Kevin

But it's really that broader thesis of this is the existential threat with AI, right? It can manipulate digital reality.

Craig

Now I don't believe anything that I see. Ultimately what's eroding here, it's not the individual attack, it's trust in general.

Kevin

This deep fakes is actually just one part of the problem, Right? It's just one vector. And how you make execute a social engineering campaign, a fraud campaign, efficient campaign. And so in order to have the capacity to combat them, you also need to be using AI, right? AI to fight AI, but again it's just not scalable. So how do you actually deploy AI effectively to build up your own capacity? That's a business critical mission, critical problem to solve. Hi everyone. Kevin, Co founder and CEO of Doppel. We are the AI native social engineering defense platform backed by Drusen Horowitz Investment Venture Partners. Before all this, my background was actually in software engineering. At Uber and Lyft I worked on everything from dispatch systems to flying cars. Not quite the traditional cyber founder background, but I met my co founder Rahul there and we started this company in 2022 as an AI company in response to him getting a sneak preview of ChatGPT. And since then it's been an absolute ride. Our mission has been to tackle what we've seen as the existential threat with AI. And that's all things social engineering. Deep fakes, impersonation, phishing, fraud, you name it. And today we're now blessed to be working with hundreds of enterprise customers scaling quickly to support some of the largest organization in the world. We've got dozens of Fortune 500 logos and we operate in multiple key areas around social engineering. So we're the first social engineering defense platform that enables you to detect impersonation attacks, whether they're impersonating your brand or your executive. Take them down. And so that's traditionally been called the brand protection, executive protection products and, and now even enable you to simulate and train against them. So we've launched red teaming and security awareness training products as part of our human risk management portfolio.

Craig

Okay. And yeah, I mean this is certainly a problem. I'll tell you. I enjoy YouTube, I watch a lot of YouTube, but it's just filling up with AI generated content. It's very frustrating and actually I'm surprised YouTube isn't, isn't doing anything about it. So when you this term social engineering defense, was that coined by you or is that a Gartner category?

Kevin

That's a great question. So we coined the term originally actually because you know, I think traditionally in the space has thought a lot about phishing and you know, for example, you know, point solutions like email security, things like that. Right. But in the age of AI, we're talking about something that goes much broader. And so that's why we came up with the term social engineering. The fact that, hey, you're not just going to be worried about email phishing attacks, but folks are flooding YouTube, right, with AI contact content folks are setting up Personas on LinkedIn, shooting SMS messages, doing deepfake phone calls and, and that's really the world that we live in today.

Craig

Yeah. And are, are your customers enterprises or individuals that are being, whose likenesses or, or IP is being used or are they, are you working with the platforms like YouTube to identify deepfakes on their platform?

Kevin

It's a great question. So today we service enterprises and within those enterprises we may protect individuals. So for example, Craig, if, you know, if, if we were to protect your organization, right. Then you know, obviously you as an individual has incredible ip, incredible name, image, likeness rights, things like that. And, and so very much that's part of our executive and VIP protection. But yeah, as of today, we protect, you know, everyone from C level executives to athletes to actors and actresses on our exec protection and VIP protection products. But we also, of course are protecting the brands themselves and the company. So, you know, think about your favorite Fortune 500 brands, right. How do we make sure that they aren't getting impersonated to, you know, either target customers or target internal employees as well?

Craig

Yeah. And are you looking at deep fakes in particular or are you looking at, I mean, I saw when there's a channel that popped up recently, I don't know how long it'll last, but they have, they've been doing Epstein stuff and they had a really shocking report that's showing emails purportedly from the Epstein files that talks about £20 million that had been sent by Epstein to former Prince Andrew's daughters. And you know, when I first saw it, I was like, holy mackerel. You know, that is a story. But I have to, I can't believe that hasn't been covered. And indeed it was completely fabricated. So it's not fabricating the likenesses, it's fabricating elements of the story. That's one. And then I've also seen, you know, personalities like Obama or others now who are promoting products and you know that it's gotta be a deep fake. They're very well done. So which of those. I mean, obviously the latter. You would take care of do you, do you do any of the misinformation stuff?

