Leviathan Security Group is a cybersecurity consulting firm founded in 2006 and headquartered in Seattle, Washington. The company provides professional security services to large enterprises, helping organizations improve their security posture across products, services, and platforms. The firm employs a team of security consultants distributed across the United States and internationally. Its consultants are active in the broader security community, contributing to open source security software, speaking at industry conferences, publishing security research, and participating in security standards bodies and review boards. Leviathan's service offerings are centered on in-depth security assessments and consulting engagements rather than checkbox compliance exercises. The company includes a Vendor Security Assessment (VSA) practice, which focuses on evaluating third-party vendor security risks for clients. Notable research contributions include the discovery of the "TunnelVision" vulnerability (CVE-2024-3661), a DHCP-based attack technique that can expose traffic from nearly all VPN applications by manipulating routing via rogue DHCP servers. This research received wide coverage from outlets including Wired, Ars Technica, Krebs on Security, Bleeping Computer, and others. The company was acquired by K2 Integrity, a risk and compliance advisory firm, as noted in their press coverage. Leviathan's work spans areas including application security, network security, and vendor risk management, serving some of the world's largest organizations.