Uncategorized

AI Security: Pioneering the Future with Cranium’s Jonathan Dambrot

Explore how Jonathan Dambrot, CEO of Cranium, is redefining AI security by pioneering solutions that safeguard machine learning systems, enable regulatory compliance, and address the critical challenges of AI governance in an era of exponential technological change.

Posted on

Written By: supervisor

0

AI Security: Pioneering the Future with Cranium’s Jonathan Dambrot

Posted on by supervisor

The following interview is a conversation we had with Jonathan Dambrot, CEO and Founder at Cranium, on our podcast Category Visionaries. You can view the full episode here: $32 Million Raised to Power the Future of AI Security

Jonathan Dambrot
Yeah, thanks for having me Brett. 


Brett
Not a problem. 


Brett
So let’s just start with maybe a quick summary of who you are and a bit more about your background. 


Jonathan Dambrot
Yeah, absolutely. So today I’m the CEO of Cranium and we spun this business out in March from KPMG studio. We were the first ever technology business coming out of the studio. So this was fun and it was great time. And we came out of stealth in April. And so I spent about three and a half years prior to that as a partner at KPMG, running a couple of their businesses in third party security globally. Security. And then I pitched the firm on canadian Cranium and did that for a couple of years before we spun out. Prior to that, I was the CEO of a company called Prevalent. So I built a Gartner Forrester leader in third party risk management, threat intelligence, and I sold that to a private equity firm in New York. 


Jonathan Dambrot
So I’ve had the ability to work inside of a startup, inside one of the biggest firms in the world. And now I’m fortunate enough to be able to take that great fun and knowledge and be able to bring it to Cranium, where we have built a platform for securing machine learning and AI systems. And Brett, people, they want to talk to me about this today. Whereas two years ago, when we started this process, not so much. So it’s actually a great time to be here and really appreciate having me on. 


Brett
That’s a pretty interesting career path. I feel like people would normally work at firms like KPMG and then go out and become a Founder and start a company, but you did the opposite. You started off as a Founder and then you worked at KPMG and now you’re back as a Founder. What was that like, transitioning to, you. 


Jonathan Dambrot
Know, it’s kind of funny when people ask me that question, what do you mean you’re going to KPMG? I got a lot of that when I first started there. But my experience at KPMG was great. I know some people think about it differently than I do, but my experience was extraordinarily entrepreneurial environment. I was looking at what I wanted to do after I came out of prevalence. So I sold that business at the end of 2016. I came out in early 2019, and I was really thinking about different opportunities. So I had raised some money to potentially go into another business. And KPMG came to me and said, do you want to run our third party security business in practice? And we want to grow this? And they were thinking about me for that. And I kind of said no at first. 


Jonathan Dambrot
And then I started meeting with some of the partners and I was really impressed with the level of talent, the innovation that was happening there. Most people don’t know. They have 1000 data scientists in the US. And I met with some of the leaders, some of the other partners like Kyle Kappel and others, and I was just so highly impressed with them. They were like me. They wanted to build the business aggressively, they wanted to invest innovation. And so I felt like it was a good opportunity to try to run something larger scale than I had done previously. And so, yeah, I kind of did it backwards, but in this case, it really worked out well. And then I had an opportunity, as were building a lot of AI and ML systems, to start looking at this AI security space. 


Jonathan Dambrot
And it’s interesting, I got to know Steve Chase, who ran consulting. He’s now vice chair of AI at KPMG. And I got to know him really well. And he said something to me that I thought was very profound. It’s like if you want to solve really big problems, there’s no better place than a big four. You see big problems at the largest scale and you get to get involved in them. And I started seeing that on the machine learning and AI side directly as were working to build machine learning into my practices. And that’s really what created this and incubated the idea of what ultimately became Cranium. So for me, it was great. Others, their journey is going to be way different. And I don’t think it’s a bad journey to start as an associate, build your career, and then go do something else. 


Jonathan Dambrot
But I highly recommend startups. Previously, I was trying to get some of this experience. I thought it was great, very entrepreneurial. I pitched a lot of options and projects and the firm funded them all. So it was great when it comes to your inspiration. 


