Startup Spotlight: Gomboc.ai Balances Cloud Infrastructure Security

Cloud misconfigurations are a leading cause of breaches that lead to data loss for the enterprise, especially with the continued shift to cloud and multicloud environments. But surveying and monitoring all possible endpoints and connections with cloud services is too big a job for humans to accomplish alone — which is how such breaches proliferate. Gomboc.ai aims to solve the problem with a proprietary type of deterministic artificial intelligence (AI) that the company says sidesteps the issues with the more well-known generative AI model.

That hook — deterministic AI — earned Gomboc a spot in the finals of the second annual Startup Spotlight, presented by Black Hat USA. "We are solving the cloud security misconfiguration problem," says CEO and co-founder Ian Amit. That would be a huge accomplishment, since such problems cause most cloud breaches.

"Security misconfiguration backlogs are one of the highest priority issues CISOs deal with since they pose an immediate threat to the organization's cloud security posture, and existing solutions that focus on prioritization and ticketing do not provide a scalable way to address those," Amit adds.

What Is Deterministic AI?

Generative AI, which includes high-profile models like OpenAI's ChatGPT and Google's Bard, analyzes large collections of data to learn the structures well enough to assemble plausible new content from it — that is, it generates outputs. Deterministic AI, on the other hand, defines data characteristics so that a specific problem will have one specific, correct solution that does not change — that is, the data values determine the outputs.

Amit sees this as one of his company's great differentiators.

"[W]hen given the same input, Gomboc will always provide the same output — a crucial factor when writing secure code," he says. "Gomboc does not generate nor hallucinate any sort of IaC."

Generative, or stochastic, AI systems generate code based on statistical analysis, which Amit says can result in code that's inaccurate, imprecise, or bereft of context.

Instead, Gomboc built a proprietary ingestion engine that processes cloud service provider updates as they're released. It then applies the new data to clients' existing network policies, pushing any fixes live itself rather than issuing a ticket for a human to address. The tool works within existing DevSecOps environments, Amit says, keeping approval simple and easy to track.

Of course, deterministic AI, aka reactive AI or expert systems, is not an approach exclusive to Gomboc. Other security companies that employ deterministic AI include identity verification service Vouched and life-science compliance firm LighthouseAI. But by focusing on the highly complex and fraught multicloud environment, Gomboc is putting the technology to good use.

What's Ahead for Gomboc

The four finalists in the Black Hat Startup Spotlight — Gomboc, Binarly, Endor Labs, and Mobb — will present their business models to a panel of judges at the Mandalay Bay in Las Vegas on Wednesday, Aug. 9. Eligible candidates included companies that are 2 years old or less and have fewer than 50 employees. Dark Reading's editor-in-chief, Kelly Jackson Higgins, will host the event, which begins at 4:30 p.m. PT.

Amit says that his company's future plans include expanding to more environments, especially multicloud and hybrid installations. At the Black Hat USA booth, he promises a product demo and merch, as well as a chance to talk to the team who built the product.

The story of the company name is an interesting one: A gomboc is a geometric solid with exactly two points of equilibrium, one stable and one unstable. That means it will always return to its stable equilibrium point, no matter how it's pushed or rolled.

"Our platform turns everyone's cloud infrastructure into a self-righting environment [in a security sense] no matter how a company grows or scales. A Gomboc is a shape that does exactly that: It always rights itself no matter how much you push it," Amit says. "We're big math nerds here at Gomboc, so the shape and analogy have a special place in our hearts."

Speed Round

Website: https://www.gomboc.ai/
Founded: Late 2022 (Funded in November)
Funding stage: Seed
Total funding raised so far: $5.3M
Number of employees: 10
If the company were a band, what would its band name be, and what kind of band would it be: Ship or Be Shipped (Hard Rock/Metal)
Pineapple on pizza, yea or nay?: "As New Yorkers, it's absolutely nay."