Method Security: AI is helping attackers hit orders-of-magnitude scale, and DOD has deployed the company's offensive tools

day. Great to meet you. Congrats to you and the team. Have a good one. Let me tell you about public. com investing for those that take it seriously. They got multi-asset investing, industryleading yields, and they're trusted by millions. Take it seriously. Now, we got Sam from Method Security coming in the studio.

Welcome to the stream, Sam. How are you doing today? Good. Good. Thanks for having me on. A suit. We love to see it. Looking sharp. Thank you. It's a great respect in our culture. That looks like a fantastic suit, honestly. Uh, very nice. Anyway, kick us off with an introduction. What do you do? What are you building?

Should we ring this gong? Uh, let's not ring the gong, but I'll tell you why you might need to soon. Sam Jones, CEO and co-founder of Method Security. And let me uh take you a little bit about what we're up to. So, you're completely bolt bootstrap. You've never raised a dime. We have raised Oh, hit the gong, Jordan.

Oh, there we go. Come on. You buried the lead. This is a ventureback company. It's a ventureback company. We've uh we've capitalized. We've We're going after big opportunity, but we've just been low-key about it cuz the opportunity is so big. But, uh, fantastic.

Well, come back when you have more news on on on the fun side. Anyway, uh break down the business for us, please. All right. So, here's the problem we're after. Uh critical institutions are basically faced with 24/7 cyber conflict, and they don't have the tools they need to win. Yeah.

Um there's this concept called the cyberindustrial complex, which really creates security companies that are designed to be acquired, not to produce at scale. And meanwhile, you've got AI that's going to do to cyber what drones have done to the battlefield.

And really the future will be controlled by who can safely harness autonomy at scale. And that's exactly what we're up to at Method. So we build offensive and defensive products for some of the best security teams in America. Offensive is that for white hat hacking or is this are we actually going on the offense?

A little bit of both. Um you know when would I go on the offense? Striking back. So interestingly a lot of commercial security teams use offense to inform their defense. And it's kind of this virtuous loop where you you become the threat and then you can inform your defenses and you have this like kind of cycle.

It's historically been super expensive to do so because you need this really hardcore uh rare human being called a red teamer or like an offensive security engineer to conduct those exercises.

We're putting that in software so we can basically democratize that and help organizations really assess their readiness to relevant threat actors. Turns out if you build that technology the right way, it can be used for true offense. And so we're deployed with DoD and also the US government.

So uh we're not limiting to both commercial use. We're a dual use company. Cyber doesn't discriminate. Neither do we. Very cool. Um walk me through how a cyber attack happens in the age of AI.

I'm familiar with like the script kitty who finds a hole in WordPress or you uh take a it's a rainbow table of all the different passwords. If I go a DOS method security website. Don't make mistakes. I don't think it'll do that hopefully. But yeah, I mean I'm familiar with DDoS, right? It's just a for loop.

It requests the website forever, right? Uh but but AI feels like the shape of the attack could be way different. Try and concretize it for me to the degree that you can. Here's the misconception of where AI is at in security.

A lot of people think like we're going to come have all these novel zero days all over the place and we're going to have all these new novel threat patterns happening. That's not what's happening today.

really what AI is doing is that it's helping express a lot of the known techniques and tactics at a new scale that's unfathomable like a couple years ago. Um and so if you think about like the global attack surface, it's unknowable to any single human or any single security product really.

But with the right AI system, especially a compound AI system, you can basically map that, eviscerate that and defend that or offend that. And so really AI is helping hit new scale like orders of magnitude scale less so new zero days still present.

So there's yeah there's vulnerabilities out there where it's kind of a pattern. You might be able to do some RL on it. It's like follow a set of steps and it you might be able to break into one website but instead of needing to do this website and then move on to the next one, you can just say hey go do them all. Right?

It's like instead of let's assess this organization. This is going to be a three-month exercise with the right system, which is what we do. You can say 30 seconds, I know everything about about this, and I'm going to initiate kind of something more offensive. Interesting.

Um, how are how are like the budgets and the appetites changing in the enterprise or like the Fortune 500 because we've talked to a lot of people that have said come on the show and said, "Oh, yeah, AI is going to really help my margins. I'm I'm going to spend less money.

" And it seems like if you're selling into them, they're going and there's more threats, they're going to have to spend more money. How does that balance out? I'll break it down from like commercial buyers and government buyers is a little bit different.

On the commercial side, the most uh sophisticated security teams usually have dedicated AI innovation budgets and those are to experiment with new technologies and new technologies in.

But for the most part, most buyers, I'm talking like Fortune 500 security executives, have known problems, known categories that they still need to purchase against. And so it's important to map, you know, be familiar enough but also a little different but not try to build anything too new.

So you have to map to something that they know and are trying to do. Um not necessarily develop a novel new technology. Government is pretty different like there is a lot of investment in you know AI for offense, AI for defense like cyber operations more broadly.

In the big beautiful bill, there was 1 billion earmarked for offensive cyber operations, which is a huge number. And I would argue like still need to up that number quite a bit. Um, but there's a general, you know, understanding that we need to up our game here and get faster and the status quo is not cutting it.

Fantastic. Jordy, anything else? That's it. I think you got some important work to get back to, so we'll let you go get on the offensive. Get on the offensive. All right, we'll do it. We're riding with you. Bring me a list of passwords from North Korea, please. Anyway, great chatting with you.

Thanks so much for hopping on the stream. I'm back home whenever. Congrats on the progress. We'll talk to you soon. Cheers. Bye. Uh, let me tell you about adquick. com. Out ofome advertising made easy and measurable. Say goodbye to the headaches of out ofome advertising. I want some soundboard when I do these, Jordy.

Only adqu combines technology, out of home expertise and data to enable seamless, efficient ad buying across the golden retriever. Golden retriever. The the the dog