More AI funding, Crowdstrike ripples continue, GPT yourself – ESW #371

$250M Series D at a $5.1B valuation, led by Wellington Management (PE firm). Abnormal states that its mission is to "protect humans with AI". So far, Abnormal has been focused on email security, but say they will use this investment to expand into new security markets.

They've been a "unicorn" for years now. Would be a pretty big exit if they got acquired, but no obvious acquirers come to mind. Cisco? Crowdstrike and Palo Alto seem to prefer buying early stage. Microsoft desperately needs the help, M365 email security is hilariously bad.

$60M Series B, led by Evolution Equity Partners. Total of $108.5M in funding. "AI security posture management platform".

Protect AI also acquired SydeLabs, and gains from them, the ability to 'red team' LLMs. The company lists a surprising number of products for a company in this early a stage:

• Guardian: Zero trust for AI models
• Layer: End-to-end LLM security and governance monitoring
• Recon: Automated red teaming of GenAI (from SydeLabs)
• Radar: AI risk assessment and management
• Sightline: "The first AI supply chain vulnerability database"

as well as Open Source:

• LLM Guard: "Secure your LLM applications"
• ModelScan: "A scanner for all formats"
• NB Defense: Secure Jupyter Notebooks

$25M Series A, led by M Ventures, SineWave Ventures, and AI Capital Partners. They appear to be building confidential computing for LLMs? "Anjuna Confidential Containers" are "secure enclave-ready hardened images" that leverage your original application without requiring any code changes.

Looks like a one-person business around a self-developed tool got acquired. Not to say that's a bad thing - Metasploit, Maltego, and BurpSuite all came about the same way!

A few months back it was Rapid7 and nothing came of it, so don't get too excited yet.

My prediction? Eventually, one of the big 3 (Qualys, Rapid7, or Tenable) goes private with a private equity firm, who also picks up a CAASM vendor (Axonius, Panaseer, JupiterOne, runZero), and smooshes them together.

A watershed moment, but I include this to talk about a bigger potential impact. I've talked to folks who worry that all these layoffs have actually made organizations easier targets for cyberattacks. I doubt we have enough data to properly analyze that theory, but it's worth considering, especially for those doing the layoffs.

Unfortunately, through no fault of their own, I suspect a lot of security practitioners aren't doing a lot to reduce risk or prevent attacks...

This is an interesting one to discuss - particularly, how and in what scenario would you use this vulnerability?

Something Tyler is definitely going to be interested in, from one of the better Adrians out there (as an Adrian, I know these things), Adrian Cockroft!

The final investigation report has been released. TL;DR:

1. Expecting 21 parameters when there were only 20 led to an out-of-bounds memory write in the kernel's memory space. Very bad bad not good.
2. Testing didn't catch it, so they're doing more better testing now.
3. They're now going to allow customers to slow down rapid response content updates. Sure, that makes sense.

I think it's even worse than this, see yesterday's PSW for my thoughts in response to some other recent vuln management research.

A fascinating incident where some academic research was called into question, and the culprit turned out to be Xerox scanners CHANGING DATA by mistake. The reason has to do with a pattern matching trick that some scanners use to use less memory. When the pattern matching SUCKS, as it did in this case, sometimes an O becomes a Q, an L becomes an I, and a 6 becomes an 8.