SIA New Member Profile: Hexlox

By Kara Klein, Associate Director of Marketing and Media Relations, Security Industry Association on June 11, 2026 |
SIA Member Profile: Hexlox Marcus Tonndorf, CEO and founder, Hexlox

New Security Industry Association (SIA) member Hexlox offers a patented coded locking insert system that fits directly into existing hex bolts to secure components of telecommunications infrastructure, data centers, enclosures, gates, public infrastructure and security systems. The company is headquartered in Berlin, Germany, with customers and client partners across more than 50 countries, and is actively building its presence in the U.S. security market and engaging directly with integrators, infrastructure operators and security professionals across North America.

SIA spoke with Marcus Tonndorf, CEO and founder of Hexlox, about the company, the security industry and working with SIA.

Tell us the story of your company.

Marcus Tonndorf: We started Hexlox in Berlin in 2016 after noticing something that seemed almost too simple to be a real problem: critical infrastructure all over the world—telecom enclosures, data center racks, gates, public installations—is held together by standard hex bolts that anyone with a cheap Allen/hex tool can open in seconds.

We first proved the concept in the bicycle industry, where component theft costs consumers and fleet operators millions every year. We developed a patented insert-and-key system that drops directly into existing hex bolts, converting standard hardware into coded security fasteners—no redesign, no new infrastructure, no disruption to service workflows. It worked. We sold into more than 50 countries.

Then we started hearing from telecom operators, data center managers and infrastructure companies asking the same question: Can this work for us? It can, and it does. Today Hexlox operates across mobility, telecom, critical infrastructure and physical security—and the U.S. market is our next major focus.

What solutions does your business offer, and what makes you unique?

MT: Hexlox makes one thing: a patented anti-tampering insert that converts any standard hex bolt into a coded security fastener. Installation takes seconds. No tools, no drilling, no infrastructure changes. Removal requires a code mechanical key—one that works with extreme tolerances.

We work across telecom enclosures, data center racks, gates, bollards, public infrastructure, mobility systems and equipment housings. The same product family secures a bike fleet in Amsterdam and a telecom cabinet in Texas.

What makes us different is the problem we’re solving. Most physical security investment goes into access control, cameras and alarms. Almost none goes into the bolts holding the actual hardware together—which remain universally accessible. We close that gap without asking anyone to replace existing infrastructure or change how their teams operate.

What is something people might not know about Hexlox?

MT: Most people still think of us as a bicycle company. We’re not anymore—or at least, not only.

Some of our most active conversations right now are with organizations in telecom infrastructure, critical facilities and physical security integration. These are environments where a single tampered enclosure or compromised rack can mean service outages, data exposure or safety failures. The cost of the vulnerability is orders of magnitude higher than the cost of closing it.

We also hold an active global patent—and manufacture in Germany. For customers where supply chain integrity and product traceability matter, that’s relevant.

What is your company’s vision?

MT: Physical security has a blind spot, and it’s been hiding in plain sight for decades. Every serious installation has cameras, access control and alarm systems—and then uses the same hex bolts as a garden shed to hold it all together.

Our goal is to make bolt-level security a standard part of physical security practice, not an afterthought. Simple to deploy, scalable across existing infrastructure and practical for the teams who actually maintain these systems in the field.

What are the biggest opportunities in the security industry right now?

MT: The convergence of physical and cyber security is real, and it’s creating new scrutiny on physical access points that were previously ignored. When a threat actor can reach sensitive hardware by simply unscrewing a panel, the conversation about physical hardening changes quickly.

The other major opportunity is retrofit. Most infrastructure isn’t going to be replaced—it’s going to be hardened in place. Solutions that improve security without requiring rip-and-replace have a significant advantage in that environment, and that’s exactly where Hexlox operates.

What are your predictions for the security industry?

MT: Short-term: Physical hardening of critical infrastructure gets serious attention, driven by a combination of regulatory pressure and high-profile incidents involving tampered hardware.

Long-term: The industry moves toward layered physical security models where bolt-level access control is treated the same way logical access control is treated in cybersecurity—as a baseline, not an option. The companies helping customers build those layers cost-effectively will define the next generation of physical security practice.

What are the biggest challenges?

MT: The hardest part of what we do is that the vulnerability we solve is invisible until something goes wrong. Security budgets go to systems that are visible and auditable. A hex bolt doesn’t show up on a security assessment until someone exploits it.

Our job is to get upstream of that conversation—to be part of the risk assessment before an incident forces the issue. That’s partly a product challenge and partly an education challenge, and we’re working on both.

What do you enjoy most?

MT: Watching customers apply this technology in ways I never anticipated when we started. We built Hexlox for bicycle components. It’s now protecting telecom infrastructure, pharmaceutical equipment, museum installations and public transit systems.

The other part is the problem itself. Security is serious work. When we close a physical vulnerability that’s been ignored for years, that matters in a concrete way. I find that genuinely motivating.

What does SIA offer that is most important to Hexlox?

MT: Access to the right conversations at the right level. SIA is where physical security practice gets shaped before it becomes standard—and bolt-level security needs to be part of that conversation.

We’re a German company actively entering the U.S. market. SIA gives us the platform to build relationships with integrators, infrastructure operators and security professionals who are solving exactly the problems Hexlox is built for. That’s valuable, and we intend to use it.

How do you plan to engage with SIA in the next year?

MT: Actively. We’re here to build real relationships, not collect a membership logo. We plan to participate in ISC West, engage with SIA working groups relevant to physical infrastructure and critical facilities and connect directly with members working in telecom, data centers and infrastructure security.

If you work in any of those areas, I’d welcome a conversation: you can contact me at marcus@hexlox.com.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association.