- Generative AI has given attackers a way to automate the process of crafting emails that could help them crack corporate systems.
- Abnormal Security, which uses generative AI to help spot and block such email threats, reached a $5 billion valuation this year.
- Now investors have put $60 million into Sublime Security, which aims to use AI to protect inboxes.
Across the world, companies rely on Microsoft and Google to administer email accounts for employees. Keeping all those mailboxes secure, however, is a business opportunity.
Proofpoint went public in 2012, and as enterprises migrated to the cloud, many adopted the company's secure email gateway software as a precautionary measure. But private equity firm Thoma Bravo bought Proofpoint in 2021, and another provider, Mimecast, went private in 2022.
Then generative artificial intelligence took off. The trending technology gave more ammunition to hackers, as well as new tools for security companies that promise to defend clients against attacks.
Get Tri-state area news delivered to your inbox.> Sign up for NBC New York's News Headlines newsletter.
Now, a new set of companies are gaining traction in a mature market.
Investors valued startup Material Security at $1.1 billion in a 2022 funding round. In August, Abnormal Security, which calls itself "AI-native," said it was worth $5.1 billion after a funding round involving CrowdStrike and Wellington Management. And on Thursday, Sublime Security, co-founded by U.S. Defense Department cybersecurity veteran Josh Kamdjou, said it had raised a round totaling $60 million.
Kamdjou, who is also Sublime's CEO, had spent his former career showing companies how he could break into their networks and avoid being stymied by email security products. Then he decided to work on a solution.
Money Report
"I decided to build something that would stop me as an attacker," he said.
Business credit card issuer Brex had been using Material with Google inboxes, but after testing out Sublime, Brex switched, the startup's chief information security officer, Mark Hillick, told CNBC in an interview. There were many problem emails that Material allowed but Sublime did not, Hillick said.
"All they need is one person to click on it, and then they go from there," he said, referring to hackers. "That's why false negatives are pretty dangerous."
Abnormal Security is considerably larger than Material and Sublime, with over $200 million in annualized revenue. It's quickly gaining market share, according to Peter Firstbrook, vice president and distinguished analyst at industry researcher Gartner.
Some companies use Abnormal Security as an add-on to Mimecast or Proofpoint, he said. For years, businesses have called in Proofpoint to filter messages before sending them along to Microsoft-based inboxes, he said, adding that Proofpoint's year-over-year revenue growth rate is now in the teens after being in the thirties as recently as 2018.
Brex briefly looked at Abnormal but decided not to implement it, Hillick said.
"I don't believe in black box as a philosophy," he said. "It reduces visibility, so I can't see how Brex is going to be attacked. I can't see what tactics or techniques are being used. With Sublime, I can do that."
Abnormal's software is fully autonomous, its co-founder and CEO, Evan Reiser, said in a statement.
But Reiser said "it is still highly transparent when it comes to explaining the techniques attackers are using."
Brex's Hillick said that in his experience, Sublime provides better coverage of new threats. Abnormal's website says its software "detects hyper-personalized, never before seen attacks with no traditional indicators of compromise."
Sublime's Kamdjou said attacks still make it through the defenses of large email providers such as Google and Microsoft, even when companies pay extra for higher tiers of service.
"That's why we're seeing so much success, basically," Kamdjou said. "We're here to catch everything they don't." Microsoft said last month that its Defender for Office 365 product now uses large language models for analysis and filtering.
Representatives from Material, Mimecast and Proofpoint did not immediately respond to requests for comment.
The challenge facing incumbents such as Mimecast and Proofpoint is less about losing customers and more about missing out on new business from young companies that go with a next-generation tool such as Abnormal, according to Mark Alley, an email security consultant in Alabama. But some companies have switched to Sublime from Mimecast and from Proofpoint, Kamdjou said.
Proofpoint appears to be aware of the challenge, having acquired AI startup Tessian last year. Sumit Dhawan, CEO of Proofpoint, said in October that the company was 12 to 18 months away from going public again. He said he saw interesting potential acquisition targets but that prices remained high.
Sublime lacks a billion-dollar valuation. Unlike many richly valued startups, it has not resorted to splashy marketing, and it's not big on placing cold calls, either.
Kamdjou said the startup did reach out to Donald Trump's 2024 presidential campaign but didn't get anywhere. In August, the campaign said a foreign adversary had obtained documents after breaching its email system. The Harris campaign used Sublime's product pro bono, Kamdjou said.
"We're very fortunate, because the majority of folks have heard about us just from word of mouth," he said.
They can then get a sense of Sublime's abilities by uploading emails to a free service called EML Analyzer, which will use AI to predict if messages are likely benign, suspicious or malicious. It can pick up on phrases that often show up in business-email compromise attempts.
The sales-light approach won't be changing now that Sublime has more capital to work with.
"Our mindset is we're going to go and spend a bunch of money on R&D still," co-founder Ian Thiel said.
IVP led Sublime's new round. Citi Ventures, Decibel Partners, Index Ventures and Slow Ventures also participated.
WATCH: Trump campaign says emails hacked: Here's what to know