Brett
Are there any founders that come to mind? Like any founders that you’ve worked with or you’ve studied and you followed and you’ve just been really inspired by? 


Jonathan Dambrot
Yeah. So I think when you look at the Founder ecosystem, I’ve been very fortunate. So when I was running prevalent, I got to work with other founders and third party, and I’m seeing that here with other isecurity as well. And what was interesting is it felt like a meaningful opportunity to change the way something works. So in the past, I used to work with Alex at security Scorecard. I used to work with founders that were in the ecosystem at some of my, you know, some people go, what are you talking, wow, you’re going to name these people? I tell you, it was a great community to really go solve a problem. And we all came together today. I would call them friends. Tito over at hidden layer, he and at protect AI. 


Jonathan Dambrot
And we think about how do we build a community to go solve these big problems that I don’t think any one person or one organization can solve. So I’ve always tried to look at this from a community perspective and I think those are the founders that when you need to talk about these things, what’s happening in your business? Wow, I just ran into this. They become a real strong backbone for me at least. And so, yeah, I look at them as those that I look up to and I look as peers that I can have real conversations with. 


Brett
What about books and the way we. 


Brett
Like to frame this? And we got this from an author named Ryan Holiday. He calls them quickbooks. So a quickbook is a book that rocks you to your core, really influences how you think about the world and just how you approach life. Do any quickbooks come to mind? 


Jonathan Dambrot
Yeah, I know this is one that I think a lot of people point to, but, man, search for meaning for me is one of those books that I think is a relatively quick read, but talks about how meaning is what drives everybody’s ability to kind of drive happiness and career fulfillment, but also pushes you in a way that if you don’t have meaning, it’s very hard to even get up in the morning. Right. And the corollary in that book is that this was a Holocaust survivor who built this theory and thesis around meaning being that important. And what he saw all around him in the Holocaust was once you lost meaning in your life, even if it was something small, if you were a victim of the Holocaust, it basically meant death. 


Jonathan Dambrot
And so this was obviously at the extreme, but he was able to look at this theory and use it in a way to drive meaning into the rest of his life, both post World War II, but also as he was looking at this across business and working with other leaders and stuff. So I like that book a lot. 


Brett
I haven’t read that book in probably seven or eight years, but I need to go back to it. I remember reading it, however long ago, and just thinking to myself, like, wow, this really puts my problems in perspective. The problems that I thought I was doing with the time, they seemed extremely, almost shockingly low level. They were just nothing compared to what. 


Jonathan Dambrot
He was dealing with. Yeah. And I think it’s true every day. 


Brett
Right? 


Jonathan Dambrot
So I look at it when we start setting our own goals and have our team members think about the things that they want to accomplish if it’s not meaningful. Right? I mean, Brett, you probably feel this too. If it’s not meaningful to your life, it’s really hard to push through and do the really difficult things that are necessary in order to achieve the type of achievements that most of us want to achieve. Right. So to be at that level, it has to be meaningful. 


Brett
How do you define a meaningful life? 


Jonathan Dambrot
Yeah. So for me, it’s interesting. I kind of bucket my life, and we talk a lot about work life balance. For me, that equation has to include my family. It’s always family first. Right. But my family’s so integrated into the ability for me to go do what I do in my business as well. So my wife, Alana, three daughters, and they are the centerpiece of what I think about when I think about meaning, and then when I think about my business, being able to solve really big problems, that if we’re not here and we’re not part of that solution, really bad things happen. And especially when it comes to transparency, we’re going down a path where if we don’t get this right, where all those people’s fear. I’ve never seen more fear around any type of technology than AI. 


Jonathan Dambrot
And, Brett, you’ve probably seen this in your conversations with others as well. But if we don’t solve this the right way, this fear will manifest into something really bad. So I feel like setting up those guardrails is a meaningful exercise. Being able to provide capability and solving this problem with the community and then being able to develop solutions and products for our customers that do this at scale is probably the most meaningful thing that we can do. I feel like when we have craniacs working on this, being able to help solve this, we’ve been able to attract incredible talent. But, yeah, it’s really those two buckets. For me, it’s family. It’s solving big, meaningful problems and doing it at scale. 


