John Furrier >> Hello, I’m John Furrier with theCUBE here at theCUBE’s NYSE studio. Of course, we have our Palo Alto studio connecting Silicon Valley and Wall Street. This is our Cyber Security Leaders series. We feature leaders who are making breakthroughs, enabling the security posture to be embedded into the AI native world we’re moving into as the AI infrastructure continues to build out. As generative AI and agents proliferate, more and more security threat vectors appear, the surface areas, everything. Ori Eisen’s here. He’s the founder and CEO of Trusona. I got a demo yesterday here at the NYSE. Ori, great to see you again

Ori Eisen >> Thank you for having me.

John Furrier >> Welcome to theCUBE. Thanks for coming on.

Ori Eisen >> Thank you, John.

John Furrier >> In the cybersecurity leads, we’ve been documenting a lot of things, endpoint protection. Obviously we saw, go back two years ago, RSA, Black Hat, pick your event. AI… Oh, AI’s never gone security. They’re poo-pooing agents.

Ori Eisen >> Yes.

John Furrier >> Last year, we use agents all the time. This year, oh my God, agents are bad. So we were seeing that cycle of evolution of AI now realized it’s now part of the fabric. We see the good guys trying to keep up. The bad guys are also leveling up faster. This is a huge issue. And you have a really unique breakthrough. I saw the demo. We’re going to get that in a second. But first, share with me and the audience your vision of the current state of cyber with respect to GenAI as a market opportunity for both sides.

Ori Eisen >> Yes. I love AI and I love what AI can do for us, but I also know what it can do for the bad guys. 20 years ago, if I needed to know that your passport is real, all I had to do is take a picture of it, check that the font looks okay, and we’re good. As of three years ago, I can make your passport without any skill just by asking for it and prompting for it. And the same KYC methods that big banks and every company you know are still the same. They’re from 10 years ago, not taking into effect the whole GenAI deepfake. So AI is amazing and it will change the world, but it’s also amazing in the wrong hand, unfortunately. We see the numbers of fraud growing year over year like they’ve never have. And I don’t think it’s going to change unless we will change as an industry.

John Furrier >> Yeah. AI has certainly accelerated the bad guy’s ability to spoof credentials. We’ve seen sim hacks. We’ve seen all kinds of methods. You can stop gap it, put your finger in the dyke and hope it doesn’t break. So it’s real. There’s no debate. I want to get your thoughts and views on the order of magnitude. So scope the fraud, the hacker. Because your career, you’ve been fighting cyber crime for-

Ori Eisen >> For 25 years….

John Furrier >> 25 years. I was going to say 30 years, but 25. A long time.

Ori Eisen >> Yes.

John Furrier >> But you’ve seen the infrastructure and the tools and systems in the past. A lot of them still brittle. Some of them antiquated, outdated. You mentioned an example with the passport. Scope the order of magnitude of how big the opportunity is for the bad guys and the state of the infrastructure and tools that are protecting our money.

Ori Eisen >> The first five years I was still learning my craft, so that’s why I give myself a five-year discount. I’ll start with 30 years ago. I befriended people like Kevin Mitnick and Frank Abagnale. Why? Because they’re really, really good at what they were doing, being social engineers. And I wanted to learn, how do you do what you do? And at that time, you had to be them to do what they do. To have the mannerism, the ability, the technical skill to print. Today, I can have a million agents working at my behest all night long while I’m sleeping, sending scripts to people. So it went from, you needed a person with special abilities to be there in person, to hackers who could automate some things, but not the documents, because that required finesse, to now, just tell AI what you want. So imagine you have an army of agents that you instruct them, “Go find vulnerabilities in a process.

” And I’m not going to talk about Mythos. Talk about what we have today. And you can go to sleep and wake up with a lot of money.

John Furrier >> So the entrepreneurial regime has always been, “Print money while you’re sleeping.” The bad guys have it now.

Ori Eisen >> Absolutely.

John Furrier >> They have the secret superpower.

Ori Eisen >> Absolutely.

John Furrier >> They got the keys to the kingdom. They’re just a matter of time.

Ori Eisen >> Yes. So it’s already happening. You’ll probably start seeing it in large companies reporting at the end of this year. But in some areas like scams, we already see a jump from 10 billion a year to 20 billion in 12 months. And it’s just because of automation and ease.

