Many cybersecurity companies say artificial intelligence could better combat a popular hacking tactic known as phishing.
One such firm, Tessian, said Tuesday that it has raised another $65 million in funding that values it at $500 million. March Capital was the lead investor, while other participants included Accel, Balderton Capital, Latitude Venture Partners, Sequoia Capital, and Schroder Adveq. Since its founding 8 years ago, Tessian has raised a total of $137 million.
In a phishing attack, criminals dupe unwitting workers into clicking on malicious links in emails that appear to come from legitimate sources. Some of the most common phishing attacks involve hackers sending bogus emails resembling messages from banks or colleagues.
Phishing attacks have become particularly prevalent during the COVID-19 pandemic, with scammers sending people phony messages claiming to be from the Centers for Disease Control and Prevention and other organizations involved with national coronavirus response.
Several cyber security startups like IronScales and Vade Secure are using machine learning to spot phishing emails. Venture capitalists are betting that these startups will eventually become big businesses.
Tessian co-founder and CEO Tim Sadler said that his startup analyzes a company’s corporate emails to discover patterns, such as common email addresses that people correspond with, which could indicate that they are messages to customers, for instance. The company then uses this data to train a machine-learning model, which can scan emails and flag those that are suspicious before employees click on them.
The machine learning system also displays the reasons why it suspects an email is fraudulent, such as it featuring a strange web link or misspellings of employee names. If a manager is known to workers as Cliff, but the email refers to the boss as Clifton, Tessian’s technology may spot the discrepancy, explained Tessian co-founder and chief technology officer Ed Bishop.
Sadler acknowledged that “a machine learning system is never going to be perfect,” and sometimes the startup’s A.I. can incorrectly flag legitimate emails as bogus. But, he said Tessian has been working on preventing the software from over flagging genuine emails.
Tessian, based in London, plans to go on a hiring spree with its latest financing, boosting its headcount from 170 employees to 220 to 250 by the end of the year, Sadler said. The startup also plans to improve its technology so that it can be used to spot phishing attacks on other kinds of communications services, like text messaging or work-chat services.
One challenge facing companies trying to combat phishing is the rise of more realistic attacks aided by advances in natural language processing, a subset of A.I. that involves computers creating and understanding text. Bishop said that advances in powerful language models like OpenAI’s GPT-3 system could lead to criminals more easily creating phishing emails that appear to be personalized to particular recipients. For instance, such an email could contain an A.I.-generated message in which the writing style is similar to a worker’s boss, making it harder to spot a fraud.
As a result, Tessian, and other companies, are on a quest to improve their A.I. to detect more advanced A.I.-powered phishing attacks, which could one day be as “prevalent as spam,” Bishop said.
