Ambuj Kumar is nothing if not ambitious.
An electrical engineer by training, Kumar led hardware design at Nvidia for eight years, contributing to the development of technologies such as widely used high-speed memory controllers for GPUs. After he left Nvidia in 2010, Kumar pivoted to cybersecurity and eventually co-founded Fortanix, his platform for cloud data security.
It was while leading Fortanix that Kumar's idea for his next venture came to him. It is an AI-powered tool that automates the workflow of enterprise cybersecurity professionals, inspired by challenges observed in the cybersecurity industry.
“Security leaders are stressed,” Kumar told TechCrunch. “CISOs only last a few years on average, and security analysts have some of the highest turnover rates. And it's only getting worse.”
Co-founded with former Twitter software engineer Alankrit Chona, Kumar's solution is Simbian, a cybersecurity platform that effectively controls other cybersecurity platforms and security apps and tools. Leveraging his AI, Simbian automatically adjusts and operates existing security tools to ensure the right configuration for each product based on business requirements and taking into account enterprise security priorities and thresholds. You can find it.
Simbian's chatbot-like interface allows users to enter their cybersecurity goals in natural language, have Simbian provide personalized recommendations, and generate what Kumar calls “automated actions.” and perform that action (as far as possible).
“Security companies are focused on making their products better, and that's led to a very fragmented industry,” Kumar said. “This increases the operational burden on organizations.”
Kumar points out that polling shows that cybersecurity budgets are often wasted on excessive tools. According to a study cited by Forbes, more than half of businesses feel like they waste about 50% of their budgets yet fail to remediate threats. Another study found that organizations are now juggling an average of 76 different security tools, leaving IT teams and leaders feeling overwhelmed.
“Security has long been a cat-and-mouse game between attackers and defenders. With the growth of IT, the attack surface continues to expand,” Kumar said, adding that “there is a lack of talent to roam.” I added. (A recent study by his Cyber security Ventures, a venture capital firm specializing in security, estimates that the shortage of cyber professionals will reach 3.5 million by 2025.)
The Simbian platform seeks to respond to “security events” by not only automatically configuring an enterprise's security tools, but also by giving customers control over security while handling low-level details. This can significantly reduce the number of alerts security analysts have to respond to, Kumar says.
But that's assuming Simbian's AI doesn't make mistakes, which is a tough call given that it's well established that AI is fallible.
To minimize the possibility of off-the-rails behavior, Simbian's AI was trained using a crowdsourcing approach, a game on the website called “Are you smarter than LLM?” . It tasked volunteers with trying to “trick” an AI into doing the wrong thing. Kumar explained that Simbian, along with in-house researchers, will use this learning to “ensure that the AI behaves correctly for that use case.”
This means that Simbian has effectively outsourced some of its AI training to unpaid gamers. But to be fair, it's unclear how many people actually played the company's games. Mr. Kumar did not say.
Systems that control other systems have privacy implications, especially for security-related systems. Would companies, and for that matter vendors, be comfortable with sensitive data being collected through a single, centralized portal controlled by AI?
Kumar claims that every attempt is being made to prevent data breaches. Simbian uses encryption, customers control the encryption keys, and customers can delete their data at any time.
“Customers have complete control,” he said.
Simbian isn't the only platform trying to apply a layer of AI to existing security tools, but Nexusflow also has a similar product that seems to be attracting investors. The company recently raised $10 million from investors including Coinbase board member Gokul Rajaram, Cota Capital partner Aditya Singh, Icon Ventures, Firebolt, and Rain Capital.
“Cybersecurity is one of the most important issues of our time, and the ecosystem is notoriously fragmented with thousands of vendors,” Rajaram told TechCrunch via email. “Companies have sought to build expertise around specific products and issues. I admire Simbian's approach to building an integrated platform that understands and operates on all aspects of security. It's a very challenging approach from my perspective, but I'm putting my money, and indeed my money, into Simbian. It's a team with unique experience from hardware to cloud.”
Symbian, based in Mountain View, has 15 employees and plans to use the majority of the capital for product development. Kumar aims to double the size of the startup's workforce by the end of the year.