• OpenAI and Andreessen Horowitz co-led a $43 million Series A funding round for Adaptive Security.
  • Adaptive Security trains employees to recognize AI-generated phishing attacks by simulating fake phone calls, texts, and emails.

Generative AI has greatly expanded the toolkit available to hackers, enabling everything from deepfaking a CEO to creating fake receipts. OpenAI, aware of the dangers this poses, has made its first-ever cybersecurity investment, backing New York-based startup Adaptive Security in a $43 million Series A funding round. The round was co-led by OpenAI’s startup fund and Andreessen Horowitz.

Adaptive Security helps companies defend against AI-generated cyber threats by simulating sophisticated attacks. Their platform mimics phone calls, text messages, and emails that are designed to trick employees into engaging with phishing attempts.

For example, an employee might receive a call from someone posing as their CTO, requesting a verification code. This isn’t the actual CTO but a deepfake designed to simulate the voice of a trusted figure.

The company’s focus is on social engineering attacks, where employees are manipulated into performing unsafe actions, like clicking on harmful links. These attacks, though basic, have led to catastrophic breaches in the past, such as the $600 million hack of Axie Infinity in 2022 due to a fake job offer sent to one of its developers.

Brian Long, CEO of Adaptive Security, has an established entrepreneurial track record. Before founding Adaptive, he sold his mobile ad startup TapCommerce to Twitter for over $100 million in 2014. He also co-founded Attentive, which was valued at over $10 billion in 2021. Adaptive Security, which launched in 2023, already serves over 100 customers, with positive feedback playing a role in attracting OpenAI’s investment.

As AI-driven threats evolve, companies are increasingly seeking ways to counter these risks. Adaptive Security joins other cybersecurity firms, such as Cyberhaven and Snyk, that are tackling the boom in AI-powered threats. Long’s simple advice to employees: “Delete your voicemail.”

Edited by Harshajit Sarmah