It is difficult nowadays to talk to investors in any tech sector without AI coming up in the conversation — and that is certainly true in cybersecurity.
At the recent RSA Conference in San Francisco, talk of AI and its uses in new applications and security functions abounded as the typically robust cybersecurity sector has seen signs slowing.
Search less. Close more.
Grow your revenue with all-in-one prospecting solutions powered by the leader in private-company data.
Funding in the sector is down, as is M&A dealmaking. However, that decline could be helped out by AI and its uses in security — just as many bad actors are starting to use it to evade cyber defenses.
“We are talking with a lot of people, looking at a lot of different innovations,” said Alberto Yépez, co-founder and managing director at Forgepoint Capital, which specializes in cybersecurity and infrastructure software investments.
However, many stress it is still early days for AI. That goes double for both cyber companies using AI and startups looking to secure aspects of generative AI.
A quick search of Crunchbase data shows that cybersecurity AI does not show rapid growth. (In this search we included companies tagged as both being in a category of cybersecurity and artificial intelligence.)
The area saw its highest level of investment in 2021 — not surprisingly — when 130 funding deals were announced and $2.3 billion invested. Last year, those numbers dropped to just barely more than 100 deals and $1.2 billion.
This year to-date, just under $700 million has been dolled out in 29 deals — with the majority of that going to AI and quantum computing startup SandboxAQ in its massive $500 million round.
Looking ahead
At the foundation of AI is automation — which has been around for years in cybersecurity. Most notably, automation has been used in security operations centers — often referred to as SOCs — as a way to help organizations large and small struggling to hire enough cyber talent.
While that automation has helped, it is governed by rules and guardrails that still rely on humans to enter the needed information and data. That can leave these centers static and stagnant.
AI obviously could change that. With artificial intelligence being able to learn from large language models, it could institute new rules that can help a security operation run more efficiently, according to those in the sector. Of course, that also will depend on whether companies feel they can trust their security to AI.
However, investors point out that cyber often prides itself on being an early adopter of new technology — as it was with several forms of automation — and AI can offer things not even a cybersecurity professional can as it pertains to performance.
“The move from human- to rule-based security was driven by cost,” said Leo Casusol, a managing director at Forgepoint. “With AI, it will be driven by speed and accuracy.”
Alex Doll, founder and managing partner at Ten Eleven Ventures, a multistage global venture capital firm dedicated to cyber, said AI could play a role in SOC and security analytics. It also could help overworked security professionals filter out the signal from the noise.
Cyber startup Kasada — a Ten Eleven portfolio company — recently estimated 90% of traffic on the web is nonhuman, but rather bots and other digital interference. Such a high percentage can pose more risk and create an environment where there is a lack of vision for real threats.
“There’s so much happening on the web,” Doll said. “And most of it is noise.”
Fact-checking
Double-checking accuracy could also be another area where cybersecurity steps in.
One role that is obvious for cybersecurity to play concerning AI is to make sure the data it is using is not corrupted, said Roger Thornton, co-founder and general partner at Ballistic Ventures, a firm dedicated to cybersecurity.
Early last month, New York-based startup Cranium raised a seed round from KPMG and SYN Ventures. The company helps enterprises monitor, and manage their AI/ML environments, which includes watching for contaminated data that an AI could be trained on.
Cybersecurity has always had a role in protecting data, and it could serve the same function in the development of AI applications, ensuring the safety of LLMs even as bad actors already have tried to infiltrate such models.
Prove it out
The one aspect that likely will hold back an avalanche of investment for cyber roles in AI is AI itself.
While the tech holds all the promise, companies are struggling with how and when to use it, and legal and ethical questions swirl daily.
“Before cyber finds the right first in the growing AI economy, artificial intelligence in general will need to show clearly how it is making businesses grow faster and make employees more productive,” Thornton said.
While startups like TrojAI, Calypso AI and Gretel all seem to offer businesses to evolve — the true benefit of such platforms is still unrealized.
“We just don’t know yet,” Thornton said.
Methodology
Cybersecurity is defined by the industries of network security, cloud security, identity and cybersecurity, according to Crunchbase data.
Further reading:
Illustration: Dom Guzman
Stay up to date with recent funding rounds, acquisitions, and more with the
Crunchbase Daily.