John Furrier >> It used to be easy if you were in the tech industry or not, you could kind of see the tell signs. “Oh, that Bank of America or Wells Fargo URL is not the fully qualified domain name.” Okay. Most people still didn’t know, but most people was, “Oh, it’s not… Bad URL.” Then you got the bad English from the people like-

Ori Eisen >> And what did we give them? Perfect English creation.

John Furrier >> And now we have image, multimodal capability. So now, to the Frank Abagnale example, the tools to produce-

Ori Eisen >> Exactly….

John Furrier >> the kinds of what were thought impenetrable systems, with physical.

Ori Eisen >> Yes.

John Furrier >> So physical goods are here. This is real and we’ve all experienced it now. I mean, I get text messages, “John, you want to play a round of golf?” Well, at least now I play golf. I get some other ones like, “Hey, I’ve been seeing you for coffee in a while.” “Okay, what’s that number?” Okay, so I don’t respond, but most people say, “Who’s this?”

Ori Eisen >> Exactly.

John Furrier >> “I got somebody.” So there are tricks. We’re all seeing it.

Ori Eisen >> Yes.

John Furrier >> What should we be doing and how are you doing this venture to protect us? Take us through the thought process, state of the market, obviously huge, checks the box on the total addressable market.

Ori Eisen >> Yes.

John Furrier >> Your new venture is targeting specific use case. Explain.

Ori Eisen >> I’ll answer your question from the attack surface like you asked before. If you’re a CEO listening to this, I’ll start with the first thing you should do. There’s 10 things you should do, but let’s start with one fire. I won’t mention name. They’re a company who’s traded in this building and they’re an airline. Imagine their CEO being interviewed on one of the shows, just like this one, so the bad guys have a perfect sense of his voice. With two minutes of his voice, they can now clone the voice, call the IT help desk off this airline and say, “Hi, I’m the CEO. I need to reset my password quick because I’m getting into a board meeting.” What do you do now? When the recording of this was played to the CEO, that person said, “I would’ve not known that this is not me. This is how good it is.

” So if you’re listening to this, think about all the attack vectors of where GenAI, social engineering can hit you. IT Hubdesk is the number one. Think about groups like Scattered Spider, ShinyHunters. They have taken down the largest brands with one phone call and now go department by department. When you interview with HR, how do you know this person is not from North Korea? When you get an email to finance, “Hey, we’re your vendor and we changed our bank account, so please pay us over there.” How do you know who just sent that? And the last thing is your customers. There’s a crime called account takeover. Let’s just say you have a million miles in your flyer account. I call in and I redeem half a million of them. How do they really know it’s you? Because of username and password? Come on.

John Furrier >> Okay. So that’s the hack. All right. Talk us through the solutions. I saw your demo yesterday, very strong demo. I gave it my best attempt to throw water on it and it was great. So explain your process.

Ori Eisen >> The strategy of the solution is this. If we were to say, “Let’s fight fire with fire or AI with AI,” we would’ve lost. Why? Because we don’t have the same power as OpenAI to go develop models. No single company can do that anymore. So that strategy is just flawed. What we are doing is the equivalent of a touring test. But for you, John, meaning what? I’m taking two steps back from where the race is going, to a place where AI cannot chase us. What does that mean? AI cannot own your phone and your records in your name. It just doesn’t have a phone to begin with. So one of our test is, if you claim to be John, I’m going to text you something to make sure that there is an account with that. The second thing is sim swap attacks, as you … We asked the telephone company, “Is this phone recently sim swapped?” The next attack these guys do is what’s called, Man in the Middle.

Someone calls you, say, “Hey, I’m from the bank,” but they’re actually calling the bank on another line and they’re just using you in the middle. We check for that. Then we go to authoritative sources. How do I know that this document is real? I can’t tell visually anymore. That was robbed, right? So we are the first company that had access to the DMVs to ask, “Is the data that we just presented to you in your official record?” Now you should ask, “So what?” AI can make a beautiful looking document of you with your face, but it doesn’t know, what is the expiration date of your real document? So if you don’t have that data, your height, your weight, your eye color, it cannot really match to the source. And I’ll stop there. The rest you can see in our demo. But we are checking things that AI cannot chase us in, going back in time.