Brett
Well, that’s a perfect segue as we dive deeper into the company. So I know you just touched on it a little bit there, but maybe if you can just expand on it, what does the company do? 


Jonathan Dambrot
Yeah, so Cranium was incubated to solve a couple of problems. So when I started talking to organizations about this, I saw it directly in my practice, as I mentioned. Right. I just couldn’t find anybody who was talking about security, even though were taking the most sensitive data, putting these through models that were developing, pushing them through endpoints where people were making really big decisions about their supply chain. And so I’ve started having conversations with a lot of security professionals. And so over maybe the course of a couple of years, I spoke to probably 100 cisos, and I couldn’t answer the question. I couldn’t get a positive answer to the question of how do you get visibility into the machine learning and AI systems, whether those be kind of enterprise AI or Gen AI that’s happening in your organization? And so it just didn’t exist. 


Jonathan Dambrot
Like these security professionals were so focused on other areas and other priorities, which they absolutely should, because that’s what was impacting them. And so we basically built our capability to really help solve that problem. And we found that there’s kind of four key areas that organizations really need to think about at a high level in order to solve for the majority of their AI security challenges. The first one is discovery, which is visibility and the ability to understand the risks that are happening based on the use of AI and ML in your environment. And so we started there. We also built an engine for adversarial risks. So what we found was that people didn’t even have an understanding of the lexicon, right? So things like backdoor detection or data poisoning, model poisoning, model evasion. 


Jonathan Dambrot
So in addition to being able to understand where AI was being used, organizations, as they started to mature, really need to understand those specific threats to their AI systems. And we started building capabilities around how to effectively protect and monitor against those things. We found very quickly, and this has been happening at warp speed, that the compliance and regulatory environment is going very quickly around AI and ML. So this year, we also launched something called AI Card, which enables organizations to automate the compliance and transparency of their AI systems against things like the EUAI Act, NIST AI risk management framework. The initial iteration of that hit in January, and so being able to really quickly understand how an AI system complies with those requirements, as well as potentially internal requirements that are being set up through the AI governance community. 


Jonathan Dambrot
We built it so that it could effectively give that visibility, provide that to clients, provide that to regulators or to other stakeholders internally, and then we use the same technology because what we found also was that AI is also a third party risk in some industries. They don’t have data scientists, they don’t have mlops, they’re using gen AI services or they’re using other AI services. So we use the same capability to basically we turn it on its head so that you can get that from a third party and supply chain perspective. So those were the four pieces. It’s visibility and discovery, monitoring for adversarial risks, compliance around your AI systems, and transparency, as well as third party and supply chain visibility and risks. 


Brett
What’s the market category here? Is it AI security or is it something else? 


Jonathan Dambrot
A lot of people would argue with me here. I think what we’ve seen now is the term AI has become kind of a catch all for machine learning, deep learning, as well as what we would define as kind of AI moving forward. And so we look at it as AI security as the category. And I think that persists. Well, there is some confusion bread around that when you talk about the use of AI in cybersecurity. So when we think about AI security, it’s really using, it’s securing the AI itself. 


Brett
This show is brought to you by Front Lines Media, a podcast production studio that helps B2B founders launch, manage and grow their own podcast. Now, if you’re a Founder, you may be thinking, I don’t have time to host a podcast. I’ve got a company to build. Well, that’s exactly what we’ve built our service to do. You show up and host, and we handle literally everything else. To set up a call to discuss launching your own podcast, visit frontlines.io podcast. Now back today’s episode. 


Brett
When it comes to making this category real, evangelizing it into the market, and making sure that when people think AI security, they think Cranium. What types of activities are you currently doing? 


Jonathan Dambrot
Yeah, it’s interesting. So we have been working really hard to make sure know from a category perspective, we have good consensus. So we’ve done work with the Isaacs and the Global Resilience Federation recently to develop a set of practitioner guides. Guides. We’ve done that in collaboration with KPMG and about 20 other organizations, and that got published over the last two months. And we just came back from the GRF AI security summit. And so I look at those resources and what we did is we got organizations like Microsoft, Mitre, CISA, it was know, with, you know, obviously I had my team involved. We had Johnson and a group of others. So it was really cross sectional, cross industry, and we started asking questions like, how are you thinking about this? What does the AI governance look like? 


