Adaptive Security Inc., a startup that helps companies test their cybersecurity posture using simulated social engineering attacks, has raised $43 million in fresh funding.

Andreessen Horowitz and the OpenAI Startup Fund led the Series A round. Adaptive Security detailed in its funding announcement today that more than a half-dozen other backers chipped in as well. The group included executives from Google LLC, Workday Inc. and other major tech firms.

Installing malware is not the only way that cybercriminals can gain access to a company’s systems. Many hacking campaigns use social engineering to trick employees into divulging passwords or sensitive data. Over the past few years, artificial intelligence has made it considerably easier for hackers to launch such attacks.

Adaptive Security provides a platform that helps companies reduce the risk posed by AI-powered social engineering campaigns. It can launch a simulated cyberattack and detect when employees respond. From there, the software provides personalized cybersecurity training to those employees in order to avoid future breaches. 

The company uses large language models to create simulated phishing emails. The platform could, for example, generate an email purporting to be from a customer interested in a newly launched product. The LLMs can customize the message based on publicly available information about the product.

Distributing a simulated phishing email to employees often requires changing the configuration of a company’s email system. According to Adaptive Security, its platform eases the task with a feature called Direct Email Injection. It removes the need to modify an email system’s cybersecurity and filtering settings. 

Adaptive Security’s platform is also capable of interacting with workers through other channels. It can mimic the voice of executives and package phishing messages into texts, which have a higher open rate than emails. And it offers features that can impersonate the support staff of a company’s suppliers.

The platform enables administrators to monitor cyberattack simulations via a centralized dashboard. It displays the number of simulated phishing emails that were launched as part of a test, their effectiveness and related metrics. Cybersecurity teams can use this information to identify areas for improvement in their company’s cybersecurity posture.

Workers, meanwhile, have access to a library of gamified cybersecurity training modules. Adaptive Security also enables customers to create custom training materials using AI.

Another feature of the company’s platform allows employees to notify the cybersecurity team when they receive a real phishing message. “When someone reports a suspicious message, our AI doesn’t just forward it to IT — it analyzes the message in real time, scores the risk, and helps security teams act fast,” co-founder and Chief Executive Officer Brian Long detailed in a blog post today.

The company disclosed on occasion of today’s funding milestone that its platform has been adopted by more than 100 enterprises since launch. Adaptive Security will use the new capital to grow its research and development teams. 

Image: Adaptive Security