CalypsoAI Investor Pitch Deck November 2022
- 1. CAL PSOAI Cybersecurity for AI November 2022
- 2. GPT-1 GPT-2 Mega-LM T-NLG 17B params GPT-3 BERT BRAIN 0.1B params 0.33B params 1.5B params 8.3B params 175B params 1.6T params 2018 2021 3 years: increase in the largest model parameters 16000x AI adoption & complexity are increasing With parameters getting exponentially larger
- 3. Documented instances and examples of adversarial attack types have grown exponentially. The attack surface of AI models is fundamentally different from traditional software due to their non-deterministic nature. 2014 2015 2016 2017 2018 2019 2020 2021 5970 8980 3470 1680 627 199 257 350 Adversarial attack examples (source: “Adversarial Attacks” - Google Scholar) Increasing complexity is opening up new security risks With adversarial actors exploiting new surfaces
- 4. NLP Modifying characters or words to mislead models’ sentiment classification e.g. textfooler, fast-alzantot, Deepwordbuq VISION Inserting noise or patterns to mislead model’s classification and detection e.g. MIT adversarial patch, Chroma attacks, Pre-Sensor adversarial patch TABULAR Inserting noise or outliers to mislead tabular models e.g. VText size, LowProFool, Brute force outlier attacks Adversarial attacks can now affect any model type GRADIENT BASED ATTACKS SCORE BASED ATTACKS DECISION BASED ATTACKS A gradient based attack is the most common type of AI attack. These attacks work by modifying the gradients of inputs. We defend against more than 30 types of gradient-based attacks By modifying the probability of object detection, attackers cause misclassification and large scale model attack. We defend against more than 10 types of score-based attacks AI Attackers can attack an AI model without any knowledge of the algorithm. They do this by attacking the decision boundaries that an AI algorithm uses to make decisions Examples from our best-in-class proprietary adversarial threat repository
- 5. 1-10: see last slide for references FINANCIAL SERVICES ENERGY & UTILITIES HEALTHCARE CONSUMER SERVICES ATTACKS ON AI MODELS HAVE ALREADY BEEN DEMONSTRATED IN THE FOLLOWING USE CASES: TRANSPORT & SECURITY Communication infrastructure Industrial Control Systems Battery Management Systems Distributed grid management 3 2 1, 4 5 KYC/AML Skirting Transaction Fraud: - Falsifying signatures - Spoofing transactions Insurance Fraud: - Falsified claims/ personas 7 6 Misleading Human & Virtual Assistants: - Misread sentiment - Leveraging psychoacoustics and synthetic audio to exploit responder systems Bypassing Trademark/ Copyright/Spam protection Malpractice due to medical device attacks Evading Malware detectors Transport/Fleet management systems Airport Scanners: - Not identifying threats CCTV and security cameras: - Mislead detection - Make objects/people invisible 10 9 With the potential to erode trust & cripple critical infrastructure 8 Increasingly,attacks are affecting every industry
- 6. CAL PSOAI THE LEADER IN AI SECURITY
- 7. Our proprietary library of AI attacks & defenses is already regarded as the market leader Developed from the most high-risk,most active sites LARGEST THREAT LIBRARY MOST CRITICAL CUSTOMERS ON-PREM INSIGHTS We have developed the largest library of adversarial attacks and defenses across model types. This robustness is key to being the market leader in our category. Our library benefits from having the most high-risk, critical customers in the world: the US government. Through this client base, we are exposed to a greater range of attacks than most other companies. Because we are actively deployed on-prem in critical government sites, we are able to gather rich insights into risk mitigation products, opportunities, and strategies that apply across verticals
- 8. S t a t u s Threshold Accuracy Test Type White Box Adversarial 16% 50% 50% 50% 50% 50% 50% 85% 85% 85% 7% 51% 53% 52% 48% 90% 65% 87% Fog Gaussian Blur JPEF Compression Black Box Adversarial Contrast Gaussian Noise Pixelate Saturate Model Inversion Lev e l Pass Pass Pass 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 Pass Pass Fail Fail Fail Fail Our product offers AI-pen testing integrated in your existing production lifecycle Extending the concept of CI/CD to include “continuous security” API based integration with major MLOP vendors to increase workflow efficiency Unique hybrid approach running synthetic data simulations over existing datapoints Advanced use of synthetic data for model inversion/ reverse engineering capabilities Advanced quality management and audit tracing features
- 9. Our approach has been battle-tested at the highest levels C u r r e n t l y p r o t e c t i n g I N d u s t r y A c c o l a d e s P a r t n e r E D W I T H We’ve already built a reputation as the market-leader in government, with on- prem deployments adding robust insights to our product stack Selected as a cool AI Vendor for AI Security Language Mandating AI T esting/ Security Compliance in 2023 Defense Budget Helped shape the NIST trustworthy AI standards Program of record with Department of Homeland Security Partnership established with PricewaterHouseCoopers Partnership established with the largest defense consulting firms Partnered with the largest technology partners Part of $249m JAIC contract Part of a large program at National Air & Space intelligence center securing large satellite systems
- 10. CAL PSOAI POSITIONED TO EXPAND ACROSS VERTICALS & ACROSS THE RISK STACK
- 11. We’re positioned to build the first end-to-end cybersecurity for ML solution across the risk stack Expansion into Healthcare and Telecoms 2019 2020-2021 2021 - 2022 2023 2024 PENETRATION TESTING* Testing models pre- deployment to assess vulnerabilities First fully automated pentesting platform with CI/CD integration ML FIREWALL (Security Gateway) Adaptive,real-time filtering Pre-empting corrosive and adversarial data from reaching model APIs THREAT INTELLIGENCE Quantitative and qualitative monitoring of attacks EDGE DETECTION Detection and alert function based on adversarial anomaly detection Proprietary Threat Library Robustness & Penetration testing for US Gov clients Continued partnerships & expansion in US Gov Expansion into Financial Services and Critical Infrastructure M arket Product R&D: Built biggest repository for adversarial attacks AvailableToday AvailableinQ12023 Q12024 Q42024 *ThephraseusedintheUSGovernmentisIndependentTestingandValidation
- 12. Our robust AI security flywheel powers our growth A robust threat database forms the heart of winning in this categorry and is helping us build a meaningful product moat across verticals Starting from US government as a client has given us a unique advantage.The highest dimensionality of attacks are against the US government and many adversarial attacks have similarities across model typologies. With the most robust security offering,expanding to new customers and adjacent markets becomes an easier sell as we progress from highest risk categories (government,critical infrastructure) to lower risk categories. In turn,these new customers strengthen the flywheel by further enhancing our attack library,benefiting all clients under our umbrella,including government. Exposure to the widest variety of complex attacks (in government) Adoption into adjacent sectors and verticals Critical Infrastructure Financial Services Additional Verticals Robust attack library and defense capabilities
- 13. Our sales strategy into enterprise follows the well-worn strategy of adjacent sectors,as the industry matures 2010s 2020s ML-Sec-Ops Dev-Sec-Ops ML-Ops Dev-Ops ML Dev For Data Scientists Visualizes model vulnerabilities & robustness metrics Indicates how to improve model robustness For CDO Visalizes model robustness Helps understand critical vulnerabilities across your ML Solves critical model issues For CISO Ensures that AI security is at the organizational forefront Secures your ML infrastructure Provides a single view across your deployed models for vulnerabilities
- 14. CAL PSOAI Neil Serebryany (CEO) [email protected]