Stopping Social Engineering
Social engineering is a scourge on society. It’s the number one breach vector, and is only going to get worse as AI-powered attackers mount relentless attacks on our people. Our industry's response? “Blame and train” - Blame the victims and make them take more training. We started Humanix to end that cycle. Using conversational AI trained on the psychology of manipulation, we detect social engineering attacks as they happen—across voice, chat, and email—giving security teams the same detection and response capabilities for human-targeted attacks that they have for malware. At Humanix, we're here to stop social engineering.
Social engineering has gone from being a parlor trick to the primary enterprise breach vector. Enterprises lose billions every year as attackers exploit the most important asset any organization has - their people.
Our response as an industry has been anemic at best. People are hard. Language is even harder. So rather than try and stop social engineering, the industry has chosen to delegate the problem back to the very people we’re responsible for protecting. We call it security awareness training, but what we’re really doing is blaming the victim. When attackers are successful at victimizing our people, we punish our people with ever more training.
There’s a better way.
In the early days of the company, a CISO friend shared with me the audio recording of the Scattered Spider social engineering attack on the help desk of a major hospitality corporation. The attackers already had a ton of intel on the company, but they had to defeat MFA, and the help desk was the way to do it. One phone call to some poor agent trying to be helpful led to a $100m loss event. As I listened to the recording, I found myself wanting to shout out loud. “It’s a scam! He’s not who he says he is!” It was maddening, but also led to a moment of clarity: There’s signal in those interpersonal interactions - meaning the tactics and techniques that make up a social engineering attack are detectable in natural language. Manipulation, pressure, ignorance, policy evasion. Is it reasonable to expect the poor help desk agent to get that right 100% of the time? No. Can we train software and large language models to detect these attacks? Yes we can.
Social engineering is an attack class like any other. Instead of zero-days or buffer overflows, it uses natural language. Defeating this class of attacks requires a new kind of detection and response product - human threat detection and response. Large language models and conversational AI now make that possible at scale. If attackers are going to exploit AI to super-charge their social engineering, we must fight back with AI to protect our people.
We can’t do this alone. We’re on this journey with some of the most talented cybersecurity investors and practitioners in the business: Ed Sim at boldstart who led our Seed round, and Asad Khaliq at Acrew Capital who led our Series A, joined by Evolution Equity, Tokyo Black, DNX Ventures, and many more angels and cybersecurity experts. Combined, we’ve raised $18m to fuel our growth and development. More than that, we’re building a group of people passionate about truly solving the social engineering challenge.
At Humanix, we believe we can protect people, not punish them. We believe that we can detect and respond to natural language attacks, just as we do every other attack class that faces the enterprise. We believe we can stop social engineering.
