Editor’s note: This story is Part Two of our series on artificial intelligence startups and their impact on multiple sectors. We look at the companies, the investments, the risks and concerns, and whether this technology’s promise will truly be realized. In Part One, we analyze VC investment in AI over the last decade. Part Three explores AI’s promise to transform medical imaging technology. Part Four spotlights some creative ways startups apply AI to their sectors.— Special Projects Editor Christine Kilpatrick
The use of AI by cybersecurity startups is nothing new, but as applications for the technology in the sector have grown, so has investor interest.
Cybersecurity firms were early adopters of AI — those in the industry use as many tools as possible to stop the bad guys — but increased processing power has expanded AI’s security uses and investors have taken note by investing billions of dollars in recent years.
Search less. Close more.
Grow your revenue with all-in-one prospecting solutions powered by the leader in private-company data.
Last year saw a record $2.1 billion roll into VC-backed startups that use AI in cybersecurity, according to Crunchbase data. That was the second consecutive year investors stuffed more than $1 billion into the coffers of such startups.
While this year in general has been a downer compared to last for fundraising — including in cybersecurity overall — cyber startups that use AI are still on pace to secure about $1.2 billion of investment.
Even in a down year, there have been a handful of nine-figure rounds for cyber startups using AI in their tech.
- In February, Palo Alto, California-based Salt Security, an API protection platform that prevents attacks using machine learning and AI, closed a $140 million Series D round led by Alphabet’s CapitalG at a $1.4 billion valuation.
- Switzerland-based AI-powered smart contract platform Velas raised a $135 million round in September.
- In January, Austin, Texas-based SparkCognition, an AI startup that analyzes complex data stores, closed a $123 million Series D.
Threats and automation
Although AI is used throughout cybersecurity, it usually is associated with pattern matching in areas such as threat detection, as well as helping automate decisions in security operations concerning threats, response and remediation.
“While AI may not be the panacea for all cybersecurity concerns, it does help us with exponentially growing datasets, hyperscale attacks, identifying unknown attacks that cannot be detected via signatures, and also address efficiency challenges in an industry that has been plagued with a talent shortage for years,” said Dino Boukouris, founding director of San Francisco-based financial advisory firm Momentum Cyber.
Alberto Yépez, co-founder and managing director at Forgepoint Capital — which specializes in cybersecurity and infrastructure software investments — said embedded AI has had the biggest impact on both automation and ability to recognize rules in cybersecurity.
Companies like identity detection firm Attivo Networks — acquired by SentinelOne earlier this year — and automation and observability startup TruEra both leverage AI in platforms.
“You see it applied to automation all the time, especially when it comes to (the security operations center). It’s pervasive,” Yépez said.
However, he adds AI use cases in the space have expanded, too.
San Francisco-based CyberCube applies AI to cyber insurance underwriting, and Australia-based Secure Code Warrior uses the technology to write better software code. Both show the growing possibilities.
“I think we are using it more and more,” Yépez said. “The processing power has helped that.”
Not quite there yet
While there is no doubting advancement in the AI space, pretty much all admit there is still a way to go before its full abilities are realized in cyber.
Stephen Ward, managing director at Insight Partners who invests in cybersecurity, said the industry still confuses machine learning and artificial intelligence as the same thing — which they are not.
“Right now, security is in the ML and automation space, not the AI space yet,” Ward said.
Ward admits some companies, including San Francisco-based email security firm Abnormal Security, have used AI effectively in the industry, but in general the talent is not yet in cyber for most to harness its power.
“We don’t have the experts in it yet,” he said. “They are still in core tech. … Maybe in two to three years we will be there.”
While companies such as SentinelOne and CrowdStrike have effectively used ML tech to help become large security titans, Ward said he has not seen companies do the same with AI and does not hear many CISOs asking about such tech yet.
Yépez also said embedded AI has a little way to go before it can reach its full promise. First, while processing power has improved, most companies still haven’t found a way to make AI more efficient and easier to use.
There is still a trust factor.
“There also is the question about responsible AI,” he said. “We are not comfortable enough to let AI make (many) decisions for us.”
Cybersecurity is defined by the industries of network security, cloud security, identity management and cybersecurity, according to Crunchbase data. Most announced rounds are represented in the database.
Illustration: Dom Guzman
Stay up to date with recent funding rounds, acquisitions, and more with the Crunchbase Daily.