For all of the time we spend talking about the shiny, go-boom side of defense, we haven’t spent too much time in this newsletter on one of the scarier sides of modern conflict: cyber warfare.
Lucky for us, a startup called Twenty that came out of stealth last week is all over it.
The company—founded last year by CEO Joe Lin and a team of “decorated veterans and elite operators”—builds AI agents and “end-to-end systems that accelerate the entire offensive cyber operations lifecycle.” In other words, it builds AI-powered tools that can identify and target holes in adversaries’ cyber defenses. Nifty, that.
And isn’t just pie-in-the-sky dreamer talk: Twenty already has real contracts. The company has reportedly been working quietly with the Pentagon since it was founded, scoring a $12.6M contract with US Cyber Command this summer, and a $240K research contract with the Navy.
It’s also raised a cool $38M Series A led by Caffeinated Capital with participation from In-Q-Tel (note the intelligence links) and General Catalyst. Not too bad for a year’s work.
In the trenches: First, a little bit about how Twenty does its thing.
Twenty’s founding team—including Lin, a former Navy reserve officer and VP of product management at cyber giant Palo Alto Networks—saw firsthand over the course of their careers how far behind the US is in terms of cyber capabilities. The talent was there, but the government was not adopting cutting-edge technology (cough, AI, cough) quickly enough to stay ahead of the threat.
“The U.S. government has some of the most capable and dedicated cyber operators and analysts in the world — that’s not where the challenge lies,” Lin told Tectonic via email. “The challenge is that today’s cyber operations require technology that can operate adaptively, continuously, and at a scale no human team can match on its own.”
That’s where Twenty comes in. Lin says his company “industrializ[es] cyber warfare, encoding the work of elite operators into software that acts at machine speed and global scale.”
- In layman’s terms, that means that the company builds AI agents that can scan oodles of potential targets and look for—for example—digital signatures that might indicate an adversarial government network.
- Those agents prod these networks looking for holes and weak points. Once they find them, they suggest courses of action (like, say, cyber attacks) to human operators who can then choose to carry them out.
- Twenty emphasizes the role of human operators here—it doesn’t seem they want cyber-attacking AI agents out there running amok. “Think of it as mission control for industrial‑scale cyber operations, not a free‑roaming AI deciding what to do on its own,” Lin said.
Essentially, the agents carry out the time-consuming grunt work of cyber operations, while humans can focus on responding to threats. “Our systems automate the high-tempo operations that must run continuously across hundreds of targets, allowing operators to focus on strategy and the human decisions that determine outcomes,” Lin said.
Elephant in the room: Lin sees the work he and his team do as a direct (and necessary) response to the cyber buildup adversaries like Russia and China have been undertaking in recent years.
“Our adversaries, especially China, are investing heavily in advanced automation and AI-powered tooling to conduct persistent global operations,” he said, “Modern cyber conflict is won by those who operate faster, smarter, and more persistently.”
He’s got a point—China and Russia (not to mention Iran) have gotten pretty feisty in terms of cyber attacks in recent years. To name a few:
- The Salt Typhoon cyber espionage group, linked to the Ministry of State Security (MSS) of China, breached US telecom networks last year and scooped up the metadata of calls, text messages and wire-tap platforms.
- Chinese cyber groups reportedly target the networks upholding critical infrastructure, including communications, energy, water and wastewater, and transportation sectors.
- Cyber attacks are also a critical part of Russia’s “hybrid war” against the EU and NATO allies. Russian intelligence (GRU)-linked cyber cells have carried out attacks against railways, undersea cables, and energy grids across Europe, and have stolen critical data from government agencies.
“The most significant cyber threat to the U.S. comes from nation-states that use cyber as a strategic instrument for coercion, influence, and power projection—and that are willing to directly target the American public and critical infrastructure in ways that run directly against long-standing norms and the law of armed conflict,” Lin said.
And the threat doesn’t stop with the big bad actors like China, he added: “China is not the only threat. America has many adversaries, and all of them are trying to use cyber attacks to disrupt our way of life. Our nation needs capabilities that can respond quickly and aggressively to any current or emerging threat.”
Out of the shadows: We asked Lin why his company decided to come out of stealth now when it was already getting traction without a public profile. “What’s changed is the urgency,” he said. “The cyber conflict is intensifying, and the country needs a more serious conversation about it… You can’t recruit the country’s best engineers and researchers entirely in the shadows.”
And now that they’re out in the daylight, the plan is to use that cool $38M to grow as quickly as possible.
“[We plan to] scale the technology, scale delivery, and scale the talent base to match the urgency of the mission,” he said, “That means growing our engineering and research teams, accelerating the capabilities we’ve already proven with operators, and hardening the platform so it supports true industrial-scale operations for the analysts and operators on the front lines.”