Since the Wraithwatch founding team first met at SpaceX, we have lamented that cyber defense teams are caught in a desperate, infinite loop of being reactive second movers. We lack proactive understanding about the nature of novel and emerging attacks unless we read about them from third party sources or we are their victim (through breach or red team). The defenses we engineer, the security products we buy, and the threat models we develop are all based on the past - on breaches that have already occurred or attacks already known, lending the adversary a first-mover advantage through discovery of new attacks that keep defenders on the back foot. Wraithwatch intends to invert this paradigm and, for the first time, deliver that first mover advantage back to the defense.
The Status Quo
For decades now, the US and its allies have been on the losing end of a silent cold war fought between foreign intelligence services and private sector cybersecurity teams. Barrage after barrage of cyber intrusions have compounded over the years into unprecedented levels of critical technology and trade secret theft at the hands of state-sponsored cyber actors. This should come as no surprise to the astute observer - there is a reason why China’s fifth generation fighter looks exactly like Lockheed’s F-35 - but the damage extends far beyond leaked military hardware designs. From 5G infrastructure, emerging energy, autonomous vehicles, and artificial intelligence, the west is losing its once-monopolistic technological dominance because we cannot reliably defend our most important institutions from bleeding critical secrets to the cyber warfare arms of our enemies.
But an even worse storm is brewing.
The Perfect Storm
There is a coming Cambrian explosion of offensive cyber weapons powered by generative AI, heralding a world where attackers deploy swarms of malicious AI agents toward their targets rather than executing attacks manually. Because code mutation using large language models is trivial, these offensive agents will continuously adapt to the defensive postures of their targets at rates faster than human-centric security teams will be able to respond to.
Contemplate a scenario where adversaries launch a ransomware attack against the United States’ largest bank, where more than 60 million Americans keep their money, then demand millions of dollars in ransom payment. Now consider how AI can be weaponized to enable that attacker to constantly mutate the ransomware to evade new defenses and re-attack that bank at regular intervals - perhaps even every few days - demanding higher and higher sums of payment each time. Finally, contemplate such a barrage of continuously mutating attacks against every financial institution, every airline, chip maker, energy company, utility, or government agency in America. Attacks that are not only capable of ransomware but also mass, autonomous, exfiltration of trade secrets from across every critical institution into the waiting hands of our enemies.
The potential economic and societal devastation would be catastrophic.
Zooming out further, the geopolitical reality is even more stark. Unclassified estimates from the US intelligence community (IC) indicate that China is aggressively ramping up offensive cyber operations against the US and its allies . US officials have publicly admitted as recently as October 2023 that other state-sponsored actors are actively integrating artificial intelligence into their cyber warfare campaigns, allowing for faster and more efficient exploitation . IC sources fully expect that in the event of an active conflict involving the PRC, Taiwan, and the US, the opening volley would likely involve a concerted offensive cyber effort from the PRC to cripple critical infrastructure within American borders in order to dissuade further US involvement , a playbook already run by Russia against Ukraine in the opening hours of that conflict .
There is a reason we ended up here: cybersecurity is a fundamentally reactive practice comprised of teams that are consistently underwater and continually overwhelmed. New vulnerabilities and attack techniques - a weekly occurrence - are difficult to understand and mitigate, requiring in-depth analysis in order to comprehend underlying attack mechanics and manually translate that understanding into appropriate defensive strategies. Existing security tools each focus on small, narrow pieces of the problem and rarely have purview outside of their individual silos. Like an untrained, ill-prepared military unit, these tools are unable to work together in synchrony against static threats much less adapt nimbly to continuously mutating ones.
Wraithwatch Mission: Zero Breaches
It is our conviction that if we are to live in a world with this kind of continuously mutating cyber offense, so too should we live in a world with continuously adapting cyber defense. Long before a new threat actor lands inside our institutions with their cyber implants, autonomous agents powered by generative AI should have proactively explored novel vulnerabilities and attack strategies, simulated their various permutations, and autonomously developed and applied forward-thinking defensive strategies across disparate security tools. The end result being deployment of exhaustive defenses in minutes and seconds as opposed to days and weeks and ultimately, arming cybersecurity teams with the heavy firepower needed to turn the tables on a historically one-sided conflict.
Our mission is the result of years in the trenches building cyber programs - often from scratch - at the most advanced tech companies in the world, helping secure rockets, astronauts, mission control and launch infrastructure, submarines, satellites, weapons systems, and other classified programs against sophisticated cyber adversaries. We have seen first hand the speed and aggressive nature of these entities as they repeatedly set their sights on our technology and innovations.
Funding the Future of Cyber Defense
Our investors share our conviction that a tidal wave of emerging AI-powered cyber weapons will put American and allied industry at risk, and they have put their trust in us to architect the defense. Today we are proud to announce the close of an $8 million seed round led by Founders Fund and backed by XYZ Capital and Human Capital.
We are in search of world-class engineers who share our vision to revolutionize the future of cyber defense. Join us.
Nik Seetharaman, Grace Clemente & Carlos Más
Wraithwatch Founding Team