Kevin

Yeah, misinformation, disinformation. Certainly part of the problem, how we think about it is deepfakes is actually just one part of the problem, right? It's just one vector. And how you make execute a social engineering campaign, a fraud campaign, efficient campaign. So you've got your, you know, you've got traditional impersonation techniques, you've got deep fakes, you've got disinformation and it can happen across all these different channels, right? And so for us, at the end of the day when you think about it, it's, you know, it's really two objectives. Usually from these bad guys, it' go acquire money or go acquire data, right? And they're going to use every single possible channel and every single possible technique to execute that, whether it's, you know, with deep fakes or whether it's through disinformation or whether it's through, you know, traditional impersonation attacks.

Craig

Yeah. And, and then how do you, how you address it? I mean. Yeah, what, what do you do? How.

Kevin

That's a great question. Yeah, so we, we actually think a lot about what we call the social engineering attack chain. Right. Like if I'm going to go try to defraud you, Craig, right. Or if I'm going to go try to steal your data, there's a whole sequence of steps that I need to do in order to successfully attack you. Right. I need to prepare my attack, I need to then go get you fully ingrained in the attack and then, and then go actually execute the seizure of either monetary assets or data assets. Right? And so Doppel, we, we're actually building out a platform to stop every single piece of that attack kill chain. And today we're actually already a multi product platform as result. So today, right now what we do is three key capabilities. One, we're scanning for impersonators of these attacks, right? So we will actually, you know, there's the traditional, hey, maybe someone spun up a fake. You know, let's take a look at the platform we're using right now. Right? Someone spun up a fake Streamyard website, right? And it's actually. So you send that fake Streamyard website actually makes me download some malware instead of the actual Streamyard website, right? So that's one piece of what we do is we're constantly scanning all the new domain registrations, we're scanning everything on social media. We're consuming a whole bunch of threat intel feeds around, you know, fake SMS messages And phone calls. And, and we're scanning Even for example, YouTube ad platforms, search results, right? And that's how we find a lot of the malicious activity that's happening. From there we use our threat graph, connect all the dots and showcase that entire campaign in real time. And then the beauty of this is we're not just showcasing that all, but we will then go take it down. So we are then issuing a takedown request to YouTube. We're issuing a takedown request to the fake Streamyard websites host and registrar. Right. Or the telephone numbers. And, and so that's key capability number two is that we're not just responsible for showing you all this stuff and proactively telling you about it, but we are proactively shutting down the attack before it can happen. So it may even be a fake ad, for example, right? Like hey, if I go Google Streamyard, and the number one result is a malicious Streamyard malware site, but because they're paying for Google Ads, it's the top result. We shut that down. So that's, those are the first two capabilities, the most recent capabilities. We can now simulate those attacks. So if you've, you know, if you've seen the traditional security awareness training model, right, where you get a phishing email and you click on it and it says you failed the training test, right, we can do that. But again, the whole story is that things are multi channel now. So we're not just doing phishing emails, but we will actually do deepfake phone calls. So we'll, you know, for example, we'll send you a message, Craig, or we'll, we'll call you and it'll be a deep fake of me and that, that deep fake voice will then, you know, try to fish you and compromise you. So I can even showcase some of that today, if that's of interest.

Craig

Yeah, sure, but, but before we get to that, couple of broader questions. How this obviously is becoming a problem. Everyone saw that it was going to be a problem and it's now becoming a problem. Which of those threat vectors, I mean, whether it's deep fake phone calls or deep fake videos, impersonating someone to sell something or where do you see the most activity is a good question.

