Startup Story

Vicarius lands $30M for its AI-powered vulnerability detection tools

If the pitches reaching my inbox are any indication, one of the hot new things in generative AI is “copilots” for cybersecurity. Microsoft has one. Google, too. So does Vicarius, the vulnerability remediation platform — recently, it launched a text-generating AI tool, vuln_GPT, that helps write system breach detection and remediation scripts.

Perhaps it’s Vicarius’ trend following that caught investors’ attention — as well as (I’d wager to guess) the startup’s 5x year-over-year growth. Vicarius co-founder and CEO Michael Assraf tells me that the company’s customer base recently eclipsed 400 brands, including PepsiCo, Hewlett Packard Enterprise and Equinix.

Whatever put Vicarius on backers’ radars, the company recently closed a $30 million Series B round led by Bright Pixel Capital, with participation from AllegisCyber Capital, AlleyCorp and Strait Capital, Vicarius announced today. The round, at double Vicarius’ previous valuation — a valuation Assraf declined to disclose, unfortunately — brings Vicarius’ total raised to ~$56.7 million, the bulk of which Assraf says is being put toward advancing Vicarius’ product roadmap and doubling the size of its 43-person team.

“Vicarius automates much of the discovery, prioritization and remediation workload plaguing security and IT teams,” Assraf said. “An early adopter of product-led growth, Vicarius’s self-service model changes the cybersecurity solution buyer’s paradigm by letting customers transparently test and find value … before purchasing.”

Vicarius was founded several years ago by Assraf, Yossi Ze’evi and Roi Cohen, who noticed — at least the way Assraf tells it — that attackers were reusing the same “building” blocks to carry out cyberattacks.

“Those building blocks are third-party and operating system APIs provided by software and operating system-compiled libraries,” Assraf said. “The main idea [with Vicarius] was to build an intelligent permission manager for system-level APIs.”


                                                                    Image Credits: Vicarius

Today, Vicarius analyzes apps for vulnerabilities and alerts customers to these vulnerabilities. When a patch isn’t available, Vicarius applies what Assraf calls “in-memory protection,” which ostensibly secures the app without the need for a software upgrade (color me a bit skeptical, though).

Vicarius also offers access to a community of security vulnerability researchers where researchers can share remediation and detection scripts and get rewarded for it with a virtual currency, as well as a community dataset that Vicarius uses to train the aforementioned vuln_GPT. Vuln_GPT, speaking of, doesn’t run completely unsupervised — Assraf says that all AI-generated scripts are “validated” before being pushed to Vicarius’ customers. (Customers can give feedback on the scripts from a module.)

“We wish to emphasize that Vicarius is looking to lead AI-based vulnerability remediation at any stage,” Assraf said, “from detection to prioritization to proactive remediation.”

Vicarius is ambitious, to be sure, with plans to allow security researchers in its community to spend their currency on products, launch educational courses and integrate the Vicarius platform with existing ticketing platforms like ServiceNow and Jira. The startup also aims to grow into new markets, in particular Asia Pacific, while expanding into markets in which it currently does business, including North America and Europe.

“For years, enterprises have been struggling with deploying vulnerability management processes that require too many tools and create too many alerts and too much work for overburdened security teams,” Assraf said. “While most security processes advanced one or two generations, the vulnerability remediation cycle management lagged, exposing businesses to cyber risk. As a result, customers are looking for a single platform that consolidates, personalizes and scales the vulnerability remediation process.”