Jonathan Dambrot
How do you think about the components as a practitioner? And it was an amazing opportunity to work on it from a community perspective and then bring together these two really powerful guides. So that was one thing that we did over the last few months, and I think we started that about seven months ago or eight months ago, even when were incubating. And as we think about marketing Cranium, it’s how do we bring that thought leadership, our enterprise clients that they need to get done, and the use cases. So you’ll see a lot more around those pieces. I think you’re going to see this. How do I even understand what my AI environment looks like? How do I understand the threats to that? How do I make it super easy? And we’re going to continue to push on them. 


Brett
Talk to me about the headshots. I saw that you and your co-founders all have very cool art design or graphic design headshots. What’s the backstory there? 


Jonathan Dambrot
Yeah, we want to do something cool, right? We’re an AI company. We had our original headshots that we had put on the website and we said, gosh, these don’t look great. We don’t like them. Let’s use AI. So we ended up using Pixar for that. And what’s fun about that is you basically send your pictures to Pixar and it comes back with like 200 different options. And some of these were crazy Brad, like superhero pictures. One was on the beach with this hawaiian shirt. My wife helped me pick the one I used. She thought it looked the most like me. That wasn’t getting too crazy. And we wanted to have fun with it. And we’ve actually got a lot of play with it. It’s using AI in unique ways and in this case, helping us tell the story right. 


Jonathan Dambrot
So it was just a fun way to kind of let people know who were, make it a little bit more fun. 


Brett
That’s awesome. What are you doing to rise above all the noise that’s out there? AI is obviously a very noisy space. There’s a lot of funding that’s gone into AI over the last year or two years. So what have you done or what are you doing to really rise above all of that noise? 


Jonathan Dambrot
I think we want to have really strong clarity around. You asked me about the space. I think we’re working hard to make sure that people fundamentally understand how AI is being used by their organizations, where the boundaries for AI security and safety are, how do we make sure that the regulations are tight? And I think in doing that as a community and bringing our products and making them usable and scalable for the largest enterprise customers who have been our design partners, we had to meet really strict standards at KPMG for both software development and security as well. 


Jonathan Dambrot
And so we’re putting together all the things that are super important to our clients and trying to give clarity and a capability that allows them to answer the question today, not having to wait two years from now, but answering the question of do I know how AI is used in my environment and is it secure, compliant? And do I know? And I understand how we think about the supply chain of AI. I think in the very near future, Brett, and we’re talking months, not years. 


Jonathan Dambrot
If you can’t answer those questions, you’re going to have a problem, especially given all the investments in AI, because there’s so much over trust today and the regulations are hitting over the course of the next six months in such a way that you’re going to have to do these things in a way that you haven’t had to deal with them in the past. And so where we believe we can play and where we’re really focused is making sure we can address those customer needs today with the best product, with the best team. And our marketing teams are working hard to make sure that people know who we are, that we’re out in the marketplace, and that it’s easy to use and consume our products. And I think that’s all we can do. Right. 


Jonathan Dambrot
I think that our customers are going to define whether we’re successful, the market is going to do what it does. I think we are going to try to educate that market and try to keep this as streamlined and easy to consume as possible. 


Brett
How much of that education extends to regulators? Are you actively engaging with regulators and trying to help ensure that they understand the true power of this technology? 


Jonathan Dambrot
Yeah. So we have had a number of different discussions with different members within the government, whether that be statewide or federal. We’ve worked with some other organizations who have different people talking about AI security. I’m on the road all the time talking to not only them, but also directors at organizations who now have to think about these things. And so our goal is to try to inform, make sure people understand the challenges, the threats, the risks of these, and then be smart about how do we regulate here and how do we provide solutions here so that people can actually continue to innovate appropriately. Because part of this is AI is just a wonderful capability. 


Jonathan Dambrot
And in most cases, if you build AI and ML systems appropriately and you do it the right way and it’s for good, and you’re solving big problems, we can do things that we could never have imagined in the past. We just had to do this the right way so that we don’t start seeing those more doomsday based questions that are popping into people’s minds. And I think there’s a way to do it. And so we want to make sure people understand that way, how to build those guardrails. And I think we’re part of that solution. 