Kevin

So I'd say, for example, in the large enterprise space today, and really, you know, even our smaller clients, really almost every one of our clients, the biggest, I'd say there's two, two key recent trends. One is definitely the phone call attacks, right? Like if you actually take a look at how a lot of the top Companies have been compromised recently. You know, there's been some very public disclosure, disclosures about breaches of, you know, tech companies recently. And basically these bad guys called shiny hunters, scattered spider laps group, right? They're doing phone calls, they're doing phone calls to customer support lines, IT service lines, HR lines, and, and those phone calls are then how they get into compromising a casino, a tech company, a bank, an insurance company, an airline. So that's just been proven to be like one of the best ways to go attack an organization if you're a bad guy. Second, I wanted to call out. I mean, there's been a lot of attacks around social media. Like Craig, you, you mentioned YouTube. I, I think a lot about LinkedIn as well. Like that's actually one. Another great way to do social engineering tax is I'll spin up a LinkedIn account, pretend part of the Streamyard organization. LinkedIn, you know, doesn't ne. Doesn't require that you verify that corporate email address. Right. And so that's another great way to go, you know, socially engineer someone. And then lastly, I talk about search engines, like ultimately people are using Google, ChatGPT, Gemini, Claude, etc. Right. To go browse through the Internet. And so naturally you trust a lot of what gets returned there. But we call it SEO poisoning, we call it AI engine poisoning as well. But people can easily insert malicious results into those queries. And that's another way in how a lot of these companies are getting attacked.

Craig

Yeah, and how are they doing that? Because one thing I can see is, and I'm sure there's a lot of money being spent on this, if you ask one of the big foundation models, you know, Chen, ChatGPT or Cloud or Gemini or somebody who are the top AI podcasters, for example, if I get enough data into the. Enough, you know, you're basically, you want to fill the training data up with your eye on AI and because it's looking at probabilities and it'll surface ionai if it's one of the most prominent AI podcasts in the training data. So are people doing that, just pumping stuff onto the Internet to get captured by training data to skew foundation model results?

Kevin

Absolutely. I mean, when you think about it, sales and marketing is just really another form of social engineering, Right. And if you think about how you want to increase your digital marketing reach and things like that, right, you're going to, you're going to post a lot of content, right, from Ion AI, you're going to, you know, you're going to make sure. That it's on trusted third party sites, things like that, to help really boost your search engine results and your credibility on the Internet. And so, you know, just as you can, you know, execute those sorts of campaigns to increase your digital presence, so can the bad guys, right? They will like for example, a couple of techniques we've seen is they will actually make sure a lot of their content gets posted on trusted third party sites. So think about like review forums or, or you know, like, you know, third party social networks, things like that. You know, maybe they won't trust the fake Streamyard site, but maybe they'll trust a legitimate, you know, software vendor review site. Maybe they'll trust a legitimate, you know, subreddit around video streaming platforms. And so that content will get upranked and then that's how they can distribute the bad stuff. And then of course, just as you can on the sales marketing side, it's not just the organic content marketing you could do, but you can go pay for ads, right? So if I make so much money off breaching the biggest companies in the world, maybe I'll just pay 20 bucks for that ad. Click. Right? And then that's how I make sure my stuff gets promoted at the top. And I know the AI GPT engines aren't, some of them are starting to experiment with ads or maybe turn off their experiments with ads, but the reality is they're also looking at other people's ads as a way of validation for, hey, this is legitimate content.

Craig

Yeah. So you've built this. What was the, the, the origin story again? You were at Uber. And why did this catch your, your attention?

Kevin

That's a great question. So I was at Uber, right. I met my co founder rahul and in 2022 he was actually roommates with one of the heads of research at OpenAI and so he got a sneak preview of this little thing called chatgpt before the rest of the world. And, and it became very evidently clear, right, that hey, if AI were to go destroy the world, right? It's the fact that it's, it can manipulate any digital surface. And so that's where our mission around protecting the world from social engineering attacks every day comes from. But it's really that broader thesis of this is the existential threat with AI, right? It can manipulate digital reality, it can manipulate as a result anyone consuming digital reality. And that's how AI will destroy the world if not, not stopped.