John Furrier >> So Trusona is the name. T-R-U-S-O-N-A. Why that name?

Ori Eisen >> The fusion of true and persona. To really know who’s on the other end. Because I think we are now going to be pushed where the perimeter is the identity on the other end. No longer username and password, no longer MFA, no longer biometrics even. All these things now can be copied and now we really need to know, who is the person.

John Furrier >> So I might say, Ori, that’s too good to be true. It must be fake.

Ori Eisen >> Yes.

John Furrier >> How legit is it? You mentioned the DMV. How did you get those records? What if you’re hacked?

Ori Eisen >> Yes. Very good.

John Furrier >> These are questions that I would say, “Okay, prove it.”

Ori Eisen >> Love it. Let’s go slow. First of all, we don’t store any of your data as opposed to other vendors who want to build a data asset. It’s a mistake. Every company can get hacked. There’s two kind of companies, those that were hacked and know it and those that were hacked and simply don’t know it. We don’t store any of it. Took us 10 years to get through the DMVs because it is a very difficult task to integrate. Even my board member that you know him, Ted Schlein, after two years of this work say, “Why are you doing this? It’s never going to work because it’s so slow.” But I don’t want to call it our moat because that is a technical business term. I want to call it what needs to be done to fight this. And we are determined as a team, many of us came from fraud fighting careers. And we know what happens when the money gets stolen, so we don’t store any of the data. But I’ll say, if you look at who our investors are, who our advisors are, including people like Frank Abagnale, Kevin Mitnick was a user of the software before he passed away. You will see that there is something there and we’re putting our money behind it. If you can break it, we’ll give you 10,000.

John Furrier >> And a lot of people are interested. I know a lot of whales that have crypto, crypto wallets. There’s a lot of money to be had here. Talk about the physical side of this, because I won’t say it’s physical AI, but you’re using the physical assets as an advantage.

Ori Eisen >> Correct.

John Furrier >> It’s part of your secret sauce.

Ori Eisen >> Correct.

John Furrier >> Now you kind of grinded it out with the DMV, but people might not have a driver’s license.

Ori Eisen >> That’s right.

John Furrier >> So what other mechanisms are you using to help me determine that, “Oh, this is a North Korea call,” or what if they come through a different thing? What are some of the details? Share.

Ori Eisen >> Let’s simulate that you are on a Zoom call interviewing somebody and there is video. First of all, if I was a hacker, I would just turn off my video and say, “Sorry, John, for religious regions, I can’t show you my face.” And there goes the channel by which you are hoping to detect something is fake. So we are not relying on the hacker to do anything that is not adversarial. The checks that we do go back to the real world because that’s where AI cannot be. So it cannot have a phone registered to you. It cannot have a driver license that is real, not just an image that is you. We also use GPS. So as I showed you in the demo, I was literally here in this building telling you I’m visiting today at the New York Stock Exchange. And our software said, “Yeah, Ori Eisen lives not here, he’s in Arizona. The IP address is coming out of New York. So he’s either using a VPN,” which by the way would’ve told you, but it wasn’t, “but he’s physically here.” And you’re like, “Yes, he’s right next to me.” So when you have all those things crisscross, you cannot waltz into people’s account.

John Furrier >> So passports… What are the docs? Name some of that.

Ori Eisen >> We have 2,500 documents in the free demo that all your listeners can go try on our website. We have the top 11, so passport from every country, US driver license, UK driver license, India, Singapore, and so forth. But in our software, we are connected to every country that has mechanism to validate. I’ll give you the bad news so you don’t have to dig for it. In Zambia, for example, there is no DMV. So I don’t have an API to verify their passports. It doesn’t exist. So I’ll take you as far as I can with the technology that exists.

John Furrier >> So that’s a gap in your system?

Ori Eisen >> That is the only gap because it doesn’t exist. But as soon as new DMVs come up, we connect to them immediately.

John Furrier >> You got to check on those. You got to do the work. Talk about the momentum. When was the company founded? What’s the status of the company? Obviously, it’s a killer solution. It solves a multifactor authentication in spades. I’m sure I want to get to know what that means later.

