/fedramp-moderate-authorization-ninjaone/ 2

  26. https://www.ninjaone.com/blog/govramp-moderate-authorization-ninjaone/ 2

  27. https://news.crunchbase.com/cybersecurity/venture-funding-up-q1-2025-wiz-ninjaone/

  28. https://www.ninjaone.com/leadership/ 2

  29. https://www.frontlines.io/podcasts/sal-sferlazza/ 2

  30. https://cloud.google.com/customers/ninja-van

  31. https://www.sdcexec.com/transportation/news/21117577/global-market-insights-inc-investments-in-startups-and-supportive-governments-to-transform-the-last-mile-delivery-scenario

  32. https://www.asendiaoceania.com/strategic-partners/delivery-partners

  33. https://www.jpost.com/consumerism/article-848886