Craig

Yeah, and I agree with you. I mean, as I was saying, you know, there's been a lot of talk about this for a long time, 10 years ago, people were talking about, or even 15 years ago, people were starting to realize that social media itself, this is before generative AI, but social media itself is, is going to be a threat by spreading misinformation. And now you have the generative AI capabilities and the agentic capabilities to distribute and you know, again, this is something that everyone's talking about but you're just now starting to see, as I said with, with AI generated content on YouTube. I mean an example, it's trivial, but it's informative is I, you know, on, on YouTube they run shorts now and the shorts that get offered up to me a lot are, you know, like you've probably seen the one where a wolf, it's a doorbell camera video, a wolf comes to the door and the pet cat is on the back or there's you know, lions who are taking down elephants and things like that. And you have to click open the description to see the disclaimer, right. If there is one, that this has been produced with AI. But that erodes to the point now where I don't believe anything, right. That I see regarding animals interacting or you know, and that's so what. Right. That's silly content. But when that gets to the level, as I said with this report on Epstein related report, when that gets to the level of real serious news and, and people can no longer, I mean we've already got a problem with a president who lies constantly. When that gets to the point where you just cannot figure out what's true and what's not true. That's, you know, destroy the world is a, is a big statement, but it's certainly going to erode public discourse and the ability for democracies to function, right?

Kevin

Yeah, I mean, erode public discourse, you know, and then when it's targeted, right. You can even just start manipulating individuals. Right? So that's, that's why I do speak to like the gravity of potentially world destroying capabilities. Right? Like hey, if you can manipulate someone to get you nuclear codes or get you access to, you know, whatever sensitive system, right. That, that's, that's you know, world changing stuff. So. But yeah, I mean I've seen it as well. I think everyone has, right. Like you know, literally just this past weekend, fake news about layoffs, fake news about, you know, I like even something a little more innocent, right. Like sports news with NFL free agencies starting, you know, you could see it very quickly happening and you know, see it coming from a whole bunch of different perspectives.

Craig

So you Built your, your product and, and is it a platform? You say you scan all these different channels, how what percentage of channels? I mean there's a huge number of, of places where this stuff can appear. Do you have any metrics coverage?

Kevin

Yeah, yeah. I mean I think no, we're at the point now where we're covering upper 90s percent of business communication channels. Right. Or, or, and when I talk about business I'm not just talking about internal intra business communications by X, but external as well to customers or third parties, et cetera. You know the reality is actually there's much, you know, that number is you know, impressive sounding but there's actually much more that we want to build to get even, to get even tighter into those channels and be integrated to stop these attack attacks in real time as well. But we're covering everything from for example there's the traditional domains and email attacks to you know, we see stuff on WhatsApp and Telegram. We see of course the YouTube attacks, the paid ad attacks, the LinkedIn attacks. And that's really a lot of the power that our platform has is oftentimes folks would have to buy multiple solutions here. Right? Hey, we've got a social media monitoring solution, we've got a dark web monitoring solution, we've got a domain monitoring solution and Dapple enables you to do that all in one shut it down and then also now you even simulate them as well. So it's not just phishing email simulations, but it's really multi channel AI native simulations.

Craig

Yeah. And is is under the hood is this, are you using a bunch of different models, maybe tuned to different things for scanning and how much do you have an agentic player?

Kevin

Yes. So yeah, yep. So there's a couple things that we do on the AI agent side. One is definitely around the scanning, the threat analysis, threat hunting and the takedown. So that's one piece of the platform and, and that's agents. You know there's a public case study around this that we've done with one of our model providers, OpenAI, where we've shown how you know, we, we built one of the very first security agents with them to go auto analyze these attacks and take them down. The second agent capability that we rolled out with our most recent products is we call it Vibe phishing. So if you're familiar with the term vibe COD, our product basically has this ChatGPT like interface where you can go prompted to go attack anyone. Right. So you could tell our dabble agent, hey let's go attack Craig. Right. And it will then spin up, you know, the phishing email, it'll spin up the SMS message, it can even spin up a telegram message and then of course do a deepfake phone call. So that's, you know, the capability where right now on average people are talking to our AI agents for six minutes when they get a phone call from it. And so that's how good the AI agent is to today is like, you know, a lot of times people think that deep fakes people could figure it out, but the reality is if you're calling people on customer support lines, you're calling people on help desk lines. Like those people are trained to pick up the phone, satisfy the requests. Right. And those are the people that are getting targeted by the bad guys. Yeah.