Ori Eisen >> Yes.

John Furrier >> Share some of this…

Ori Eisen >> So the company was started 10 years ago, backed by Kleiner Perkins, Microsoft, and Georgian Partners. We do have some very famous individual investors. We spent the first two years in stealth mode, just to go create all the connectivity. And even then we only had about 20 DMVs and that was not good enough for any bank. So we just kept going and going and going. We’re now at 80% because the rest of the DMVs just are not connected yet. So as soon as they will be, we will be with them. The company had a 500% year-over-year growth last year. And again, it’s a direct result of what’s happening in the market. There might be a war out there in the world right now that causes oil and gas companies to come to us. We’ve just implemented a giant, like a Fortune 100 in less than four days. And that should tell you everything you need to know about-

John Furrier >> How many employees do you have now?

Ori Eisen >> 16.

John Furrier >> So small still?

Ori Eisen >> It will stay small. AI is a beautiful thing, as I said before.

John Furrier >> What is the growth strategy?

Ori Eisen >> Yes. The growth strategy is, we’re going through partners like CDW, Guidepoint, Carahsoft to sell through. And this is my fourth and maybe last startup, I’ll give your founders who are listening to this the best advice. I wish I knew it 20 years ago. 20 years ago, I did a company called the 41st Parameter that was eventually acquired by Experian. I wanted to own all the MSAs. And it was not because I was wise, it’s because I thought that that is the key to things you can control. Yes, it’s good, but you’re losing time, and time is money. I’d rather give my partners 20% of the deal, but get the MSA today. That’s all I’m going to say.

John Furrier >> Got it.

Ori Eisen >> The growth strategy is not… We do sell direct if you’re-

John Furrier >> So you’re on a rapid accelerated-

Ori Eisen >> Yes. Through partners….

John Furrier >> grow through partners. They have customers. They can deploy. –

Ori Eisen >> They have an MSA that they can just add us to, as opposed to start a whole new vendor relationship.

John Furrier >> And just for the founders to know, it’s like getting a federal grant.

Ori Eisen >> Exactly.

John Furrier >> It’s hard. Getting an MSA is very difficult. So good. Good go to market strategy, lean and mean. Products got scaled to, you mentioned four days. Talk about the integration. Okay. Say I’m sold. Okay. Integrator comes in, co-selling or whatever, sell through, you’re enabling them. Okay, I want to do this.

Ori Eisen >> Yes.

John Furrier >> What do I do?

Ori Eisen >> Here’s what you need to do. The demo that you’re pointing people to has our domain in the links we sent. Clearly you don’t want to use Trusona.com because your employees don’t know who Trusona is, but they know who you are. So the only thing you need to do is add what’s called the DNS record that allows us to host pages on your behalf, which is the page that people will see with your domain. That takes about 20 to 30 minutes at most, but you need to open a ticket and it could take two days for a large company-

John Furrier >> Propagate on DNS.

Ori Eisen >> Exactly.

John Furrier >> Especially DNS.

Ori Eisen >> Exactly.

John Furrier >> A DNS entry. So you’re in the infrastructure-

Ori Eisen >> That’s it. We do the rest.

John Furrier >> Nothing else is done?

Ori Eisen >> You can then take our training if you want to, which is offered as part of the service, like tips and tricks. How to listen to a fraudster if they’re putting you on mute. Why are you putting me on mute? Because they’re puppeteering the customer, right? So we do teach that-

John Furrier >> The man in the middle attack.

Ori Eisen >> Yeah, things like that. Even though the software catches it, but it gives you as the agent some idea of what’s happening. You don’t have to do it, but that’s another one hour course and you’re ready to go. Most people do it from the morning to the evening and they could be on the software.

John Furrier >> All right. So talk about the conversation with customers.

Ori Eisen >> Yes.

John Furrier >> Do you get a lot of this, it’s too good to be true?

Ori Eisen >> Yes.

John Furrier >> And what are some of the competitors saying? Are they shaking their boots? What’s the vibe there?

