Connect with us

Hi, what are you looking for?


Cybersecurity Funding

Scottish Cybersecurity Startup Unveils Versatile AI-Based Deception

Lupovis develops versatile AI-based deception technology

Lupovis develops versatile AI-based deception technology

Glasgow, Scotland-based start-up Lupovis – a spin-out from the University of Strathclyde – has announced pre-seed funding of over £615,000 (just under $850,000). This is almost twice the average amount for pre-seed funding. The funds will be used to further develop a new AI-based deception technology.

Deception is a fail-safe technology. It does nothing to prevent a breach, but instead concentrates on neutralizing any malicious effect from an incursion. It does this by quietly shepherding the attacker away from the company’s genuine assets and into harmless decoy areas. ‘Lupovis’ comes from the Latin for wolf and sheep – it is a wolf in sheep’s clothing engaged in silently hunting the attacker.

Lupovis is unique in its application of deception. It gathers attackers’ TTPs into a database and then uses AI to determine the level of sophistication of the attacker. It can then dynamically change the level of deception to match the skills of the aggressor. The effect keeps the attacker safely occupied on the network while the defender learns more about the aggressor.

“The system responds dynamically to the behavior and skills level of the attacker by using incentives and gamifying the vulnerabilities that engage the hacker,” explains Lupovis CEO, Xavier Bellekens. “The longer the attacker is engaged, the longer the system is blocking malicious actions that would otherwise stop the network functioning.

“Essentially,” he told SecurityWeek, “what we do is leverage machine learning to manipulate actors in a contested environment, and that allows us to gather information about the attacker — motives, choices, techniques, the complete modus operandi. We are able to gather all of this information and infer the attacker’s path in order to more accurately deceive him.”

Like all AI/machine learning systems, Lupovis will improve its accuracy as its data pool of attacker TTPs increases. However, although the company was only founded in July 2021, the system has been in development since 2019 based on academic research into AI that can learn from a smaller than usual data pool – it already works and will get better.

Its operational pool of data is obtained from actual incursions, but it matches that data to existing TTP frameworks. “Lupovis ingests data from all of the decoys deployed across the various infrastructures,” Bellekens told SecurityWeek, “and that data is further matched with the ATT&CK and D3FEND frameworks to provide additional information to the SOC and threat intelligence teams.

Advertisement. Scroll to continue reading.

“The benefits,” he continued, “are uninterrupted business continuity, while simultaneously gathering information on the hacker’s skills and strategies. This informs security teams of the optimum counter-measure to arrest the breach.”

Over time, the system will become better at deceiving attackers that have gotten into the network, and will be able to recognize the attacker’s TTPs, and recognize the attacker group itself. In the future, Bellekens believes that the product will become a valuable research tool for both private researchers and law enforcement – law enforcement (FBI and NCSC) and intelligence agencies (NSA and GCHQ) will potentially gain increased visibility into which criminal or nation state groups are attacking particular industries or verticals – with attribution.

“We can correlate the information we gather and begin to see different groups targeting different sectors,” said Bellekens. With the help of law enforcement, and a knowledge of the TTPs likely to be used, entire critical industry sectors could get early warning on potential criminal or nation state campaigns, including advice on how to defend against them.

The potential that underlies Lupovis is that it can help its immediate users by nullifying any impact from attackers, and that the lessons learned from its use can go further to help the wider industry.

Related: How Deception Technology Can Defend Networks and Disrupt Attackers

Related: Altering the Cyber Terrain and Shaping the Attacker Experience With Deception Technology

Related: Cyber Deception Company TrapX Raises $18 Million

Related: Symantec Enhances Endpoint Protection Capabilities

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Thirty-five cybersecurity-related M&A deals were announced in February 2023

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.


Forty cybersecurity-related M&A deals were announced in January 2023.