Mountain View, CA-based Simbian has emerged from stealth with $10 million seed funding from AI-focused investors including Cota Capital, Icon Ventures, Firebolt and Rain Capital.
Simbian is moving the needle from security co-pilot toward autonomous security pilot – its name indicates the symbiosis of man and machine. For now, the firm still calls its platform a ‘co-pilot’ and ‘the first step’ toward autonomous security; but it nevertheless describes itself as “committed to making security fully autonomous”.
Simbian is focusing on the economic benefit of automated security rather than the full potential benefit of autonomous security. “Users provide their goal and business context in natural language,” says the firm, “and Simbian’s patent-pending LLM-powered platform provides personalized recommendations and generates automated actions across heterogeneous environments.” The argument is that human experts will be relieved from tedious tasks, and business will need fewer of those expensive humans.
Conceptually, it is a small step from taking input from humans to taking input from incidents to generate and perform automated actions; that is, autonomous security. Fully autonomous will require a leap of faith among practitioners, allowing a black box to make and act on decisions in real time without immediate reference to human oversight. This will be welcome to pioneers and worrying to neophobes – but it is going to happen; and platforms like Simbian are paving the way.
An introductory blog describes the current problem together with Simbian’s solution. A typical enterprise uses 45 different tools (requiring 45 streams of product knowledge) to secure more than 1,000 applications. This is hard, even for well-funded organizations – but with LLMs it is possible to build a unified security layer. “Simbian,” says the blog, “is building a Fully Autonomous Security platform for enterprises. Fully autonomous security means letting humans make all the strategic decisions while AI actually implements those decisions.”
Autonomous security has not yet reached the level of an autonomous vehicle. “Humans still need to control where we want to go,” Ambuj Kumar, co-founder and CEO of Simbian, told SecurityWeek. “So, we’re leaving the steering wheel with the humans while the Simbian platform operates the vehicle.”
This can only be achieved through a massive knowledge of security, its products, its issues, and its current threats. This knowledge becomes the training data for LLM AI. But the LLM must also be secure and free of hallucinations: a decision based on ignorance, or a decision based on a gen-AI hallucination, could be disastrous.
Kumar explained how Simbian tackles both problems. It has developed its own patent-pending TrustedLLM, “the world’s first hallucination-free system that is purpose-built for safety and reliability.” The training data is protected from outside abuse by encryption, whether it is at rest or in transit. It is protected from internal misuse (bad prompt injection) by TrustedLLM’s many patent-pending filters (guardrails, or sanitization rules).
The knowledge base is accumulated from multiple sources. Individual customer knowledge, such as infrastructure comes from and is relevant to the customer. Security issues (such as ransomware) are defined by experts and ingested.
The second source of data required and gathered is new and current threats. There is little value in asking Simbian whether your infrastructure is at risk from the XZ Utils backdoor (and what you should do about it) if it has no knowledge of the problem.
“We monitor the entire web,” said Kumar. “We understand all languages. We take RSS feeds. We watch the dark web. We gather security advisories as they are published. We can take blogs and figure out what they are talking about.”
It is this combination of customer understanding and worldwide threat knowledge that allows the user to ask, “Am I affected by that threat, and if so, what is the solution for me?” What would normally take many hours could be solved in a few minutes. And while Kumar acknowledges both the concerns and difficulties of AI, he is confident that Simbian’s solutions are superior, faster, and cheaper than current manual methods.
Related: Enterprise AI Security Firm TrojAI Raises $5.75M in Seed Funding
Related: StrikeReady Raises $12M to Build AI-Powered Security Command Center
