Selective State Space Models: Solving the Cost-Quality Tradeoff
As AI is increasingly used in production scenarios, costs are mounting. Are alternative architectures the solution?
Kamal Shah and Vibhav Sreekanti are serial entrepreneurs whose Prophet AI platform uses automation to cut mean time to response to cybersecurity threats by 10x.
Every day, a company’s security operations team is barraged with alerts of hundreds of potential threats. There are far more than any team of triage specialists, the team’s first line of defense, could ever process alone. The number of cybersecurity threats, both real and perceived, has only increased over the past decade as cyber criminals have become more sophisticated and existing tools have tried to preempt them.
The rise of security orchestration, automation and response (SOAR) platforms in the 2010s was in direct response to this trend, but, as cybersecurity vets Kamal Shah and Vibhav Sreekanti learned, these offerings were far from a full solution. “We’ve now spoken to more than 100 CISOs and security leaders, and exactly three have been satisfied with their SOAR implementations,” Vibhav said.
SOAR tools require upfront investments and ongoing maintenance to codify playbooks and most are focused on alert enrichment and deploying those playbooks when a decision is reached. Vibhav used an example: “If you conclude a user’s account has been compromised, then you might have a SOAR playbook to reset their credentials. But how do analysts know the account was compromised?”
Kamal and Vibhav, who worked together for five years at the security startup StackRox through its acquisition by Red Hat, linked up and joined our BCV Labs incubation space in Palo Alto last fall to figure out a solution. Prophet Security was born.
Its signature offering, Prophet AI for Security Operations, uses generative AI to automatically triage, investigate and respond to alerts. Instead of relying on static playbooks, Prophet delivers AI-driven dynamic investigative workflows and integrations out-of-the-box. “Prophet conducts the actual investigation, and develops a detailed timeline of what happened and when,” Kamal said. It unlocks value through freeing up time and resources regardless of team size, and can either complement a SOAR platform or work without one.
After working with them at BCV Labs, we became confident that Kamal and Vibhav have a unique set of experiences and skills that will allow them to take advantage of this moment of AI-driven change. We are pleased to have led the $11 million seed round, with participation from several security leaders and angel investors.
We are excited to leverage the broader Bain Capital family’s security network and expertise to finally bring real progress to addressing one of the most nagging challenges for security operations teams.
There are few founding teams we know as well as Kamal and Vibhav.
During Aaref’s first year as CEO of the e-discovery software company Clearwell Systems, he recruited Kamal in 2005 from CRM company Siebel Systems to serve as VP of Product, and they worked together for six years. Enrique was CEO of the cybersecurity corporation Symantec when it acquired Clearwell in 2012, and had a chance to work with Kamal — and bond over a shared love of wine. And, well before all that, Kamal and our partner Ajay worked together back in the ‘90’s at the startup Trilogy Software in Austin before later collaborating again at Clari, where Kamal served as board observer while Ajay sat on the board.
Aaref had a chance to meet Vibhav in 2017 when Vibhav was building an object storage team at Oracle’s then-skunkworks project, Oracle Cloud Infrastructure, and have stayed in touch since.
Rak, in turn, was leading security products at Atlassian when in 2017 it partnered with the cloud cybersecurity startup Skyhigh Networks, where Kamal led products and marketing. He also spent much of his time at BCV Labs over the past year along with Aaref, and has had a chance to brainstorm with both Kamal and Vibhav extensively.
As for the founders themselves, Kamal hired Vibhav as VP of Engineering at StackRox in 2019. Both thrive in startups, with Kamal on product and Vibhav on the engineering side. Prophet Security happens to be the fourth startup each has been part of, with Vibhav previously starting one himself.
The founders know security well: They’ve built 1.0 products before, have an intuition for their customers and understand the existing landscape. As SVP of Products and Marketing at Skyhigh, Kamal created a strong brand and early market leadership in a brutally competitive category against strong competitors like Netskope and Adallom (acquired by Microsoft), and knows what it takes to stand out. Vibhav recruited a strong engineering team at StackRox and shipped the company’s first working product.
Together, they have an excellent founder-market fit.
Prophet AI for Security Operations is a co-pilot for security operations analysts.
First, it synthesizes incoming security alerts from tools like those covering identity, endpoint, security information and event management (SIEM) and cloud security posture management (CSPM). To reconcile conflicting information (e.g., Crowdstrike, Okta and Azure might each have a different definition of a session), Prophet embeds the contextualized, normalized alert in a vector database to feed an autonomous investigation planning engine.
Investigation planning results in a list of tools and data sources against which to check the normalized alert context to understand which alerts are severe and require a response versus low priority, false positive, or redundant alerts. This is a recursive process where the planner produces a step-by-step action plan, prompts an LLM to execute on the plan and amends the plan in light of new information uncovered by the LLM.
Prophet then provides the security operations analyst with a determination for each alert and a summary of key findings, a detailed timeline and underlying evidence. Analysts can review the investigation, ask questions and provide feedback as necessary, which ensures that the tool continuously evolves to meet the specific needs of the organization. Prophet AI for Security Operations also delivers recommendations for remediation and a comprehensive report for post-investigation reporting. The team has found in its testing that the tool can reduce mean time to response (MTTR) by 10x.
Additionally, Prophet Security’s privacy-first architecture ensures that an organizations’ sensitive data is not used to train LLMs, eliminating any LLM-related data leakage concerns.
“We conduct the investigation on our customers’ behalf, allowing analysts to view the entire investigative process and all the evidence gathered,” Vibhav said. “It’s a lot easier to grade homework than it is to do homework. By providing decision support to security analysts and engineers, we not only accelerate the process and improve investigative baselines, but also address a morale issue that plagues security teams.”
The Prophet Security team is, as of its emergence from stealth in late April, nine members strong, and will continue to grow over the year.
Prophet AI for Security Operations is currently in use across several technology, financial services and healthcare companies, and companies can gain early access to the tool at its website.
As AI is increasingly used in production scenarios, costs are mounting. Are alternative architectures the solution?
Cube is the standard for providing semantic consistency to LLMs, and we are investing in a new $25M financing after leading the seed round in 2020.
In this edition of “In the Lab,” Amit Aggarwal explains why he’s building an AI startup in BCV Labs after selling his company The Yes to Pinterest.