Ambuj Kumar is nothing if not ambitious.
An electrical engineer by training, Kumar led hardware design for eight years at Nvidia, helping to develop tech including a widely used high-speed memory controller for GPUs. After leaving Nvidia in 2010, Kumar pivoted to cybersecurity, eventually co-founding Fortanix, a cloud data security platform.
It was while heading up Fortanix that the idea for Kumar’s next venture came to him: an AI-powered tool to automate a company’s cybersecurity workflows, inspired by challenges he observed in the cybersecurity industry.
“Security leaders are stressed,” Kumar told TechCrunch. “CISOs don’t last more than couple of years on average, and security analysts have some of highest churn. And things are getting worse.”
Kumar’s solution, which he co-founded with former Twitter software engineer Alankrit Chona, is Simbian, a cybersecurity platform that effectively controls other cybersecurity platforms as well as security apps and tooling. Leveraging AI, Simbian can automatically orchestrate and operate existing security tools, finding the right configurations for each product by taking into account a company’s priorities and thresholds for security, informed by their business requirements.
With Simbian’s chatbot-like interface, users can type in a cybersecurity goal in natural language, then have Simbian provide personalized recommendations and generate what Kumar describes as “automated actions” to execute the actions (as best it can).
“Security companies have focused on making their own products better, which leads to a very fragmented industry,” Kumar said. “This results in a higher operational burden for organizations.”
To Kumar’s point, polls show that cybersecurity budgets are often wasted on an overabundance of tools. Over half of businesses feel that they’ve misspent around 50% of their budgets and still can’t remediate threats, according to one survey cited by Forbes. A separate study found that organizations now juggle on average 76 different security tools, leading IT teams and leaders to feel overwhelmed.
“Security has been a cat-and-mouse game between attackers and defenders for a long time; the attack surface keeps growing due to IT growth,” Kumar said, adding that there’s “not enough talent to go around.” (One recent survey from Cybersecurity Ventures, a security-focused VC firm, estimates that the shortfall of cyber experts will reach 3.5 million people by 2025.)
In addition to automatically configuring a company’s security tools, the Simbian platform attempts to respond to “security events” by letting customers steer security while taking care of lower-level details. This, Kumar says, can significantly cut down on the number of alerts security analyst must respond to.
But that assumes Simbian’s AI doesn’t make mistakes, a tall order, given that it’s well established that AI is error-prone.
To minimize the potential for off-the-rails behavior, Simbian’s AI was trained using a crowdsourcing approach — a game on its website called “Are you smarter than an LLM?” — that tasked volunteers with trying to “trick” the AI into doing the wrong thing. Kumar explained that Simbian used this learning, along with in-house researchers, to “ensure the AI does the right thing in its use cases.”
This means that Simbian effectively outsourced part of its AI training to unpaid gamers. But, to be fair, it’s unclear how many people actually played the company’s game; Kumar wouldn’t say.
There are privacy implications of a system that controls other systems, especially concerning those that are security-related. Would companies — and vendors, for that matter — be comfortable with sensitive data funneling through a single, AI-controlled centralized portal?
Kumar claims that every attempt has been made to protect against data compromise. Simbian uses encryption — customers control the encryption keys — and customers can delete their data at any time.
“As a customer, you have full control,” he said.
While Simbian isn’t the only platform to attempt to apply a layer of AI over existing security tools — Nexusflow offers a product along a similar vein — it appears to have won investors over. The company recently raised $10 million from investors including Coinbase board member Gokul Rajaram, Cota Capital partner Aditya Singh, Icon Ventures, Firebolt and Rain Capital.
“Cybersecurity is one of the most important problems of our time, and has famously fragmented ecosystem with thousands of vendors,” Rajaram told TechCrunch via email. “Companies have tried to build expertise around specific products and problems. I applaud Simbian’s method of building an integrated platform that would understand and operate all of security. While this is extremely challenging approach from technology perspective, I’ll put my money — and I did put my money — on Simbian. It’s the team with unique experience all the way from hardware to cloud.”
Mountain View-based Simbian, which has 15 employees, plans to put the bulk of the capital it’s raised toward product development. Kumar’s aiming to double the size of the startup’s workforce by the end of the year.