SlashNext, which uses AI to combat phishing, raises $26M

Phishing, a type of social engineering where an attacker sends a message designed to trick a victim into revealing sensitive information or installing malware or ransomware, is on the rise. According to recent research from Proofpoint, 75% of organizations around the world experienced a phishing attack in 2020 — and 74% of attacks targeting U.S. businesses were successful. As Expert Insights writes: “Though 95% of organizations claim to deliver phishing awareness training to their employees, phishing remains the threat type most likely to cause a data breach. In fact, according to Verizon’s 2020 DBIR, 22% of data breaches involve phishing.”

Against this backdrop, anti-phishing platform SlashNext today announced that it raised $26 million in series B funding, bringing its total raised to $43 million. The company says that it plans to put the capital toward scaling its customer acquisition and operations and driving distribution partnerships with managed security service providers, OEMs, and carriers, including strategic investors Telia Telecom and Globe Telecom.

“When cybercriminals launch successful multichannel phishing and social engineering attacks, the results are massively disruptive to people, organizations, and the economy,” CEO Patrick Harr said in a statement. “This is the number one cyber challenge that organizations face globally, and bad actors are only increasing their attacks [on] LinkedIn, MS Teams, Messenger and Slack and becoming more sophisticated at taking advantage of the most vulnerable part of organizations — its people.”

Headquartered in Pleasanton, California, and founded in 2017 by Atif Mushtaq, SlashNext provides an AI-driven service designed to identify phishing, social engineering, and other threats across enterprise communication channels and apps. The company claims its platform can protect against bank fraud, rogue browsers, credential stealing, and other attacks including “smishing” (a form of phishing that uses smartphones as the attack vector) and “vishing” (fraudulent phone calls or voice messages purporting to be from reputable companies).

AI-powered threat detection

SlashNext’s solution — which runs on a datacenter powered by high-speed storage and 20,000 GPUs and CPUs — combines virtualized browsers and AI to analyze the behavior of potential cyberattackers. Suspicious web content is loaded into a virtualized browser session and fully rendered, enabling SlashNext’s technology to examine it using computer vision, natural language processing, and other machine learning techniques.

SlashNext also claims to leverage on-device AI for targeted, “never-before-seen” phishing and attacks from channels in the browser. Additional AI models running on mobile devices detect and block natural language (NLP) smishing and vishing attacks.

“Our technology has logged more than 2.5 million [phishing] threats hiding in legitimate infrastructures like Amazon Web Services, Outlook, Sharepoint, and Microsoft Azure. [SlashNext’s AI] detect[s] tens of thousands of zero-hour threats daily with … classifiers for targeted user threats including rogue browser extensions, credential stealing, … data ex-filtration, [and more.],” Harr told VentureBeat via email. “The AI has been continually trained for over four years on an accumulated 2 petabytes of metadata.”

SlashNext is one of several companies developing AI-underpinned products to combat phishing attacks. (The global fraud detection and prevention market is expected to be worth $62.70 billion by 2028, according to Grand View Research.) For example, there’s Armorblox, a startup creating an anti-phishing platform that primarily employs NLP. Ironscales and Area 1 Security use AI to detect and remediate email phishing across multiple environments. Inky, a relative newcomer, taps what it calls an “AI fence” to spot and deflect phishing attacks.

But Harr asserts that “legacy-based services” like endpoint protection systems miss between 40% to 80% of multichannel phishing threats. According to SlashNext’s research, 65% of phishing attempts originate from social networks, chat apps, and other sources outside of email.

“Multichannel phishing and human threat detection and protection as an emerging category as it moves beyond just protecting corporate email,” Harr said. “SlashNext’s AI and machine learning technology saw a sharp increase in social engineering threats in 2021 by 270%, which indicates a shift to multichannel phishing attacks as apps and browsers move to the cloud.”

Over the past year, SlashNext’s annual recurring revenue grew 750% while the company’s customer base climbed 600%, reflecting the broader high demand for cybersecurity software. The company currently employs 112 people and expects to have 140 by the end of the year, laying the groundwork for additional hiring in 2022.

“As everyone moved to remote work, the user became the new, unprotected security perimeter,” Harr continued. “[That is why we’re going to] continue to fund and accelerate multichannel detection, [invest] in on-device multichannel AI detection and blocking for all browsers and mobile phones, [and introduce] comprehensive API protection for Microsoft 365 and Google Workspace [accounts].”