AI-powered vulnerability detection tools developed by Vicarius receive $30M
2 min readThe pitches reaching my inbox indicate that “copilots” for cybersecurity are one of the hottest things in generative AI. There is one at Microsoft. The same goes for Google. A vulnerability remediation platform, Vicarius, recently launched vuln_GPT, a text-generating AI tool that helps write system breach detection and remediation scripts.
It may be Vicarius’ trend following, as well as its 5x year-over-year growth, that attracted investors. According to Vicarius co-founder and CEO Michael Assraf, the company’s customer base recently exceeded 400 brands, including PepsiCo, HPE, and Equinix.
Despite whatever made Vicarius stand out among investors, the company closed a $30 million Series B round with Bright Pixel Capital, AllegisCyber Capital, AlleyCorp, and Strait Capital. Vicarius raised $56.7 million in this round, at a valuation double its previous valuation, a valuation Assraf declined to disclose, unfortunately. Assraf says the majority of the funds will be used to improve Vicarius’ product roadmap and double the team’s size.
“Vicarius automates much of the discovery, prioritization, and remediation work that is burdensome on security and IT teams,” Assraf said. With its self-service model, Vicarius has changed the cybersecurity solution buyer’s paradigm by allowing customers to test and validate value before making a purchase.”
At least according to Assraf, Vicarius was founded several years ago by Yossi Ze’evi, Assraf and Roi Cohen, who noticed that attackers were reusing the same “building blocks” to carry out cyberattacks.
“These are third-party APIs and operating system-compiled libraries provided by software and operating systems,” Assraf said. With Vicarius, we wanted to build an intelligent permission manager for system-level APIs.
Vicarius analyzes apps for vulnerabilities today and alerts customers of these vulnerabilities. Whenever a patch isn’t available, Vicarius applies what Assraf calls “in-memory protection,” which ostensibly secures apps without requiring software updates.
Additionally, Vicarius provides researchers access to a community where they can share remediation and detection scripts and receive virtual currency in return, as well as the community data set that is used to train vuln_GPT. Vuln_GPT, speaking of, doesn’t run completely unsupervised — Assraf says that all AI-generated scripts are “validated” before being pushed to Vicarius’ customers. The scripts from a module can be given feedback by customers.
“Vicarius is seeking to lead AI-based vulnerability remediation at any stage,” Assraf said, “from detection to prioritization to proactive remediation.”
Vicarius is ambitious, for sure, with plans to allow security researchers to spend their currency on products, launch educational courses, and integrate with existing ticketing platforms like ServiceNow and Jira. Additionally, the startup hopes to expand into existing markets such as North America and Europe, as well as into new markets, such as Asia Pacific.
“Enterprises have struggled with deploying vulnerability management processes that require too many tools, generate too many alerts, and overload security teams,” Assraf said. The vulnerability remediation cycle management lagged behind most security processes, exposing businesses to cyber risk. Consequently, customers are seeking a single platform that consolidates, personalizes, and scales vulnerability remediation.”