Ori Eisen >> Let’s start with the customers. I usually pitch to CISOs, or CIOs, or people who run very large help desk. When I was working at American Express, I was sitting in call centers with 10,000 people. So I’m very familiar with the mindset and the churn, and what does it take to do operationally this job well. I stopped… And this is again, people like Ted Schlein have taught me over my career, “Don’t tell people your software is great. Let them get to that conclusion on their own.” So what I do is what I did with you, John. I said, “I don’t want to show you any slides or say… I just want you to use the software. It takes seven minutes. If after that you still have questions, I’ll answer them. But every word I will say will sound too fantastic, you’ll just say, “That can’t be.” So let me just show you.

John Furrier >> It’s not vaporware. The phrase that’s come up here on our Cube Practitioner Series from end users is, in the gen AI areas, “Demo, not a memo.”

Ori Eisen >> Yeah. Don’t send a memo, show a demo.

John Furrier >> Show them a demo. Because you can create demos and you can also simulate.

Ori Eisen >> Yes. So this is live, this is real. About our competitors, I will say this. The good news and bad news is we don’t have competition in the sense that most people still do what we were doing 20 years ago. That space is called IDV or identity verification. And it’s essentially scanning a document and trying to ascertain, “Does this look legit?” Those days are over the minute GenAI deepfakes came into the world. I’m working to, again, wake up people to say, “That is not a game anymore. We are now in the identity impersonation game.” It’s not, “Is this document looking legit?” They all do. But, “Is this John on the other end?” And that’s what I want our competitors to also realize, you’re not competing with me if you are trying to solve this problem.

John Furrier >> Your breakthrough idea was to go, as you said earlier, go where AI can’t go.

Ori Eisen >> Can’t go. Exactly.

John Furrier >> And that was fundamental.

Ori Eisen >> Correct.

John Furrier >> And that was because you-

Ori Eisen >> Zig when they zag.

John Furrier >> Yeah. Zig when they zag. Okay. So what’s your vision on how this plays out? What are your focus on? What are you optimizing for? What’s going to happen next?

Ori Eisen >> I’m a big believer in organizations like InfraGard, that are protecting the very fabric of society. I do think that the cyber wars are not really being seen by ordinary people. For example, dams, knobs being twisted over the internet. I want all companies in the United States first, and I’m very clear about that, to wake up and protect themselves. Because when they go down or when they pay ransom money, unfortunately that money is used for very, very-

John Furrier >> Reinvested into the team.

Ori Eisen >> Unfortunately. So that’s my first goal. And I’ll do whatever it takes. I sometimes give our software for free if I see that somebody’s within a budget cycle. You know how… Anyway, this is Wall Street. You know how the quarter runs the show. After that, I do think that-

John Furrier >> You’re thinking about the enterprises who are essentially under attack.

Ori Eisen >> Yes. As we speak.

John Furrier >> If this was physical world and a helicopter dropped on top of the Bank of America building, they slid down their rope and took over the money, the US government would probably roll some tanks in.

Ori Eisen >> You got it.

John Furrier >> But if you come in digitally-

Ori Eisen >> But you don’t see it, it’s coming-

John Furrier >> If you come in digitally, they have to create their own mercenary army.

Ori Eisen >> You’re exactly right.

John Furrier >> And this is on their tax. They’re paying for it.

Ori Eisen >> That is exactly-

John Furrier >> And they’re paying taxes.

Ori Eisen >> And we are paying for it as a society. I’m not an altruistic guy, I’m a capitalistic guy, but I do see the effect on society when… I think it was Jaguar that was taken down for three weeks, their whole manufacturing line. Now you can still tell me it’s a cyber attack. This is the real factory that is being shut down. That is real.

John Furrier >> Yeah. The definition of critical infrastructure used to be regulated to dams, power grids. Now they include hospitals because of ransomware.

Ori Eisen >> Exactly.

John Furrier >> We all live-

Ori Eisen >> Financial markets….

John Furrier >> critical infrastructure. Basic human rights is, “I have money. I earned it. I want to protect it,” but yet they’re feeling the pain every day.

Ori Eisen >> Correct.

John Furrier >> You’re one text away from getting siphoned out of all of your cash.

Ori Eisen >> Unfortunately.

John Furrier >> This is the current state.

Ori Eisen >> That is correct.

John Furrier >> You agree with that?

