For the second year in a row, an AI-based security startup took the prize for Most Innovative Startup at RSA Conference’s Innovation Sandbox competition.
Last year, HiddenLayer started its presentation with a deepfake video of its CEO asking the judges not to pick it as the winner. This year, Reality Defender showed off its tool for identifying deepfakes and other artificial content to help restore confidence in what we see and hear.
Deepfakes via artificial intelligence (AI) may be “one of the most consequential problems we face, especially in an election year,” said Niloofar Razi Howe, operating partner at Capitol Meridian Partners and one of the judges for the Innovation Sandbox competition. The importance of that mission may have helped put Reality Defender over the top.
How Reality Defender Defends Reality
Reality Defender’s deepfake detection platform and API lets teams identify fraud, disinformation, and harmful content in real time — using AI to defeat AI, said Ben Colman, the company’s co-founder and CEO.
“While the outputs are fake, the threats are real,” Colman said, citing recent high-stakes incidents such as the $25 million wire fraud in Hong Kong powered by a deepfake video and the deepfake robocall in New Hampshire supposedly from US President Joe Biden.
Colman said his company’s technology uses an “ensemble approach” to detect fraudulent audio, video, images, and text. The API, he said, can be installed on-premises or in the cloud and be integrated into any application. He cited Lexis-Nexis Risk Solutions’ prediction that deepfake-fueled fraud could cost $1 trillion a year. While he didn’t go deeply into how the technology actually works, one of the slides showed an AI detector looped into a voice call to determine whether the customer voice is live or manipulated.
“Our vision is to become the detection layer for all AI-generated fraud,” Colman said.
Judges asked about enterprise uses of the platform.
“So for banks, the No. 1 use is real-time voice fraud detection,” Colman answered. “All we do is say human or not human” — that is, just whether it’s manipulated rather than trying to identify the individual.
When asked what was the company’s most challenging task, Colman said, “Hiring great PhDs focusing on engineering and research. And if anyone in the room is looking for a job, we’re hiring.”
The Rest of the Best
During the Innovation Sandbox competition, representatives from 10 cybersecurity startups had three minutes to pitch their technology to a panel of judges and then faced three minutes of questions from the judges. As in previous years, the judges assessed finalists using the following criteria: the problem a company sets out to solve and who they’re solving it for; the originality and soundness of its intellectual property; the company’s go-to-market strategy, its reach, and the strength of its team; and whether the approach has been validated by the market — that is, whether the company is making money from real customers.
In addition to Howe, this year’s judging panel included Asheem Chandna, partner at Greylock; Dorit Dor, chief technology officer of Check Point Software; Paul Kocher, independent researcher and founder of Cryptography Research; and Nasrin Rezai, senior VP and CISO at Verizon.
In addition to Reality Defender, the other finalists this year were (in reverse alphabetical order): VulnCheck, RAD Security, P0 Security, Mitiga, Harmonic Security, Dropzone AI, Bedrock Security, Antimatter, and Aembit.
VulnCheck crawls the Internet for CVE data, then recombines and sanitizes it to create exploit and vulnerability intelligence for enterprise and product teams. When Kocher asked how they keep from burning out, VulnCheck chief marketing officer Tom Bain credited prioritizing tasks and giving teams data early.
RAD Security takes a behavioral approach to cloud-native detection and response to address evolving threats. RAD “fingerprints” the corporation’s environment so that you can compare new behaviors against the existing norms using large language models (LLMs).
P0 Security offers a platform for cloud-access governance that secures all identities, whether human or machine. “If you want secure access to the cloud, talk to us,” said co-founder and CEO Shashwat Sehgal.
Mitiga sells a cloud investigation and response automation (CIRA) platform to provide security operations centers with cloud and software-as-a-service visibility. With more attacks moving to the cloud, the company gets calls “all the time” as to whether a company has been breached, said co-founder and CTO Ofer Maor.
Harmonic Security helps organizations adopt generative AI while maintaining the security and privacy of their data, using Harmonic’s prebuilt data protection LLMs to detect sensitive data. Most of the team came from Digital Shadows, co-founder and CEO Alastair Paterson’s previous startup. ReliaQuest bought Digital Shadows for $160 million in 2022.
Dropzone AI presented his company’s AI SOC analyst that autonomously investigates alerts around the clock. When asked by the judges whether Dropzone was looking to replace the human SOC analyst, founder and CEO Edward Wu said, “We’re not looking to replace the SOC analyst; we’re looking to augment the SOC analyst.”
Bedrock Security makes a data security platform powered by AI Reasoning Engine (AIR). “Modern enterprises are much like the Titanic when it comes to data: They’re rushing through icy waters, unaware of regulatory icebergs and pirates that are happy to ransom their data,” said co-founder and CEO Pranava Adduri.
Antimatter focuses on making data safe to use in AI and machine learning applications by automatically classifying and redacting sensitive data, allowing users to define access policies, and enforcing policies no matter where data is stored.
“Antimatter is a data control plane that sits between your applications and your data,” said co-founder and CEO Andrew Krioukov.
Aembit sells a workload IAM platform that secures access between workloads across clouds, SaaS, and data centers without passwords. Company co-founder and CEO David Goldschlag said that IAM has secured user access for two decades, but there are 10 times more workloads than users.
Source: www.darkreading.com