In the era of generative AI, the cybersecurity threat government agencies, companies and society face is ramping up. Malware, deep fakes and disinformation campaigns have all become cheaper and easier for cybercriminals to create.
Despite that, in 2023, the investments in cybersecurity in Europe decreased by one-third from the previous two years, from almost €2bn to €1.3bn.
Cybersecurity companies are fighting back nonetheless — and also turning to GenAI to keep up with the criminals.
One of those is the Swedish-American scaleup Recorded Future, which works with 40 governments on defence as well as many more large enterprises.
“We have no other options but to adopt everything that has to do with AI as soon as possible because that’s what the antagonists do,” says Marie Brattberg, chief strategy officer. “It is an exponential development curve — if you pause in it they [the antagonists] get an exponential lead and then we never have time to catch up.”
“So far, AI is still pretty good at determining what is developed by AI, but it’s like an arms race.”
Using AI against AI
Cyberattacks cost the global economy an estimated $8tn in 2023 and it is expected to rise to $10.5tn by 2025, according to Cybersecurity Ventures. With GenAI making it easier to create deep fakes, phishing scams and disinformation campaigns, the work to fight cybercrime means a lot of development in AI for cyber defence companies.
Recorded Future has been using machine learning and natural language processing to combat cyber threats since it launched in 2010. It is also using large language models to speed up the response to an attack on a customer’s system.
5x a week
Sifted Daily
Stay one step ahead with news and experts analysis on what’s happening across startup Europe.
By Sifted journalists
As soon as OpenAI released ChatGPT, Recorded Future met up with the company and was one of the first to implement a decreased time for analysing a cyber attack, says Brattberg.
Instead of having a person investigate a breach or attack and write up an analysis for the customer, which could take hours or days — with GenAI the same work is done in minutes. With Recorded Future’s GenAI assistant, launched earlier this year, users can get notified and take action in real-time against converging threats across cyber, physical and influence operations domains.
Apart from disinformation and deep fakes, AI is also changing malware attacks.
“AI can build malware which works similarly to human viruses,” says Brattberg. “They don’t look dangerous when they get in but then they transform themselves depending on how the system looks — it’s a bit like Ebola.”
To identify security threats, Recorded Future’s software scans the open internet and the “dark web”. It creates a digital shield around its customers’ systems which detects if someone has tried or succeeded in making an entry. The threat data — from domain name systems (DNS), IPs, news and blogs, or closed dark web forums — is then structured and analysed. Its customers can then get signals depending on where they are based, which industry they are in, which infrastructure and products they use and which products they are connected to.
Brattberg can’t mention individual customers but — given the company’s annual price point of around €100k — it’s mainly large corporations that can afford it. However, as part of its supply chain risk product for its customers, it keeps track of and delivers security scores on 5m companies in real time.
Getting its first funding from the CIA’s investment arm
Christopher Ahlberg, Staffan Truvé and Erik Wistrand founded Recorded Future in Gothenburg in 2009. A couple of years earlier, in 2007, Ahlberg and Truvé had sold their first startup, the analytics platform Spotfire, for about €150m to American company TIBCO.
The founders built a prototype of Recorded Future in “a virtual garage” — with the founders being based both in Gothenburg and the US — and in 2009, the startup secured its first investment of $2.2m from GV (Google Ventures), IA Ventures and In-Q-Tel, the investment arm of the CIA.
The company split its location to focus its engineering efforts in Gothenburg. Ahlberg said in an interview with local media in 2019 that people are as talented in the Swedish city as in the US — but more loyal.
It’s since grown to employ more than 850 people globally, opening offices in Dubai, Singapore, Tokyo, London and Washington. The company has an annual recurring revenue above $300m.
Sweden’s most secret startup
Recorded Future is, however, often described as “Sweden’s most secret startup”.
The reason may be that it hasn’t completed the VC rounds that other well-known startups have done, says Brattberg, who joined Recorded Future in 2013.
“We’ve never jumped on this hyperscale thing, instead we’ve been careful with our spending and financed the people we’ve hired [with revenue]. We’ve been slightly profitable for several years.”
“Of course, in previous years, many people questioned that — they didn’t get why we didn’t invest more in growth. But now [with the financial crunch], we look very clever,” she says.
Recorded Future had raised a total of $56m when in 2019 the US investor Insight Partners bought a majority stake in the company for $780m, buying out all previous investors. The founders and employees kept their shares in the company and the company is run as it was before, says Brattberg: “We do as we please.”
And with the heightened risk of cybercrime, the company is busier than ever.
Security of state
Large enterprises make up about 80% of Recorded Future’s customer base, although the company also works with governments. Ukraine is one of them, which Recorded Future is helping for free.
When an attack on national defence occurs, Recorded Future can find out which nation-state the incident came from, the sub-group within that nation, and the infrastructure they used. One of its recent findings, published in February, was that “a threat actor likely operating on behalf of Belarus and Russia [was] conducting cyber-espionage” against several governments including Georgia, Ukraine and Poland.
“When you talk about cyber threats, they aren’t isolated to one type of attack. They are linked to disinformation, and physical threats — like war or bombings. The most sophisticated antagonists synchronise their attacks — which has been very clear in the case of Ukraine,” says Brattberg.
“Ukraine has been a great case study for us to show our philosophy and how we work as a company.”
The company’s work in Ukraine has led to an increased interest from other European governments, says Brattberg. In January last year, Belgium announced Recorded Future as a cybersecurity partner.
With half of the world set to vote in national elections this year, it could sign up several new government customers keen to tackle disinformation.
“The volume and level of disinformation will be very high,” says Brattberg.
Read the orginal article: https://sifted.eu/articles/ai-cyber-defence-recorded-future/
