Knostic Wins 2024 Black Hat Startup Spotlight Competition

BLACK HAT USA – Las Vegas – Wednesday, Aug. 7 – Eitan Worcel, CEO of Mobb Security, last year's Startup Spotlight winner, last night announced that the torch would be passed to the 2024 winner: Knostic, an LLM access-control company. Sounil Yu, Knostic founder and CTO, was present to accept.

In the first phases of the competition, each group submitted a five-minute video pitch on behalf of their cybersecurity startup to present their company and the products and solutions it provides, whether it be in the development, launch, or newly launched stage.

After that, the selection dwindled to a select, top four finalists: LeakSignal, RAD Security, DryRun Security, and Knostic. Each made a final pitch on behalf of their companies in last night's event at Black Hat USA, in a Shark Tank-style competition.

The panel of judges included Omdia analysts Ketaki Borade, Hollie Hennessy, and Rik Turner; Coleen Coolidge of Twilio; Trey Ford of Deepwatch; Maria Markstedter of Azeria Labs; Lucas Nelson of VC firm Lytical Ventures; and Robert J. Stratton III of startup accelerator MACH37.

4 Unique Cyber Startups, Pitching to the Judges

LeakSignal is an openly distributed data governance solution that aims to classify and protect sensitive data, allowing customers to set limits on internal API data access and focus on data classification. The platform blocks sensitive data before it’s logged, and redacts that data during calls to outbound third-party APIs.

The platform is built with Rust, and is designed to integrate with an organization's existing architecture. Its team's next-stage focus is to expand the support LeakSignal provides to more complex AI models, and to refine its data classification algorithms to provide a more accurate and comprehensive protection. 

RAD Security meanwhile focuses on tackling security issues surrounding cloud native development. According to the company, "For teams to achieve true resilience against emerging threats, detection and response solutions must evolve their approach beyond signature-based, one-size-fits-all solutions."

To that end, the company aims to provide customers with a custom view of what should and shouldn’t be happening in their cloud infrastructure, providing a unique and more accurate detection-and-response plan for malicious behavior. By creating fingerprints of the good behavior an enterprise is experiencing across its software supply chain, cloud native infrastructure, and workloads, RAD Security is better able to detect anomalies to that — and thus any cyberattacks the company faces. 

The third finalist, DryRun Security, is an application security company that provides automated, behavioral code reviews by interrogating code changes based on static patterns and behaviors. Ken Johnson, CTO and co-founder of DryRun, explained that after he and CEO James Wickett realized that the security industry had been anaylzing software in the same manner for years on end, they decided to build their company to create not only a developer-first tool, but also a new way of analyzing and detecting risk. The company currently conducts more than 10,000 secure code reviews for its customers, using an approach that it explains is grounded in the principles of contextual security analysis (CSA).

Rounding out the group is winning startup Knostic, comprised of 12 employees, with a pre-seed funding of $4.4 million, and which aims to ensure that internal generative AI (GenAI) tools aren't leaking sensitive data to users that shouldn't have access to it.

As GenAI tools like ChatGPT continue to gain popularity, organizations are learning that connecting a large language model (LLM) to its internal systems comes with a serious risk of exposing sensitive data. Knostic creates a knowledge control layer based on employees' permissions for accessing content.

In a demonstration during the presentation, Yu showed the audience a mock interface of an HR department user sending a message to an internal chatbot inquiring about quarterly sales revenue. Knostic's platform ensured that the actual numerical value — sensitive financial information — was not revealed, but provided additional useful information instead outlining which departments contributed the most toward the company's profitability. The same query made by a CEO however returned the actual dollar figure, as the CEO has higher clearance.

"What differentiates the two is need to know," said Yu during the presentation.

The company's product works with Copilot for Microsoft 365 for now, but the next phase is to expand support to all software-as-a-service (SaaS) tools that incorporate LLMs.

Winner's High

When asked how it felt to present to the crowd amongst fellow finalists, Yu tells Dark Reading that he "was preparing for disappointment" after he completed his presentation.

"It's a high stress environment," Yu says. "Your perception of time completely changes, right? I was like 'Oh, I got this in four minutes and thirty seconds. No problem.'" During his presentation, however, Yu was cut short by the five-minute timer. In hindsight, he says, the experience was great.

"I think the opportunity [to present] to this sort of audience is a very legitimate validation," Yu says. "All finalists deserve attention, because it means there's real value that we're producing. I'm fortunate that we were able to win, but I think we should recognize all the other contestants for the value that they brought."