OpenAI backs $43M investment in AI startup that tricks employees to improve security

OpenAI and Andreessen Horowitz’s $43 million investment in Adaptive Security represents a significant pivot in cybersecurity strategy, focusing on human-centered security testing rather than just technical defenses. This first-time cybersecurity investment from OpenAI’s Startup Fund signals growing concern about AI-powered social engineering attacks, as Adaptive Security uses artificial intelligence to test employees’ ability to recognize scams through simulated phishing attempts across multiple communication channels. The approach acknowledges that most security breaches result from human error rather than technical vulnerabilities.

The big picture: OpenAI and Andreessen Horowitz are leading a $43 million Series A funding round for Adaptive Security, an AI cybersecurity startup that tests and trains employees to identify suspicious behavior.

• This marks the first investment in a cybersecurity company by OpenAI’s Startup Fund, highlighting the critical intersection of AI and security.
• Adaptive Security launched publicly in January 2024 and has already secured over 100 customers, including First State Bank, Podium, the Dallas Mavericks, and BMC.

How it works: Unlike traditional cybersecurity solutions, Adaptive Security actively attempts to trick employees with AI-generated scams across multiple channels to identify human vulnerabilities.

• The company uses artificial intelligence to create convincing phishing attempts via emails, texts, and voice calls, then provides personalized training to employees who fall for these simulated attacks.
• Beyond testing employees, the platform also analyzes flagged suspicious messages, assigns risk levels, and sends reports to security teams.

Why this matters: The investment acknowledges that human error represents the primary vulnerability in most enterprise security systems, especially as generative AI enables more sophisticated and frequent scam attempts.

• Criminals increasingly leverage AI to scale up both the volume and believability of phishing attempts, creating messages that appear to come from managers or colleagues.
• Traditional security systems that focus solely on technological defenses fail to address this human element of cybersecurity.

What’s next: According to CEO Brian Long, the company will use the new funding to expand its engineering team to stay ahead of emerging threats and scamming techniques.

• Positive customer feedback reportedly caught OpenAI’s attention, suggesting the approach is showing promising results in real-world applications.
• The significant investment indicates the cybersecurity industry’s shift toward more proactive, AI-powered training solutions rather than reactive defense mechanisms.