Reken, an AI-defense cybersecurity firm founded on January 1, 2024, announced an oversubscribed $10 million seed round on January 31, 2024 – but without a publicly demonstrable product. The product will be unveiled later in the year.
The funding, led by Greycroft and FPV Ventures and including Firebolt Ventures, Fika Ventures, Omega Venture Partners, Homebrew, and JAZZ Venture Partners, will be used for further R&D – on a product that has yet to be disclosed. Greycroft partner Marcie Vu, who helped lead Google’s IPO, joins the Reken board.
The speed from founding to funding indicates careful planning and deep VC confidence in both the Reken team and the forthcoming product. “Reken’s founders have unparalleled experience building large-scale AI platforms to defend against sophisticated attacks for some of the world’s largest companies,” commented Vu. The firm was founded by Shuman Ghosemajumder (CEO) and Rich Griffiths (COO). Ghosemajumder was formerly Google’s global head of product for trust & safety, and later head of AI at F5 and CTO at Shape Security (acquired by F5). Griffiths was VP of product at Shape.
SecurityWeek spoke to Ghosemajumder to unwrap the product that is currently under wraps.
The basic problem is that AI is improving faster than our ability to defend against its adversarial use. It will introduce a new level of threat while we are still struggling to cope with existing threats. The most common underlying cause is employee failure to detect suspicious behavior (such as phishing emails and general fraud). But if this problem is bad now, it will get much worse in the coming years. The cause is the rapidly increasing capabilities of AI, the general availability of gen-AI, and the increasing sophistication of deepfakes.
“Generative AI cybercrime poses the greatest security challenge of our time,” said Ghosemajumder. “While billions have been spent on security products, the impact of cybercrime has been getting worse. The reality is that existing cybersecurity doesn’t work as well as we’d like against even yesterday’s threats, let alone against new attacks based on gen AI. It’s clear that we need a new approach.”
Ultimately, AI will affect every aspect of cybersecurity, and will require a step change in cybersecurity defenses. For now, many companies are concerned about AI, but are not yet worried. We tend to overestimate change in the next year, but underestimate change in the next five years. Since there is currently little sign of mass adversarial use of AI (largely because the criminals don’t need AI and are still covertly building their future capabilities), there is a tendency to put defense against AI – and especially deepfakes – on a back burner.
Partly, this is because current deepfakes can largely be detected by trained human observation. But this is a short-sighted, short term approach. AI is advancing so fast that these visible flaws will rapidly be eliminated – deepfakes will become invisible to human detection and increasingly difficult to detect by technology. AI defense should be designed less on what is happening today, and more on what will likely happen in the years ahead.
This is the approach being taken by Reken. It is building a layered platform defense combining elements of both zero trust (the current basic defense against all forms of fraud) on the source, and technological analysis of the content (the deepfake itself).
Ghosemajumder’s concerns go deeper than simple deepfake detection. He sees AI-generated video, image, voice, and text being used extensively in a non-malicious manner in the future, including chatbots, post-production marketing image improvements and more. “Merely detecting that something has been modified by artificial intelligence is no longer going to be sufficient. I think we need a complete shift in terms of the way that we think about this content and the way that we think about trust online. And that’s what has been missing.”
This is the purpose of the Reken platform: to be able to assess and combine both a 40% likelihood of malicious AI content and a 60% likelihood of dubious context (the ‘zero trust’ element of source analysis) in order to confidently declare a deepfake as adversarial rather than benign in intent. And to be able to do this at the same scale that criminals will be able to unleash their future attacks.
*updated headline and text; previous version of the article incorrectly stated that Reken has emerged from stealth mode