If the messages arriving in my inbox are any indication, one of the hot new things in generative AI is cybersecurity “co-pilots.” Microsoft has one. Google too. So does he Vicariusa vulnerability remediation platform – recently launched an AI script generation tool, vuln_GPT, that helps write scripts to detect and remediate system intrusions.
Perhaps it was Vicarius’s trend that caught investors’ attention — as well as (I’d bet on a guess) the startup’s 5x year-over-year growth. Michael Asraf, co-founder and CEO of Vicarius, told me the company’s customer base recently surpassed 400 brands including PepsiCo, Hewlett Packard Enterprise and Equinix.
Whatever puts Vicarius on backers’ radars, the company recently closed a $30 million Series B round led by Bright Pixel Capital with participation from AllegisCyber Capital, AlleyCorp, and Strait Capital, Vicarius announced today. The round, at a previous multiple of Vicarius’ valuation — a valuation that Ashraf declined to disclose, unfortunately — brings Vicarius’s total amount to approximately $56.7 million, the bulk of which Ashraf says has been allocated to developing Vicarius’ product roadmap and doubling its size. A team of 43 people.
“Vicarius automates much of the detection, prioritization and remediation workload that security and IT teams struggle with,” Ashraf said. “As an early adopter of product-led growth, Vicarius’ self-service model is changing the paradigm of buyers of cybersecurity solutions by allowing customers to transparently test and find value…before they buy.”
Vicarius was founded several years ago by Asraf, Yossi Ze’evi, and Roy Cohen, who noticed — at least the way Asraf tells it — that attackers were reusing the same “building blocks” to carry out cyberattacks.
“These core elements are third-party and operating system APIs provided by programs and libraries compiled from the operating system,” Ashraf said. “the main idea [with Vicarius] It was creating an intelligent permissions manager for the APIs at the system level.
Today, Vicarius analyzes applications for vulnerabilities and alerts customers to these vulnerabilities. When a patch is not available, Vicarius applies what Assraf calls “in-memory protection”, which virtually secures the application without requiring a software upgrade (although I’m a bit skeptical).
Vicarius also provides access to a community of vulnerability researchers where researchers can share remediation and detection scripts and get rewarded for it in virtual currency, in addition to the community dataset that Vicarius uses to train the aforementioned vuln_GPT. And speaking of Vuln_GPT, it doesn’t run completely unsupervised — Ashraf says that all AI-generated scripts are “validated” before being sent to Vicarius clients. (Customers can provide feedback about scripts through a module.)
“We would like to emphasize that Vicarius looks forward to leading the process of addressing AI-based vulnerabilities at any stage, from detection to prioritization to proactive remediation,” Ashraf said.
Vicarius is certainly ambitious, and has plans to let security researchers in its community spend their coins on products, launch educational courses and integrate the Vicarius platform with existing ticketing platforms like ServiceNow and Jira. The startup also aims to grow into new markets, particularly the Asia-Pacific region, while expanding into markets where it currently operates including North America and Europe.
“For years, companies have struggled to deploy vulnerability management processes that require too many tools, create too many alerts, and create too much work for overburdened security teams,” Ashraf said. “While most security operations have moved forward by a generation or two, vulnerability remediation cycle management has lagged, exposing companies to cyber risks. As a result, customers are looking for a single platform that consolidates, customizes, and scales their vulnerability remediation process.