Method Security raises $26M from a16z and General Catalyst to build autonomous cyber offense and defense

Exceptional sleep without exception. Fall asleep faster, sleep deeper, wake up energized. Our next guest is Sam Jones from Method. We will bring him in from the Reream waiting room into the TVPM Ultra Dome. Sam Jones, how are you doing?

Good to meet you, guys. Great to see you again.

That sound effect kind of just I don't know. It doesn't have enough of a crescendo for me. We need to work on that one. Anyway, working on our drum roll.

Thank you so much for taking the time to hop on the show. Uh, please introduce yourself, introduce the company, tell us what the news is today.

All right. I'm Sam Jones, the CEO and co-founder of Method Security. Our mission is to deliver cyber resilience to the US government and critical enterprises. Um, think of what we do as uh building the command and control layer for autonomous cyber operations across defense and offense. And the news today is that we are announcing our 26 million combined seed and series A investment from Andre Horson, General Catalyst.

Incredible.

Very good. I I I the gong preemptively last night.

Did a preemptive gong

preemptive. It happens.

But we got you in the

We'll have to raise more money to to pay you back for that.

I'm sure I'm sure you

I would love for you to get me up to speed on how you're thinking about uh that that story in the Wall Street Journal uh about anthropic. I'm sure you know the one uh is

AI on AI violence.

Exactly. Uh is this relevant to your business? Are are you building a solution to that or or do you even have a comment on it or anything? Can you just get me up to speed?

Highly relevant. Great. Um, and that's kind of the moment that we've been we've been building for for a couple years now. Like we've known this was going to happen. AI is effectively um, you know, taking at the limit taking cyber offense to infinity and taking the cost to zero.

And uh, this is bad news for good guys, bad news for uh, the defenders as our adversaries are essentially uh,

eliminating their requirement or or limitation on human headcount. So

what we do is essentially allow organizations to safely become the threat to test their own defenses be some before some adversary does and the best offense is the best defense has always been a notion in security but AI is really the unlock to do it at scale the hard part is you need to do so safely ethically legally and that is the infrastructure that is like needed to do and that's what we build specifically so like in that report it's almost like no news to anyone in the security trenches. Like obviously this has been happening. Obviously that wasn't the first

What are some other without without naming names or any details like on on the individual companies that were attacked like like are I'm assuming when you see anytime I see a report like that I'm like okay this must be happening like a ton and just a lot of it just never hits like headlines. Um but what what are what are some of the most like kind of common strategies that bad actors are using today in the context of uh AI uh to carry out whatever their goals are.

If you think about preAI malware, it was already autonomous but it was basically reliant on like if then decision-m. What AI basically allows it to do is to like a broader non-deterministic path planning that allows it to harness a multitude of tools, thus do a lot more damage. That's what's different now. And I guarantee you the most sophisticated actors are not using vanilla clawed code to run their operations. That's ludicrous. They have our adversaries have better models at home that they make themselves that they're using that we have no, you know, telemetry on. Um, and so they're essentially using it to scale and speed up their operations, which for us and why we have like a a national cyber resilience urgency moment on our hands is that all of these exposures that we've left out on the internet and in our, you know, in our enterprises are now, you know, easy easy takings uh for these types of attacks. And that's essentially why it's so urgent that we focus on resilience.

Can you talk to us a little bit about traction? what unlocked this $26 million fund raise across these two rounds? Uh are you doing like Yeah, just walk me through uh how you actually show progress in uh you know you're building a a product but you're also trying to do deals with the government that can be very difficult. Uh what does progress look like? So we are deployed in production with a number of organizations to include the department of war um US federal government and fortune 500 organizations. That's probably the biggest hallmark of traction and we're doing so across defensive and offensive use cases that get to the heart of resiliency. Yeah. Um, so that's the I think the the unlock that we were able to do that and we've had this hypothesis and mission from the beginning that in order to secure what matters, you need to be dual use and we set out to basically pick what is the what is the most intense hardest government customer you could go after from the beginning and what's the commercial equivalent. Those were our first two customers and then basically just continuing to build on that. You know, from the adversaries perspective, they do not discriminate between public and private and neither do we. Uh, and that's why the I think the ultimate game changer solutions will come from dual-use companies like ourselves.

Yeah, I'm thinking about the the the hardest to hack uh Fortune 100 and and government.

It's not necessarily always the hardest to hack. A lot of times it's the hardest to sell to, hardest to deliver for you. Think about the government done accreditation, deployability, like interoperability, um, huge technical challenges. That's why startups would never dare

touch there. But

when you think about what matters,

they are what matters and that's what we've built this company to serve.

Yeah.

What were you doing before this again?

So I started my career actually seeing this problem firsthand at the US Air Force. Um so I was a cyber operator and many ways were building the tools that I wish I always had. I joined Palunteer about 11 and a half years ago. You know pre-product and building out both their cyber commercial and DoD business. And then I was also at Shield AI pretty early. And so you can kind of think of this company as we were the users. My CTO and co-founder also started his career at NSA. His last name is hacker by the way if you want.

Oh, there we go. About destiny.

Get that. And then also I want an overnight success for

for being in this industry for 15 years.

He had no choice other than to work at NSA, but we met a palunteer and did great work together. But we're combining our our knowledge of like we were the users. We know how to build hardcore hardcore software and dual use businesses and then we built AI before you know it's become a meme and certainly in no fail scenarios which I would group um security in for sure.

Yeah. Uh this is very bullish.

Yeah, extremely bullish. Thank you so much for taking the time to come chat with us to get the update.

Sorry my uh

my background wasn't as good as Glenn's mahogany. I I I show this startup.

You brought you brought a wood which is which is good.

Yeah. Thank you for bringing What What's the biggest fish you've ever caught?

Yeah. [laughter]

Yeah. Probably a nice nice uh walleye, I'd say.

There we go. Good answer. Good answer.

Midwest shout out.

Thank you so much.

I cannot wait for the be. Congrats on all the progress.

Yeah. Have a great day. Cheers. Talk to you soon. See you.

Bye.