Brett
Do you worry at all that regulators are going to kill innovation here? 


Jonathan Dambrot
Absolutely. And I think the problem is when you see lumpy regulation. Right? So the EU has already taken a stance and they’ve approved the EUAI act, and that’s going through the process of now coming into a place where it can be enforced. And they’ve already put dollars aside for helping drive enforcement of that, which I think starts to take heed in the next 18 months or so. The problem in the US is you’re going to see this very similar to the way that GDPR versus some of the stateside privacy regulations work, like CCPA and others, is that if we’re not careful, it can become very bifurcated in terms of how do you solve for these states specific issues, and they’re not aligned. 


Jonathan Dambrot
So I think in this case, the White House has done a relatively good job of bringing people together and having the large technology companies come and speak to them. I think we’re going to have an opportunity with some of our peers to have a voice in that equation as well. What are the security implications? What are the threats that they don’t want to talk about? How do we make sure that our voice is heard in that? And I think there’s going to be some additional federal regulation here coming. There will be some additional executive orders around this coming even over the course of the next month that I think will be helpful as people are starting to plan here. 


Jonathan Dambrot
But when you start seeing a lot of that regulation, whether it be in Europe, in the US, China, when you have certain countries that aren’t going to regulate, it starts to create challenges. So like India has already said, they’re not going to regulate AI. They’re hugely regulating privacy. But when it comes to AI, there’s going to be no regulation. And they’ve said this publicly because they believe that it will create innovation challenges for their nation. And so I’m not sure, Brett, what happens, but that seems very lumpy. So if I’m a company and I’m building a new AI system, where am I going to do that? And we’ll see how that plays out. But you’re probably going to do that in a place that isn’t as regulated in a lot of cases. Right? 


Brett
Have you watched the Bill Gurley talk, 2580 miles, something like that? 


Jonathan Dambrot
No. 


Brett
I’ll send it to you. It’s just about regulation in the United States, and big companies really want regulation and they’re pushing for regulation because it really benefits them. And then the small companies kind of get worked out of the market. I’ll show it to you after the interview. It’s a pretty fascinating video. 


Jonathan Dambrot
Well, and I think that’s potentially the harm here. Right. So I’ve met with a ton of investors over the last several years, and I couldn’t find any software investor that hadn’t invested, like, if you think about the last five years, invested almost every investment, if you were a software technology investor, was an AI investment over the course of the last several years. Right. And so we’re now feeling that hitting us all at once. And so these are still small companies comparatively. Right. And so we need to continue to enable the ability for that investment to drive innovation in a meaningful way if it’s just left up to the largest companies, unfortunately, I think it won’t keep up at the same pace. So I would love to read that, send that over. I think we feel that today. 


Brett
Yeah, I definitely will. As I mentioned that in the intro, you’ve raised 32 million to date. What have you learned about fundraising throughout this journey? 


Jonathan Dambrot
Yeah. So we hit an environment where I think you would say over the last decade, we hit an environment here that has been pretty problematic for fundraising generally. Right. Valuations have been especially for those that are raising series b and beyond. I think there’s been a pullback in not only the amount of capital, but also where that’s going. And so we find ourselves somewhat in a unique position, Brett, that we’re at the intersection of cyber, which I think has continued to be a place of investment, and AI, which this has been unprecedented, a high level of investment in AI this year. And I think last year has just gone really up into the right so that intersection, I think, for us, was beneficial. 


Jonathan Dambrot
As were going into our fundraising process, especially as were coming out of KPMG, we could know not only that we had given this a lot of thought and we had great design partners, but that we would have something of tremendous value as people were now trying to figure out their own AI strategies. And so we got preempted in our series a, which Telstra Ventures came in and said they loved what were doing. We did that series a about six months after we did our seed round. And so I think that is not typical of this environment. Mean, I know you speak to a ton of people, but for us, I think there’s still a lot of money on the street. I think for AI and cyber, at a minimum, the fundraising environment is actually pretty good. 


