WraithWatch lands $30M federal contract to defend nearly a dozen agencies — former Anduril CIO explains AI cyber defense

data. Labelbox is the data factory behind the world's leading AI teams. And without further ado, we have Nick from Wraithatch. He's the founder and CEO. How are you doing, Nick? What's going on? Good to meet you. What's going on, fellas? Good to be here. How you doing? Welcome to the show. You have a big gong.

You've got a big deal. Yeah. Yeah. Kick us off with that. No, introduce yourself. introduce yourself first. Tell us what the company does. Yeah, thanks guys. Um, well, I'm Nick. I'm Wraith Watch CEO, one of the founders. Um, former CIO, chief information officer at Andreal. No way.

Joined Andre when it was about 100 people. Um, scaled it through uh when it was about 4,500. I think they've doubled since then since I left a couple years ago. Um, SpaceX and Palanteer before that leading cyber defense teams at both companies.

And then um prior to entering the private sector um was responsible for pre-assault electronic warfare and cyber warfare uh in support of United States Special Operations Command. So but you worked at Palunteer SpaceX and and that's insane. Yeah, it's served and served. Wow. Well, thank you for your service.

So it was really hard to raise it was really hard to raise your first Thank you for Thank you for your service to the venturebacked defense tech industry and the LPS. Thank you on behalf of it was tough. Sprinkle some AI in the in the deck and it was uh it was all good. The rest is history.

Uh so yeah, where where is the product today? What what are the key uh like landing zones that you're going after? Because cyber security is pretty broad these days, right? Yeah.

Um so fundamentally what Wraithwatch does is um we build autonomous cyber defense systems for the United States government and um and its allies. Uh that includes private sector and Fortune 500 as well. So, we're deployed today to Fortune 500, commercial nuclear, aerospace, defense, um, manufacturing.

But the by line uh on the screen is um our our recent announce with the federal government where we just landed a $30 million deal to deploy Wraithatch uh in parallel. Clean hits. Clean hit. um to deploy Wraith Watch to almost a dozen uh federal agencies in parallel.

So pretty uh pretty exciting time for us and ironic time given that we're in the middle of a shooting war with Iran which is known for its offensive cyber warfare capabilities. Yeah. Um can you explain to me cyber defense? I mean like you can go and look for holes in systems and scan code bases.

You can also be you know rerouting dealing with firewalls if you're getting DDoS like what's the nature of the threats that you're seeing? What's in the wheelhouse? What do you leave to other uh cyber security firms at this point? Yeah. So just to set the stage here a bit.

So historically cyber is kind of the last mover when it comes to any kind of um advance in software engineering or tech in general. like we're always the last to adopt stuff for whatever reason. Maybe it's because we're just at at the end of the day a bunch of skeptical neck beards. I don't know why.

Well, is that because like basically people want to develop a new capability and that's really exciting and then and then people realize okay now we need to defend against said new capability.

now we need to secure it and and so it definitely the Gartner hype curve um applies to the cyber adoption curve I would say and it's precisely because of what you just said like open claw is a great example right there's all this excitement around it and then two days later it's like well [ __ ] this entire ecosystem is open to attack there's API keys floating around in the wild there's people injecting prompts there's all kinds of stuff going on um and so what you'll find is just a default default sense of skepticism across the industry when it comes to anything new and AI is no stranger to this.

Um, makes sense, right? But what we're seeing is that the attackers on the attack side of the equation have no such compunctions. Um, they are generally willing to try and take on any new technology that comes on board.

Um, and they certainly have adopted AI in order to industrialize and weaponize their exploits and their um their attacks and campaigns in general. Um, and they're moving at warp speed.

Like when we started the company a few years ago, uh, you know, we were met with, you know, skepticism like, you know, are do you guys really think this is a thing? No one really knew what an agentic workflow was with AI like to everyone who was still a chatbot. Now everyone knows what an agent is.

Everyone knows you can string them together and the adversaries have been kind of one step ahead of everybody and they've been wiring these things up to offensive frameworks, offensive tools and now you're seeing this kind of asymptoic attack pressure um that's targeting organizations and that's just coming up with novel new exploits, attack techniques uh and and so on every single day.

Now the problem is there's no corresponding defensive counter pressure. So you have this mounting attack pressure on the outside and then organizations and their cyber defenders are still moving at human speed on the inside. It's like what do we do?

Every 6 months a red team comes around tells us you know how screwed we are and then we scramble around and then deploy a bunch of controls. Okay, what knobs do I have to turn over there and as this is happening out here in the attack landscape moving at human speed in here just isn't sufficient.

So what we intend to do is essentially drive a similar asympotic curve for defenders internally.

Um yeah that that's ultimately you know what what the strategic landscape is and the way that that needs to happen and I don't care if it's us I don't care if it's another company essentially the same problem that Palunteer set up to solve. Mhm.

And uh we can get into the reasons why cyber lows it doesn't talk to each other. The tools don't like to talk to each other. Your crowd strikes don't like to talk to your octas don't like to talk to your Splunks. Um Splunk in general is like an old model of let me just send data there and then worry about it later.

And so Splunk to me is where data goes to die. And so what we do is tackle multiple things in parallel. Number one, break down all these silos, force these tools to talk to each other. Number two, for any dead data sources that are sitting around your organization, whether it's Splunk, whether it's data in S3.

All right, let's light those things up. We can dispatch swarms of agentic whatevers to get in there and start asking questions about, okay, what kind of data exists in here? What kind of aggregations can we do?

What kind of let's just build swarms of these little mini data scientists and throw them at these dead data structures, light them up, and then bring them into the greater cyber defense ecosystem.

So you can almost think of the the thing that's necessary as we move forward into this future is like the cyber version of JAD2 essentially for anyone that's familiar with the defense tech ecosystem.