Ori Eisen >> I do agree with that. I see it every single day. Now, people feel ashamed when they get duped, but I would just say, “Stop. That is not the right thing to do.” Anybody now could get duped because the fakes are just so good. You need to build your defenses in a way that can cut through GenAI deepfakes as opposed to just feel, “How come I didn’t catch it?” That is not a game we can play anymore.

John Furrier >> Okay. So every successful company that I’ve interviewed over the years, they all have kind of one pattern. They either have a platform, a moat, technical moat. You have a nice physical AI moat through your process, which creates a high barrier to entry, a lot of DMV to go get and other sources.

Ori Eisen >> Yes.

John Furrier >> And the ones that are successful have an ecosystem. You get a channel, that’s your go to-market.

Ori Eisen >> Yes, that’s my go-to-market.

John Furrier >> Are there other partner opportunities that you’re envisioning that you would see emerge from your evolution and your trajectory?

Ori Eisen >> Yeah. It has not come to fruition yet, but I think what’s called the MSSP market, the people who manage security for the middle size companies, are where I’m going to see that growth. So if you have a hundred customers-

John Furrier >> They have low IT budgets. They’re vulnerable.

Ori Eisen >> They are. So they can buy my software and tell their customers, “You know what? From now on, when you call to reset a password, we’re going to do this extra check so I really know it’s you.” Because companies, it’s not their core competency. They’re not going to sit there and think, “How am I going to be protected?”

John Furrier >> By the way, I would say that as validation to that mission, all the successful Gen AI Edge cases, Edge meaning the network Edge, or the new hyper-converged-like solutions that are either different or breakthrough, are all making it in the mid-market. Because one, the sales cycle’s harder for the enterprises or the big hyperscalers, but they’re most vulnerable and they have a need-

Ori Eisen >> Correct….

John Furrier >> and are willing to switch because they know the downside is a fatal attack and they know that. And as long as the price point is in range, that’s great beachhead. Do you agree?

Ori Eisen >> I do, but I don’t want to become the MSSP for them that is a semi-local business. I’d rather give-

John Furrier >> Enable someone.

Ori Eisen >> Yeah. Enable somebody, “Go make money, we’ll do it together.” I’d rather sell to the global 2000 because that’s what I know from all my past businesses and go enable. Even when I go through a partner like Akamai, I’m enabling them to sell my software on their MSA. I don’t mind that they make money, but they have the relationship and relationship is everything.

John Furrier >> How do you make money?

Ori Eisen >> How do I make money? It is licensed per transaction. And of course, the more you buy, the less it is.

John Furrier >> The more you buy, the more you save.

Ori Eisen >> That’s right. Absolutely.

John Furrier >> That’s Jensen’s law.

Ori Eisen >> Hey, it is our law too. I want to be in his business. But let’s put it this way, nobody is not buying because it’s expensive, but the checks with the DMVs, unfortunately, that’s part of the moat, are expensive. The checks with the telephone companies to see if your sim swap, are expensive. So that’s our COGS. But the rest is just software hosting and having a great team that cares about customers.

John Furrier >> I really appreciate what you do and your mission. It’s a really great mission because we want to be protected. We don’t have an army. The government should take care of it. I’m a hawk when it comes to cyber warfare. I’ve been calling it for over 15 years, screaming. Now people get it. But hasn’t been… A few of us have been. I appreciate you having… And congratulations on a very-

Ori Eisen >> Thank you….

John Furrier >> big breakthrough and success. Maybe finally get some confidence around my crypto wallet. I probably forgot my keys and have to go figure out where they are, but thanks for coming on. Appreciate it.

Ori Eisen >> Thank you, John, for having me.

John Furrier >> All right. Cyber leaders coming into theCUBE here at our NYSE studios. Again, the cyber landscape isn’t a sector anymore. Deep tech is replacing all these categories. Deep tech is all AI infused into everything that we do. One of them is, we’ll be native, and that is security. That’s going to build on top of the hybrid cloud distributed computing world we live in. And all the applications coming will include the bad guys in there too somewhere. So we’re going to need more solutions. And of course, the entrepreneurs are out there doing it, doing our part to bring this content to you. I’m John Furrier, the host of theCUBE. Thanks for watching.