We’re back with some super-cyber nuts and bolts, friends.
This morning, AI-for-cybersecurity startup RevEng.AI announced that it’s raised a $15M Series A to further advance its cyberthreat-detecting AI software and expand into the United States. The round was led by the NATO Innovation Fund with participation from Sands Capital, In-Q-Tel (IQT), IQ Capital, and Episode One.
Seems like a good sign when you have NATO and the VC arm of the US defense and intelligence community on the same cap table.
Everything is computer: Now, we’re gonna need y’all to bear with us, because things are about to get a little nerdy.
In case you didn’t know, cyber threats to the US and its allies are, like, major—and they’ve gotten even worse with the rise of AI.
- Adversaries, including China, Russia, Iran, and North Korea, have gotten, like, extremely spicy in terms of cyber attacks in recent years.
- China’s Salt Typhoon cyber espionage group (linked to the Ministry of State Security) breached US telecom networks in 2024 and scooped up the metadata of calls, text messages, and wiretap platforms.
- Chinese cyber groups reportedly target the networks upholding critical infrastructure, including communications, energy, water and wastewater, and transportation sectors.
- Cyber attacks are also a critical part of Russia’s “hybrid war” against the EU and NATO allies. Russian intelligence (GRU)-linked cyber cells have carried out attacks against railways, undersea cables, and energy grids across Europe, and have stolen critical data from government agencies.
Ghost in the machine: A big part of how these attacks happen is through software.
To be clear, it’s not that software itself (think, logistics planning software or stuff used by critical infrastructure companies) is bad—but attackers take advantage of bugs in software and loopholes in the software supply chain to get nasty stuff inside mission-critical systems.
That’s where RevEng.AI comes in.
- The UK-founded company uses a proprietary AI model to help users read binary software they didn’t design themselves to make sure there’s nothing risky in it.
- And you don’t need to have the source code (real ones know) to do it. The company’s software can run off the completed software product and make sure it’s not hiding anything scary, risky, or insecure.
- This takes a process that would take a human expert days or weeks down to minutes or hours.
- This is all the more relevant as increasing numbers of developers (like, most of them) use AI to write their code. If you ain’t writing it, you don’t know it down to brass tacks.
- Basically, the company’s AI takes software, rips it apart, and reveals all of its dirty secrets. Finding the needle in a haystack, but for cyber threats.
“We train our AI model to learn and understand the patterns inside the software that [customers are] using to then identify these cyber threats, whether it’s in the form of security vulnerabilities or hidden threats like back doors or malware,” RevEng.AI founder and CEO James Patrick-Evans told Tectonic.
Dig deep: That’s pretty useful in defense, security, and commercial contests.
- If you’ve learned one thing from Tectonic, we hope it’s that the battlefield is increasingly digital and software-defined (nerds). That’s great and all, but it also exposes users and critical tech to a lot more software-related risk.
- According to Patrick-Evans, the software is used by “customers inside financial services, defense, national security, telecom companies, [and] core cybersecurity companies.” Within defense, they are “working with the most elite cyber teams inside Western governments…[those] three and four letter agencies,” he added.
- The customer base (currently about 10 clients) is around 60 percent defense and security and 40 percent commercial, but part of the goal with this raise (and the US expansion) is to expand that commercial customer base. After all, lots of financial services companies (for example) get cyber-attacked, too.
- Patrick-Evans said that because their model is specifically trained to identify cyber threats in software, it performs way better when tested than leading all-purpose models (like Claude Opus or ChatGPT).
From here, the plan is (unsurprisingly) to scale and make that great leap across the pond.
- Patrick-Evans and his team will work on the next generation of their AI model, expanding capabilities into more software and critical infrastructure.
- They also plan to open an office in NY, and will expand the team from 22 people to about 45.