Jonathan Dambrot
I think if you’re trying to do your BCD rounds right now, it’s a little tough. 


Brett
Let’s imagine you were starting the company again today from scratch. Based on everything you’ve learned so far, what would be the number one piece of advice you’d give yourself? 


Jonathan Dambrot
That’s a really good. Brett, look, I think that this innovation environment is so dynamic, so AI, and we’ll call it especially gen AI right now, is changing so radically that it’s fundamentally changing business models in real time. So the cycle times are happening so quickly and so differently. So there were some things that we decided to do early on that I think were informed by the conversations we had with our design partners a couple of years ago that we’re modifying now because of, obviously, the changes in these models. So probably I wouldn’t have made certain decisions because it’s changing so radically. Right. So today, I probably would look at some additional dynamic AI capabilities that we’ve had to build over the last six months and the last year that weren’t really even in the conversation two years ago. 


Jonathan Dambrot
And so mice would be planned for that level of change. Right. We moved. I mean, Brett, if you think about it, right, we moved from basically a linear innovation environment where AI had penetration rates of about 20% to, like, an exponential AI penetration rate of 80% to 90% in a six month period. And you’re going to see the exponential change now increase the speed of all of these changes in these business models and every process and every product and service that’s delivered. And so we’ve enabled our capabilities to keep up with that pace. But if you’re not building right now to keep up with that change in that pace, you’re dead. 


Brett
Final question for you let’s zoom out three to five years into the future. What’s the big picture vision that you’re building? 


Jonathan Dambrot
Yeah, so we’re really interested in now, again, going back to that kind of exponential growth piece, we’re at the beginning of this AI journey, right? So if we think about recursive engines that are going to continue to change and get better over time, you’ve seen some initial pieces of this, like auto GPT, the problem solving capabilities are only going to get better. And now we’re going to start attaching things like quantum and other capabilities that we’ve only really started to see hit the market. And so this convergence of both exponential growth in AI tied to even more power, I think, is going to enable much bigger problem solving. 


Jonathan Dambrot
But it’s going to create an issue where we’re about to run into, even though we expect the productivity gains to outweigh any loss of employees or business models, I think the next three to five years is going to have this massive change. And I think those that really understand it, they start building around it. They really take it and accept it today and start building it into everything that they’re doing are going to be in a much better position. I think those that are starting to say that push back on this, and I’ve heard this over the last couple of years, it’s not real. We’ll do it later. They’re going to have problems, whether that be a loss of jobs or not being able to keep up with their competitors that are driving today. 


Jonathan Dambrot
I really do think this is an environment where you’ve got to get started. And if you don’t, in three to five years, I think you’re going to see business models fail because of it. 


Brett
Wow, fascinating stuff and a little bit scary, but also sounds like a lot of opportunity there. Jonathan, we are over on time, or almost up on time here, so we’ll have to wrap before we do. If there’s any founders that are listening in and they just want to follow along with your company building journey, where should they go? 


Jonathan Dambrot
So look, I tried a lot of different social media platforms. I think LinkedIn is the best one right now for me to keep everybody up to date. I use LinkedIn and I’m on that the most. And if you want to follow along, whether it be me personally or Cranium, or if you want to become a craniac, come and join us. Obviously, our website is a great resource, and I think we continue to try to put great research out there, and we really want people along for the journey that are interested in solving this problem with us. And so please reach out on LinkedIn or reach out off the website and would love to have you involved and be an official braniac. 


Brett
Amazing. Jonathan, thank you so much for taking the time to chat. This has been a lot of fun. 


Jonathan Dambrot
Brett, thanks so much. 


Brett
All right, hey, keep in touch. 


Brett
This episode of Category Visionaries is brought to you by Front Lines Media, Silicon Valley’s leading podcast production studio. If you’re a B2B Founder looking for help launching and growing your own podcast, visit frontlines.io podcast. And for the latest episode, search for Category Visionaries on your podcast platform of choice. Thanks for listening, and we’ll catch you on the next episode. 

Twitter facebook-share-iconfacebook linkedin-share-iconlinkedin

Leave a Reply

Your email address will not be published. Required fields are marked *

Write a comment...