Ambuj Kumar is nothing if not ambitious.
An electrical engineer by training, Kumar led hardware design for eight years at Nvidia, helping develop technology including a widely used high-speed memory controller for GPUs. After leaving Nvidia in 2010, Kumar turned to cybersecurity, eventually co-founding Fortanix, a cloud data security platform.
It was while heading to Fortanix that he got the idea for Kumar’s next venture: an AI-powered tool to automate a company’s cyber workflows, inspired by challenges he observed in the cybersecurity industry.
“Security leaders are under pressure,” Kumar told TechCrunch. “CISOs don’t last more than two years on average, and security analysts have some of the highest variances. And things are getting worse.”
Kumar’s solution, which he co-founded with former Twitter software engineer Alankrit Chona, is Symbian, a cybersecurity platform that effectively controls other cybersecurity platforms, as well as security applications and tools. By leveraging artificial intelligence, Simbian can orchestrate and automatically operate existing security tools, finding the right configurations for each product, taking into account a company’s security priorities and boundaries, informed by its business requirements.
With Simbian’s chatbot-like interface, users can type in a cybersecurity goal in natural language, then ask Simbian to provide personalized recommendations and create what Kumar describes as “automated actions” to carry out actions (as best he can).
“Security companies have focused on improving their own products, which leads to a very fragmented industry,” Kumar said. “This results in a higher operational burden for organizations.”
According to Kumar, surveys show that cybersecurity budgets are often wasted on an overabundance of tools. More than half of businesses feel they have they misspent about 50% of their budget and still can’t remediate the threats, according to a survey cited by Forbes. A separate study found that organizations now juggle on average 76 security toolsleading IT teams and leaders to feel overwhelmed.
“Security has been a cat-and-mouse game between attackers and defenders for a long time. the attack surface continues to grow due to the growth of IT,” Kumar said, adding that “there is not enough talent to go around.” (A recent survey by Cybersecurity Ventures, a security-focused VC firm, estimates that The shortage of cyber experts will reach 3.5 million people by 2025.)
In addition to automatically configuring a company’s security tools, the Simbian platform attempts to respond to “security events” by allowing customers to direct security while taking care of lower-level details. This, Kumar says, can significantly reduce the number of alerts a security analyst must respond to.
But this assumes that Simbian’s AI is error-free, a tall order, given that it’s well documented that AI is error-prone.
To minimize the chance of off-track behavior, Simbian’s AI was trained using a crowdsourcing approach—a game on its website called “Are you smarter than an LLM?” — which tasked volunteers with trying to “trick” the AI into making the mistake. Kumar explained that Simbian used this learning, along with internal researchers, to “make sure the AI is doing the right thing in its use cases.”
This means that Simbian has effectively outsourced some of its AI training to unpaid players. But, to be fair, it’s unclear how many people actually played the company’s game. Kumar would not say.
There are privacy implications of a system controlling other systems, especially those related to security. Would companies — and suppliers, for that matter — be comfortable with funneling sensitive data through a single central AI-controlled portal?
Kumar claims that every effort has been made to protect against data breaches. Simbian uses encryption — customers control the encryption keys — and customers can delete their data at any time.
“As the customer, you have complete control,” he said.
While Simbian isn’t the only platform trying to apply a layer of artificial intelligence on top of existing security tools — Nexusflow offers a similar product — it seems to have won over investors. The company recently raised $10 million from investors including Coinbase board member Gokul Rajaram, Cota Capital partner Aditya Singh, Icon Ventures, Firebolt and Rain Capital.
“Cybersecurity is one of the most important problems of our time and has famously fragmented the ecosystem with thousands of vendors,” Rajaram told TechCrunch via email. “Companies have tried to build expertise around specific products and problems. I applaud Simbian’s approach to creating a comprehensive platform that would understand and operate all security. While this is an extremely challenging approach from a technology perspective, I would put my money — and I did put my money — on Simbian. They are the team with unique experience all the way from hardware to cloud.”
Mountain View-based Simbian, which has 15 employees, plans to put most of the capital it raises into product development. Kumar aims to double the startup’s workforce by the end of the year.
