The Team8 Foundry Method for Selecting Investable Startups – Source: www.securityweek.com

Team8 regularly consults with its CISO Village of around 350 enterprise CISOs over startup investments. AI security, 3^rd party risk management, and the insider threat are today’s top CISO concerns.

Team8, a Tel Aviv venture capital (VC) organization with added sauce, queried more than 130 CISOs from its own ‘CISO Village’ to discover the concerns of existing cybersecurity practitioners, and the technologies they are seeking for the future.

The VC in the equation is capital investment in cybersecurity startups, with a focus on data science, AI and fintech. The added source is deep technical and managerial expertise that is applied together with the investment capital. The CISO Village is a group of around 350 enterprise CISOs – including from Fortune 500 companies – from which Team8 discovers the technologies currently or expected to be most in demand. 

The result is that Team8 knows exactly what is needed, and then ‘builds’ relevant startup companies together with the technology to fill the known market gap. That market gap is based on genuine practitioners’ pain points rather than new vendor and media hype. Team8’s USP is that it builds new companies rather than simply injects capital – usually at the rate of one company per year.

The 2023 CISO Village summit comprised five days of discussion with and between the CISO members, culminating in the 2023 CISO Village survey (PDF). There are three primary takeaways from this survey. Migration to the cloud and remote working has been accelerated, not caused, by the COVID pandemic. This creates extra pressure for access management (IAM and PAM) and cloud security solutions. Secondly, the public emergence of artificial intelligence (AI) has highlighted the need for security against threats to and from artificial intelligence. Thirdly, the increasing use of third parties for both software and services demands better third party risk management.

Bobi Gilburd, chief innovation officer at Team8 and a former Colonel in in the IDF’s unit 8200, commented, “I believe that the next one or two companies the team8 will build, this and next year, will be mainly one of the cases based on this survey.”

The new entry in this year’s survey is AI. AI has been used by security vendors for many years, but the emergence of publicly available gen-AI (eg, ChatGPT) at the end of last year has focused attention on the need to secure AI itself rather than simply use AI to help secure systems and improve processes. We focused our conversation on AI security.

The AI threat is not immediately critical. “There are lower fruits for the attackers to pick,” said Gilburd; “but it is coming and inevitable, and we need to be ready for it.” 

There is a growing need for trustworthy AI, but it is a complex and wide-ranging subject. Internal use needs to be accurate, ethical, and secure. If social media gets its AI algorithms wrong, they may run afoul of regulations. If HR gets them wrong, they could be accused of bias, racism, sexism and worse. So internal AI needs to be built accurately and ethically, and then protected from malicious alteration by attackers. The same applies to AI used to secure systems – if the algorithm can be manipulated by attackers, what should have been a security defense becomes an insecurity threat vector.

Gen-AI has now widened the AI threat. The potential to increase the scale and quality of phishing attacks is obvious. Its use to generate a new quality of deepfake – what Gilburd calls ‘fakes on steroids’ – is inevitable. And the threat to privacy abuse via gen-AI training data is causing concern at government levels.

So, the AI threat is now how to build unbiased algorithms, how to protect those algorithms, and how to detect and counter malicious use of external AI. Team8 uses its CISO Village discussions to uncover these new areas of concern, and to determine when solutions will be necessary. Based on the 2023 CISO Village, it is a certainty that Team8 will invest in AI security – it is not so much a question of if, but when.

Related: How a VC Chooses Which Cybersecurity Startups to Fund in Challenging Times

Related: ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications

Related: Biden, Harris Meet With CEOs About AI Risks

Related: Protect AI Raises $35 Million to Protect Machine Learning and AI Assets