Blackhat Innovators and Pro-Skateboarders!

CYBER THOUGHTS NEWSLETTER

July 2024

It’s officially summer. That time of year when venture investors take a month off and the world grinds to a halt. At least that’s what used to happen, but that doesn’t seem to be the case anymore. Maybe our asset class really has grown up.

Lyrical held its first CISO summit in June, and we’d like to thank everyone who joined us. We had amazing speakers and kept it intimate so everyone could participate in the discussions. One key takeaway from the summit was that CISOs are at a crossroads regarding AI. When privacy first became an issue CISOs backed away from the responsibility, into that vacuum stepped lawyers, and then the Chief Privacy Officer was born. This feels like a mistake and one that the CISO community shouldn’t repeat. They need to step into this breach now to ensure that AI security and usage isn’t handled by another team at cross purposes to the CISO.

We also got to hear from professional skateboarder Rodney Mullen; an amazing speaker who has given two TED talks and is involved in MIT’s Media Lab. We went pretty far off-script and discussed how hackers and skateboarders share a worldview: outsiders who repurpose technology for their own exploits. It was a fantastic interview that we may try to recreate as a podcast sometime soon. 

Lucas just reviewed almost 100 submissions for BlackHat’s Innovators Summit Spotlight Competition, where he will be a judge. That’s by far the most submissions the event has ever received, and the quality seems to be higher as well. Quick plug, if you’re going to be in Las Vegas in August, you should join the event and say hi. The weather is it’s own reward. 

To that end, we are starting to see a new trend in cybersecurity companies, a focus on ROI and time-to-value. New cybersecurity companies can leverage cloud access to show value in a matter of hours if they can be given API Keys. The old enterprise sales model, where you spent months setting up the system before the customer could get any value, is on the way out. Startups today can do the job of two to four enterprise competitors out of the box, which is a great value proposition for buyers. 

The ability to replace multiple products also makes for a natural land and expand model. The company can come in and fill an empty niche, then easily replace competitors that fill adjacent niches. The buyer has less vendors and often saves on costs and integration headaches. We will be keeping our eyes on this trend since it also feels like a great way to move downmarket to companies that have smaller teams and don’t have the staff to operate the classical enterprise tools. 

And now, a hot take. LLMs aren’t going to be all that great for actual security defense. Sure, they will summarize what’s happening and make it easier to explain, but they aren’t built for anomaly detection, which is the goal of defense. 

Below are a few of the articles that caught our attention this month. Moreover, we’ve inserted one or two sentences in italics, summarizing each article’s importance. We hope you enjoy and appreciate the material.

Lastly, if you appreciate our highlighted content, please follow us on Twitter and LinkedIn, where we regularly post about things worthy of attention.

What We're Reading

Here's a curated list of things we found interesting.

Microsoft details ‘Skeleton Key’ AI jailbreak

As far as we can tell, you can just tell AI models “Trust me” and they’ll do whatever you ask. Kinda like a 6th grader, but with the ability to explain how to create a nuclear weapon. Peachy. 

Microsoft has disclosed a new type of AI jailbreak attack dubbed “Skeleton Key,” which can bypass responsible AI guardrails in multiple generative AI models.The Skeleton Key jailbreak employs a multi-turn strategy to convince an AI model to ignore its built-in safeguards. Once successful, the model becomes unable to distinguish between malicious or unsanctioned requests and legitimate ones, effectively giving attackers full control over the AI’s output.

Questions emerging from Cyberstarts' remarkable success

In the salacious gossip column, it has been reported that Cybestarts was trading carry in their fund to CISOs who bought their portfolio company’s products. This has been ricocheting around the CISO community since the news broke. 

Calcalist reveals the mechanism behind Cyberstarts’ amazing returns: points worth tens of thousands of dollars are awarded to CISOs of organizations for deepening relationships with the fund's portfolio companies, aiding their growth.

How AI Revolutionized Protein Science, but Didn’t End It

Absolutely fascinating article on how Google solved the protein folding problem. An in depth dive into an explanation of the science and how AI has turned it on its head, but with an ending of  ‘now what?’ 

Three years ago, Google’s AlphaFold pulled off the biggest artificial intelligence breakthrough in science to date, accelerating molecular research and kindling deep questions about why we do science.

Transactions

Deals that caught our eye.

CyberArk to acquire Venafi in $1.5 bln deal

CyberArk will acquire cybersecurity firm Venafi from private equity firm Thoma Bravo in a deal valued at around $1.54 billion.The Israel-based information security services provider will acquire Venafi in a combination of $1 billion in cash and around $540 million in stock, and expects the deal to close in the second half of 2024.Shares of CyberArk gained 2.3% in premarket trading.

Podcasts

What we’re listening to.

CYBER THOUGHTS PODCAST: EPISODE 9 WITH SAMEER MALHOTRA 

In this Cyber Thoughts episode, Lucas Nelson sits with Sameer Malhotra, Truefort's Founder and CEO, to explore his journey from the financial sector to cybersecurity innovation. Sameer discusses Truefort's genesis during a pivotal time in cyber defense, emphasizing their mission to halt lateral cyber threats through advanced technology.

About Lytical

Lytical Ventures is a New York City-based venture firm investing in Corporate Intelligence, comprising cybersecurity, data analytics, and artificial intelligence. Lytical’s professionals have decades of experience in direct investing generally and in Corporate Intelligence specifically.