Tech Gadget Central Latest Tech News and Reviews
Based on the pitches I receive in my inbox, it seems that one of the emerging trends in generative AI is the development of “copilots” for cybersecurity. There is a company that has one. Google, as well. Vicarius, the vulnerability remediation platform, has introduced a new text-generating AI tool called vuln_GPT. This tool is designed to assist in the creation of system breach detection and remediation scripts.
It’s possible that Vicarius’ trend-following strategy has attracted investors, along with the impressive 5-year-over-year growth of the startup. Vicarius co-founder and CEO Michael Assraf informs me that the company has now amassed over 400 brands as customers, including PepsiCo, Hewlett Packard Enterprise, and Equinix.
Vicarius has successfully secured a $30 million Series B round of funding, with Bright Pixel Capital leading the investment. Other notable participants include AllegisCyber Capital, AlleyCorp, and Strait Capital. This recent development has undoubtedly caught the attention of backers. The latest funding round has doubled Vicarius’ previous valuation, although the exact figure was not disclosed. This brings the total amount that Vicarius has raised to about $56.7 million. According to Assraf, the majority of this funding will be used to further develop Vicarius’ product roadmap and expand its team, which currently consists of 43 members.
“Vicarius streamlines a significant portion of the workload that security and IT teams face, automating the processes of discovery, prioritization, and remediation,” Assraf explained. With Vicarius’s self-service model, customers can now test and find value in cybersecurity solutions before making a purchase. This innovative approach to product-led growth is changing the paradigm for buyers in the industry.
Assraf, Yossi Ze’evi, and Roi Cohen established Vicarius a few years ago. They observed, as Assraf recounts, that cyber attackers were utilizing repetitive “building” components to execute their attacks.
“Those building blocks are APIs provided by third-party software and operating system-compiled libraries,” Assraf explained. “The primary objective behind Vicarius was to develop an advanced permission manager for system-level APIs.”
Today, Vicarius conducts thorough app analyses to identify vulnerabilities and promptly notifies customers of any potential risks. When a patch isn’t available, Vicarius utilizes what Assraf refers to as “in-memory protection,” which supposedly safeguards the app without requiring a software upgrade (although I must admit, I have some doubts about this).
Vicarius also provides access to a community of security vulnerability researchers. In this community, researchers can collaborate by sharing remediation and detection scripts. As a reward, they receive a virtual currency. Additionally, Vicarius offers a community data set that is utilized to train the vuln_GPT model. Speaking of Vuln_GPT, it’s worth noting that it doesn’t operate entirely without supervision. Assraf explains that all AI-generated scripts undergo a process of validation before being provided to Vicarius’ customers. (Customers have the opportunity to provide feedback on the scripts within a module.)
“Our goal at Vicarius is to take the lead in AI-based vulnerability remediation, covering every stage from detection to prioritization to proactive remediation,” Assraf stated.
Vicarius demonstrates a strong drive, with aspirations to enable security researchers in its community to utilize their currency for product purchases, offer educational courses, and seamlessly integrate the Vicarius platform with established ticketing platforms such as ServiceNow and Jira. The startup is focused on expanding its presence in various markets, including Asia Pacific, North America, and Europe.
“Enterprises have long grappled with the challenge of implementing vulnerability management processes that involve numerous tools, generate excessive alerts, and burden already stretched security teams,” Assraf explained. “While most security processes advanced one or two generations, vulnerability remediation cycle management lagged, exposing businesses to cyber risk. Due to this, customers are seeking a unified platform that can streamline, customize, and expand the vulnerability remediation process.
