While Russian agents were breaking into the Democratic National Committee’s emails in mid-2016 in an attempt to influence the presidential election, Josh Kamdjou was hacking for the Defense Department, learning that the best way to hack into foreign government networks was via one of the oldest kinds of cyberattack: phishing. In 2019, he founded cybersecurity startup Sublime to apply his Pentagon-honed knowledge to protect against that same threat.
Now, generative AI tools like ChatGPT have made it even easier to create believable, grammatically-correct malicious emails. “These mass campaigns that happen every day will now be easier to scale in a more targeted way,” Kamdjou said. Sublime is training its code, which monitors a customer’s typical email use and flags anomalies, to spot the new AI-powered phishing emails that are bombarding people’s inboxes.
As it scales up the fight against AI scams, Sublime has announced a $20 million funding round led by Index Ventures, with additional backing from Decibel Partners and Slow Ventures, bringing the company’s total funding to more than $30 million (Sublime declined to provide a valuation). “AI has really turned into a superpower for attackers,” added Jahanvi Sardana, Index partner and lead investor in Sublime. “They’re the greatest beneficiaries of this trend right now.”
Alongside the raise, Sublime also announced that alongside its array of private industry customers that includes Spotify, Reddit and gas giant Centrica, it’s onboarding a “major political campaign” that Kamdjou said he’s signed as his most recent customer.
Representatives for Biden, Trump and Robert F. Kennedy Jr. had not responded to requests for comment by publication time, but a nonprofit called the Defending Digital Campaigns (DDC) nonprofit that helps political organizations access cutting-edge cybersecurity products confirmed it was offering Sublime to campaigns.
“What motivated me and my past life was national security,” Kamdjou says. “I’m just very excited that we get to do that again here for something that really is meaningful.”
Part of Sublime’s tactics are to look for patterns across its customers. After one customer is hit with a phishing attack and Sublime’s AI successfully defends against it, the software can replicate that defense across other customers.
While Sublime’s use of artificial intelligence and machine learning isn’t entirely novel, Kamdjou’s expertise in military intelligence could help give its detection algorithms an edge over the competition, says Sarah Pavlak, a former government intelligence employee and now a principal analyst at Frost & Sullivan. “The fact that he has that knowledge and he’s worked in an environment where he’s hacked [into others], that goes a long way for people who are high value targets like a presidential candidate,” she explained.