Putting The Human Touch Back Into Cybersecurity With Amplifier

“New cybersecurity tools are launched every week but they’re just not working,” says Shreyas Sadalgi, the CEO and co-founder of Atlanta-based start-up Amplifier Security. “We keep on getting these massive breaches.”

Sadalgi and his co-founder, CTO Thomas Donnelly, believe a different approach to cybersecurity is needed. Amplifier, which will today announce it has raised $3.3 million of pre-seed investment, is their attempt at meeting that need.

The problem, they argue, is that while many modern cybersecurity tools are technically excellent, they only provide full protection when everyone in an organisation follows the rules. “Cybersecurity has a last-mile problem,” Sadalgi adds. “Every organisation has acquired these market-leading tools, but employees don’t always use them properly – and it only takes one mistake for a breach to occur.”

What employees need, in that case, is more human intervention – for someone to check in with them when they may be making a mis-step. But organisations’ resources are finite – they don’t have the capacity to employ teams of cybersecurity support staff on standby to intervene in this way.

Amplifier’s solution is to turn to artificial intelligence. It describes its AI-powered assistant, christened Ampy, as “a trusted copilot that acts as an AI security buddy who helps employees understand the risk they are creating for the organisation and solves their security issues while balancing their productivity”.

It’s a simple idea. Each time an employee exposes the organisation to risk – by using a device without the right security tools installed, say, or trying to open an unusual email attachment – Ampy intervenes to talk them through the organisation’s security protocols. Where the employee needs to go ahead with what they’re doing, the tool can help them do it safely. In other cases, Ampy is identifying potential breaches or attacks and can alert the security team.

“This is the kind of approach people are used to in their personal lives,” explains Donnelly. “We’re all accustomed to getting an authorisation message when we use our credit cards, for example, or being notified that we’re logging into Netflix from a new device.”

The key, he stresses, is to engage with employees, rather than putting blocks in their way that stop them working in the way they want to. “AI enables us to build a platform to help people understand what they need to do to protect the organisation,” he says. “That makes everyone responsible for security; cybersecurity leaders are increasingly realising they can’t do this alone.”

Amplifier has built Ampy and its broader security platform with the support of around 15 companies it describes as “marquee design partners” – essentially customers and potential customers through whom it has developed and iterated the idea. These partners range from technology specialists such as Instabase to consumer-facing businesses including TikTok.

Steve Mancini, head of security at Guardant Health, one of these businesses, says sharing the responsibility for cybersecurity more broadly is the only way organisations will get ahead of the threat.

“Most organisations haven’t significantly changed their approach to threat management, keeping the old silos between those responsible for security monitoring and those responding to the rest of the employee base,” he argues. “Security teams can no longer operate this way; security has to be embedded in every function, and that means empowering all employees to participate in security.”

Amplifier’s initial target market as it seeks to monetise its tools will be mid-market enterprises, but the size of the prize is significant. Market research group Gartner last year identified human-centric security as the number one cybersecurity trend of 2023. “By 2027, 50% of large enterprise chief information security officers (CISOs) will have adopted human-centric security design practices to minimise cybersecurity-induced friction and maximise control adoption,” Gartner predicted.

Such predictions have naturally attracted both incumbent cybersecurity businesses and new entrants to this area of the market. Firms such as Zscaler and Silk Security are potential competitors for Amplifier.

However, investors appear confident that Amplifier can grow quickly, particularly with new funding to grow its team and expand its go-to-market activity. Today’s pre-seed round is led by Cota Capital with participation from Westwave Capital and Shift Left Ventures, as well as a number of angel investors.

“Security is fundamentally about both people and technology, but the industry has largely built security tools focused solely on the technology element,” says Aditya Singh, a partner at Cota Capital. “When it comes to cybersecurity in workplaces, engaging humans is the biggest opportunity; Amplifier answers the bell with its unique human-in-the-loop solution.”

Gaurav Manglik, a partner at WestWave Capital, also believes that a new approach to cybersecurity will cut through. “The lack of human engagement in security automation is a missed opportunity to educate people on the why behind the risk of each security finding,” he says. “Amplifier has done the best execution we’ve seen from a product and team perspective thus far.”