Prelude, a Washington, D.C-based startup that helps organizations harden their cyber defenses through the use of autonomous red-teaming, has secured $24 million in Series A funding.
Prelude — which describes itself as the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming — isn’t your average cybersecurity startup. Its founder, Spencer Thompson, doesn’t have a background in the industry, and started out in career discovery with an app called Sokanu, which racked up 10-million-plus monthly users before it was sold in 2021.
“The transition to deep security came because the first version of Prelude was, oddly, a school,” Thompson tells TechCrunch. “It was a school focused on helping people that are typically left behind by the labor market transition into being junior cybersecurity analysts.”
“We were planning to scale it in 2020 and then COVID-19 happened, but it just so happened that one of the investors in that company was deeply involved with the MITRE Caldera adversary emulation framework. The core development team came and joined Prelude and we pivoted toward what we do today, which is continuous testing,” Thompson said.
Prelude aims to harden an organization’s defenses by continuously “asking” it questions through the form of denatured cyberattacks. These attacks respond to the latest vulnerabilities and cyber events, turning complex technical descriptions into easily deployable questions.
“When you think about what happens when there’s an attack, your CEO and CTO are saying ‘are we vulnerable to this thing happening to us?’ and the resounding answer today is a version of ‘I don’t know,’” Thompson tells TechCrunch. “The reason, in some cases, is that organizations are not able to ask their system that question. That’s what we do, and we do that through offensive security. We launch safe attacks against infrastructure — servers, containers and workstations — to elicit that information.”
These questions, which are delivered to any endpoint, cloud environment, user or piece of technology, are designed to automatically integrate with defensive tools, and remediations on how to improve the security of a system are provided once the attack has been run.
The company, perhaps unsurprisingly given Thompson’s background, also believes strongly in training, having partnered with MITRE to help transform sophomores into security engineers.
“The vast preponderance of capital that gets invested into cybersecurity goes into raising the cybersecurity ceiling,” Thompson says. “We believe the fundamental issue is raising the cybersecurity floor, and unless we are able to bring this technology downmarket, you actually have a very large problem.”
The company’s $24 million Series A investment, which was led by Sequoia Capital with backing from a number of investors including Insight Partners, IA Ventures, Four Rivers and Rise of the Rest, will be used to accelerate the development of its platform and expanding its team of security engineers.