With AI tools becoming increasingly more common in business, corporate security teams are grappling with a new type of risk: the oversharing of company secrets by unwitting employees.
Cyberhaven CEO Howard Ting has been at some of the biggest cybersecurity companies in the game, from Palo Alto Networks to RSA. Now he wants to take Cyberhaven to their level. Image: Cyberhaven
With AI tools becoming increasingly more common in business, corporate security teams are grappling with a new type of risk: the oversharing of company secrets by unwitting employees who inadvertently plug proprietary information into artificial intelligence tools, raising the chance of a damaging leak.
But using vast amounts of data, San Jose-based Cyberhaven’s own AI tools can watch for such abnormalities.
“We make predictions about every next action that the user may take with that piece of data based on the prior history of that data, based on their role, based on comparable flows,” says Cyberhaven CEO Howard Ting.
Its Linea AI and Large Lineage Model (LLiM) has ingested hundreds of billions of previously recorded dataflows across its customers’ networks from the nine years since its founding. It then creates a record of a company’s normal data workflow and flags any potential problems, such as sensitive data being shared with third-party AI models like OpenAI’s ChatGPT or Chinese rival DeepSeek. It can also alert IT if staff upload proprietary information to non-work cloud storage accounts, or post it on social media.
“We’ve been approached by a lot of the bigger cyber vendors about acquisition and we’re not interested in that.”
Cyberhaven CEO Howard Ting
“Then we make predictions on what that user could do, and when we see the user do something very low probability, we know it’s likely anomalous.” When the software discovers anomalies, it prioritizes them in order of business impact, determining when the most sensitive data is at risk.
Investors have leapt at Cyberhaven’s data security play, pouring in $88 million at a $400 million valuation last year. And now it has announced a new $100 million round led by StepStone Group alongside new investors Schroders and Industry Ventures, with participation from Khosla Ventures, Adams Street Partners and Redpoint Ventures, vaulting it to unicorn status.
Flush with new cash, Cyberhaven is now looking for strategic acquisitions as it goes head-to-head with industry incumbents for a piece of the burgeoning AI security market which is set to grow from $122 million today to $255 million by 2027, per McKinsey & Company. And it’s intent on going it alone.
“We’ve been approached by a lot of the bigger cyber vendors about acquisition and we’re not interested in that,” Ting told Forbes. “We want to build an independent company. We think there’s a huge market here and we think we’ve got really differentiated technology.”
Customers like telecom giant Motorola, healthcare insurance provider Oscar Health, and law firm Cooley agree. The company said it expects to exceed over $50 million in annual recurring revenue this year. Ethan Choi, a partner at Khosla Ventures, said the software helps to protect a company’s most important data — whether it’s HR and client information, blueprints for data centers or product designs — which are increasingly vulnerable the more they are sent and transmitted.
Cyberhaven’s Linea AI product in action.
Cyberhaven
“You’re finally able to actually trace and protect the Crown Jewels wherever they are: in rest, in movement or even if they’re getting used in AI models,” he said.
Cyberhaven was cofounded in 2016 by five PhD students, who’d received $1 million funding from the Pentagon’s Defense Advanced Research Projects Agency (DARPA) to develop autonomous systems for better protecting data. Its initial pitch was using its predictive data tracking techniques to ensure intellectual property wasn’t being leaked, whether intentionally or otherwise. But it’s now focusing on AI-powered security.
Seyonne Kang, a partner at StepStone who led the firm’s investment, said traditional data security tools typically struggle to differentiate between sensitive business information and other kinds of data. She said that Cyberhaven is now well-positioned to lead a “revolution” that transitions the cyber industry to an AI-driven approach. Its approach “provides greater precision with fewer false positives,” she said.
Nick Vigier, chief information security officer at healthcare insurance company Oscar Health, looks at software like Cyberhaven’s as more of a guardrail than a shield. His team uses it to provide guidance to employees to ensure AI is being used securely.
“We’re not necessarily having AI go and do automatic blocking” of incoming threats, he told Forbes. “We want to allow people to be curious without putting our data at risk.”
Instead, Oscar is using Cyberhaven to tell employees what information they can put into an AI system, which it does via a browser extension and an app on user computers. They cannot, Vigier, said, put medical or personal data into an AI prompt.
“We make predictions about every next action that the user may take with that piece of data based on the prior history of that data, based on their role, based on comparable flows.”
Cyberhaven CEO Howard Ting.
“We are a very AI-forward company and we’ve actually built a lot of paved roads for our employees to be able to use AI in approved ways,” he said. “What Cyberhaven’s allowed us to do is very quickly implement policies that guide people towards that approved, happy paved road.”
While Cyberhaven is foremost a security tool, its ability to mine insights about data as it moves around an organization, suggests a broader potential. It could be used to improve efficiencies, Ting said, and track team performance across multiple offices.
“Maybe a team in Bangalore is producing a lot more code than one in Austin, and we can infer from the workflows why they’re more effective,” he explained. “Data lineage is a really powerful enabler to do all sorts of stuff beyond securing the data.”
This article was originally published on forbes.com and all figures are in USD.
Look back on the week that was with hand-picked articles from Australia and around the world. Sign up to the Forbes Australia newsletter here or become a member here.
