In the era of generative AI, the cybersecurity threats facing government agencies, businesses, and society are intensifying. Malware, deep fakes and disinformation campaigns have all become cheaper and easier for cybercriminals to create.
Despite this, in 2023, investments in cybersecurity in Europe fell by a third compared to the previous two years, from almost €2 billion to €1.3 billion.
Cybersecurity companies are fighting back, however, and are also turning to GenAI to track criminals.
One of them is the Swedish-American company Recorded Future, which works with 40 governments in the defense sector as well as many other large companies.
“We have no choice but to adopt AI as soon as possible, because that’s what adversaries are doing,” says Marie Brattberg, chief strategy officer. “In general, AI follows an exponential development curve: if we pause development, adversaries gain an exponential lead and we will never catch up,” she says.
“So far, AI is still pretty good at determining what is developed by AI, but it’s like an arms race.”
Using AI against AI
Cyberattacks cost the global economy an estimated $8 trillion in 2023 and this figure is expected to reach $10.5 trillion by 2025, according to Cybersecurity companies. With GenAI making it easier to create deep fakes, phishing scams, and disinformation campaigns, the work to combat cybercrime means a lot of AI development for cyber defense companies.
Recorded Future has used machine learning and natural language processing to combat cyber threats since its launch in 2010. The company also uses large language models to speed the response to an attack on a client’s system.
As soon as OpenAI released ChatGPT, Recorded Future met with the company and was one of the first to implement a reduction in the time to analyze a cyberattack, Brattberg says.
Instead of having one person investigate a breach or attack and write an analysis for the client, which can take hours or days, with GenAI the same work is done in minutes. With Recorded Future’s GenAI Assistant, launched earlier this year, users can be alerted and take real-time action against converging threats across cyber, physical, and influence operations.
AI can be used to create malware that functions similarly to some humans. virus
Besides misinformation and deep fakes, AI is also changing malware attacks.
“AI can be used to create malware that functions similarly to some human viruses,” says Brattberg. “They don’t look dangerous, but once inside a system, they transform and take on system-specific abilities. A bit like Ebola.
To identify security threats, Recorded Future’s software scans the open Internet and the dark web. It creates a digital shield around its clients’ systems that detects whether someone has attempted or succeeded in breaking in. Threat data – from Domain Name Systems (DNS), IP addresses, news and closed Dark Web blogs or forums – is then structured and analyzed. Its customers can then receive signals based on where they are, the sector in which they operate, the infrastructures and products they use and the products to which they are connected.
Brattberg cannot mention individual customers, but, given the company’s situation, an annual price of around €100,000 — it is mainly large companies that can afford it. However, as part of its supply chain risk product for its customers, the company tracks and provides security scores to 5 million businesses in real time.
Obtaining your first funding from the investment arm of the CIA
Christopher Ahlberg, Staffan Truvé and Erik Wistrand founded Recorded Future in Gothenburg in 2009. A few years earlier, in 2007, Ahlberg and Truvé sold their first startup, the analytics platform Spotfire, for around €150 million to the American company TIBCO.
The founders built a prototype of Recorded Future in “a virtual garage» – the founders being based in Gothenburg and the United States – and in 2009, the startup secured its first investment of $2.2 million from GV (Google Ventures), IA Ventures and In-Q-Tel, the investment arm of the CIA.
The company split its site to concentrate its engineering efforts in Gothenburg. Ahlberg said in an interview with local media in 2019, people are as talented in the Swedish city as in the United States – but more loyal.
Since then, the company has employed more than 850 people worldwide and opened offices in Dubai, Singapore, Tokyo, London and Washington. The company has annual recurring revenue in excess of $300 million.
Sweden’s most secretive startup
However, Recorded Future is often described as “Sweden’s most secretive startup“.
The reason may be that it hasn’t completed the venture capital rounds that other well-known startups have done, says Brattberg, who joined Recorded Future in 2013.
“We never embraced the hyperscale trend via high valuation/investment. Instead, we were prudent in our spending and financed our own growth. We have been profitable for the last two years.
“Of course, in previous years, people questioned this choice – they didn’t always agree with why we didn’t want to invest more in rapid growth. But now, with the financial crisis, we look pretty smart,” she says.
Recorded Future had raised a total of $56 million when in 2019, US investor Insight Partners purchased a majority stake in the company for $780 million, effectively buying out all previous investors. The founders and employees have retained their shares in the company and the company is run as before, Brattberg says: “We have the freedom to act as we see fit. »
And with the increased risk of cybercrime, the business is busier than ever.
State security
Large corporations make up about 80% of Recorded Future’s customer base, although the company also works with governments. Ukraine is one of them, which Recorded Future helps.
When an attack on national defense occurs, Recorded Future can discover which nation-state the incident originated from, the subgroup within that country, and the infrastructure it used. One of its recent findings, published in February, was that “a threat actor likely acting on behalf of Belarus and Russia (was conducting) cyberespionage” against several governments, including Georgia, Ukraine and Russia. Poland.
“When we talk about cyber threats, we cannot act in isolation. They are linked to other vectors, disinformation as well as physical threats – such as bombings. The most sophisticated adversaries synchronize their attacks, and this showed itself very clearly in the case of Ukraine,” says Brattberg.
“Partnering with Ukraine has been an incredible way for us to live out our mission as a company. »
The company’s work in Ukraine has attracted increased interest from other European governments, Brattberg says. In January last year, Belgium announced Recorded Future as its cybersecurity partner.
With half the world’s population ready to vote in this year’s national elections, it could sign up several new government clients eager to combat misinformation.
“The volume and sophistication of misinformation will be very high,” Brattberg says.