Jad2 is joint all domain command and control system and it was an initiative by the US military still is to tie together sensors fuse that sensor telemetry into a common cohesive command and control uh layer and then allow the war fighter to make decisions at speed against it.

and cyber defense just has no uh analog uh to that capability and that's that's the capability that that we're bringing to the table for for our USG partners. Very cool. Walk me through a little bit more of like why I would want to investigate dead data.

Is that like if I'm a business, I have a bunch of data in S3 and it happens to have customer credit cards. If that got hacked, that would be bad and so maybe I want to lock that down, uh delete it if I'm not using it. or or is there some other shape of like the threat of this like dead data concept?

Yeah, so dead data exists uh in one of two dimensions. So the data exists um in the sort of pre-attack dimension of okay, there's data that could tell you about latent risks in your organization.

So I'll rewind you guys back to 2019 and there was a massive malware attack called Triton against oil and gas facilities in the Middle East.

And the reason that attack was able to go down is because no one put the pieces of the puzzle together that hey, we've got a senior engineering dude with a system that has weak controls applied to it that also serves as a jumpoff point into the OT or critical infrastructure sector of the network.

Now, to put those four pieces of data points together, you need a board security engineer. You need a red team to come in and find it for you. and they might not ever find it even though they might spend three months trying to look for it.

So, you know, that could be one of a hundred attack pads that exist in your environment. So, that's kind of the pre-attack latent risk piece. And then on the post attack side, you've got data that's that's being emitted from everyone's devices inside these environments.

And what that data can tell you is all right, all this latent risk back here, is anyone actually taking advantage of it or exploiting it? This is where this second half of the equation is where you discover that.

But what we've done over the past 20 years because I don't know the big four consulting firms of the world have told us to do it is we send data to these data stores like S3 or Splunk or what have you and then we just don't have the bandwidth to come around and then do something useful with it.

You know, you need some kind of sophisticated data analytics people that think along the lines of how to make use of this data appropriately.

you need to think along the lines of joins and tables and you know objects and ontologies and that kind of skill set seems to just not be there uh when it comes to um cyber defense you know Palanteer I think was the first one to kind of break through and show people that this could be done for cyber defense as well um and and there's a multitude of reasons why um it didn't work like Foundry was early at the time when when we were trying to break cyber um and so what we're trying to do is close the gap and just have a turnkey solution and say, "Okay, you've got dead data here.

You've got dead data here. So, you you don't even know what where the adversary is going to come from. Like, we can't predict the next breach because no one's looking at it. We can't tell you whether a breach is actually underway because no one's looking at it.

So, let's break all of this down, fuse it into this cohesive layer, and then we can tell you where the next breach is going to come from, and we can tell you if it's actually going down right now as we speak.

" So that's that's where we view the kind of like lighting up these dead data structures because otherwise you needed a person to kind of sit there and come up with okay what queries are we going to ask and what automations are we going to put into place and it's like dude when the dimensionality of some of these attacks is so large you can't predict what queries you want right like you don't know how that attack is going to go down you don't know how it's going to manifest itself until it does and so the only way to solve it is by generating and evaluating ating those queries and their results at machine speed.

Can you give us a brief history of uh cyber warfare with Iran? Um yeah, the Iranians have a long history of executing advanced um cyber warfare attacks against the United States and um our allied partners as well.

So, you know, the the cyber companies love to give the Iranian um cyber warfare groups all these cute names like hydrokitten and all this [ __ ] but at the end of the day, they are a well-known uh you know, advanced uh nation state cyber warfare outfit like to like on the same level as kind of Russia GRU or uh PLA cyber warfare units, DPRK cyber warfare units.

Um they were really not happy when stuckset was a thing. So back in 2010, for anyone who doesn't know, stuckset was kind of the first, hey, let's have a cyber thing that can be implanted in a physical system and then have kinetic effects in the physical world.

So that thing went into the uh the nuclear enrichment facilities and um or the one facility that it was targeting and then made the centrifuges rotate to the point where the the hardware just broke down. Right? So that was the first uh equivalent that was the first kind of example of that.

The Iranians took that as an inflection point, kind of ramped up their offensive cyber capabilities.

And, you know, for the past, I'd say 15 years, they've been, you know, on a on a campaign to uh kind of bring those capabilities to bear, targeting US government and um and private sector entities um pretty much across the board.

So, you know, all of that happens and it not only happens with Iran, it happens with Russia, it happens with North Korea, happens with China, it kind of all happens as this like cosmic background radiation. uh against which like the regular commercial industry and private sector operates.

And there's very few people that actually realize that, you know, there's all these nefarious characters in the background that are continually targeting our organization, whether through external cyber attacks, whether through trying to flip insiders, you know, corporate espionage or what have you.

Um and so there is a cyber cold war going on. Iran has been a key player in it. And um and despite, you know, decades of trying, uh you know, it took, you know, let's call it for what it is, an administration uh that said, you know, enough is enough and we're going to put some bombs on target.

So, hilariously, uh the Cloudflare um founder tweeted out a few days ago that basically the Iranian uh cyber warfare um outfits activities have ceased uh completely since the strikes have uh have gone down. So, we'll see what happens. Yeah. Wow.

Well, good luck out there and uh we have a really congrats on all the progress in the business. Thank you so much for taking the time to come on the show. Cheers. See you soon. All right. Thank you. Let me tell you about 11 Labs. Build intelligent realtime conversational agents.

Reimagine human technology interaction with 11 Labs. And let me also tell you about Cognition. They're the makers of Devon, the AI software engineer. Crush your backlog with your personal AI engineering team. And without further ado, we will begin the Lambda lightning round. Let's see that cloud in all of its glory.

There we go.