Ambuj Kumar is really ambitious.
An electrical engineer by training, Kumar led hardware design at Nvidia for eight years and helped develop technologies including a widely used high-speed memory controller for GPUs. After leaving Nvidia in 2010, Kumar turned to cybersecurity and eventually co-founded Fortanix, a cloud data security platform.
While running Fortanix, he came up with the idea for Kumar’s next project: an AI-powered tool to automate a company’s cybersecurity workflows, inspired by the challenges he observed in the cybersecurity industry.
“Security leaders are under stress,” Kumar told TechCrunch. “CISOs don’t last more than a few years on average, and security analysts have the highest churn rate. And it keeps getting worse.”
Kumar’s solution, which he co-founded with former Twitter software engineer Alankrit Chona, is Simbian, a cybersecurity platform that effectively controls other cybersecurity platforms as well as security apps and tools. Using AI, Simbian can automatically orchestrate and operate existing security tools and find the right configurations for each product by considering an organization’s security priorities and thresholds and aligning with its business needs.
Simbian’s chatbot-like interface allows users to enter a cybersecurity goal in natural language, then let Simbian make personalized recommendations and generate what Kumar calls “automated actions” to carry out the actions (as best it can).
“Security companies have focused on improving their own products, resulting in a very fragmented industry,” Kumar said. “This leads to a higher operational burden on organizations.”
According to Kumar, surveys show that cybersecurity budgets are often wasted by an overabundance of tools. According to a survey cited by Forbes, more than half of companies feel they have misspent around 50% of their budget and are still unable to eliminate threats. A separate study found that organizations are now juggling an average of 76 different security tools, leaving IT teams and executives feeling overwhelmed.
“Security has long been a cat-and-mouse game between attackers and defenders; “The attack surface continues to grow due to IT growth,” Kumar said, adding that there is “not enough talent to bypass it.” (A recent survey by Cybersecurity Ventures, a security-focused VC firm, estimates that the shortage of cyber professionals will reach 3.5 million people by 2025.)
In addition to automatically configuring an organization’s security tools, the Simbian platform seeks to respond to “security events” by allowing customers to control security while taking care of lower-level details. Kumar says this can significantly reduce the number of alerts that security analysts have to respond to.
However, this assumes that Simbian’s AI doesn’t make mistakes – a tall order given that AI is proven to be error-prone.
To minimize the potential for unconventional behavior, Simbian’s AI was trained using a crowdsourcing approach – a game on the site called “Are you smarter than an LLM?” – which tasked volunteers with trying to train the AI to do so cause you to do the wrong thing. Kumar explained that Simbian used these insights alongside internal researchers to “ensure AI is doing the right thing in its use cases.”
This means that Simbian has effectively outsourced some of its AI training to unpaid gamers. But to be fair, it’s unclear how many people actually played the company’s game; Kumar wouldn’t say.
A system that controls other systems has privacy implications, especially when it comes to security-related systems. Would companies – and vendors – be comfortable with routing sensitive data through a single, AI-driven, centralized portal?
Kumar claims that every effort has been made to protect against data compromise. Simbian uses encryption – customers control the encryption keys – and customers can delete their data at any time.
“As a customer, you have full control,” he said.
While Simbian isn’t the only platform trying to apply a layer of AI over existing security tools – Nexusflow offers a similar product – it appears to have won over investors. The company recently raised $10 million from investors including Coinbase board member Gokul Rajaram, Cota Capital partner Aditya Singh, Icon Ventures, Firebolt and Rain Capital.
“Cybersecurity is one of the biggest issues of our time and has notoriously fragmented the ecosystem with thousands of vendors,” Rajaram told TechCrunch via email. “Companies have tried to build expertise around specific products and problems. I applaud Simbian’s method of building an integrated platform that understands and operates all aspects of security. Although this is an extremely sophisticated approach from a technological perspective, I will – and have – put my money on Simbian. It is the team with unique experience across the entire journey from hardware to cloud.”
Mountain View-based Simbian, which has 15 employees, plans to invest most of the capital raised in product development. Kumar aims to double the startup’s workforce by the end of the year.