Craig

And is this all in one platform that user logs onto and has all

Kevin

of these same login and then it's, it's you, you see the different products on the left and then within each product you've got different modules. So for example, with VIP protection, right, say we're protecting you, Craig, you've got your exec protection product on the left. And then when you click into it, you see our ability to impact PII data broker removals for Craig, our ability to shut down Craig impersonators on YouTube, maybe there's some mumblings on the dark web around Craig and how folks are trying to target Ion, et cetera. And so all of that can happen via one platform instead of again, you having to go buy a dark web solution, a PI data broker removal solution, a social media monitoring sol and security awareness training solution.

Craig

Yeah. And on the red teaming, how do you prevent Doppel from being used by attackers if it can spin up a deep fake voice attack? Why wouldn't bad guys subscribe to Doppler and Doppel and use it?

Kevin

Yeah, it's a great question and something certainly that keeps me up at night. So thankfully we've got a tremendous head of security. I want to give a shout out to Kendra Cooley and her job is to protect our platform integrity. Right. And ensure that, you know, we don't leak anything we're not supposed to leak to ensure that, you know, people who are using the platform are using the platform in the correct ways. And, and so that's something that, you know, is a key program that we invest a lot in. But it is scary, right? Like if, if someone, you know, let's say they weren't even a used doppel. Like the reality is like people can use AI agents in general, right? Try to go Especially if I'm a bad guy. Hey, I just need an AI agent to focus on my specific use case. They could easily do a lot, a lot of malicious stuff with these AI agents, right. Spend up a thousand AI agents to phone call a customer support center and DDoS it essentially. Right. And it's very scary stuff. And again, that's why the mission is so important. It's the realization that, yeah, AI could really destroy a lot of things right now if you are really motivated by. Guys. Guys.

Craig

Yeah. So we're entering a world where digital identity can no longer be assumed authentic, right. From the, from, you know, do then protects someone, protects their real identity from deep fakes. But is there something that individuals can do to ensure the authenticity of what they're looking at?

Kevin

Right. I mean there's, there's a lot of like tactical things that I think individuals can do that don't require, you know, technology, things like that. Like for example, Craig, how, how would you verify that I'm a deep fake, right. Or not right now on this podcast? Or how would I help verify that you're real or not? Right. Um, and so a couple of the like, tactics that I've learned from, you know, just chatting with security customers, like you could ask, like I could ask you, Craig, to put up your phone and then with your phone, you know, show the selfie view, right? So like if you're deep faking through this software, you're not necessarily going to deep fake on, on, you know, the camera view. You know, I could ask you, you know, about some random topics, right. And see if you've got pre can AI answers. Like, you know, we could chat about the cowboys in Texas and you know, see if you pick up on the Dallas Cowboys or if you just start talking generically about cowboys in Texas, right. And or even ask you about fictional places that AI models may have been trading upon. You know, see if your kids are enjoying Hogwarts or not after college. And, and so that's, you know, those are just some of the, you know, individual tactics that I've heard from security practitioners. I think the other reality is like, it's important because the attacks are multi channel, right? They may be hitting you, the fake email, they may be hitting you, the fake phone call. The key is then the defense has to be multi channel as well. And obviously that's reflected in our product architecture. But even again, technology aside, what that means is, hey, let me call Craig's known number to verify that this is Craig, right? And let me, you know, maybe also message craig on LinkedIn. Right. And so it's one thing for me to go impersonate across LinkedIn or a phone channel or video channel, but it's really, it's harder to do it across all the different channels. And of course, if you can pull that off, that's what makes the attack so scary and that's what we combat. But it is important to have out of band verification channels so that, you know, if, if credit got compromised in one area, you, you could, you know, suss it out from another channel.

Craig

Yeah. I mean, ultimately what's eroding here, it's not the individual attack, it's trust in general. Right. And trust in digital media. Right. How. Yeah, talk about that. I mean, you know, most organizations are relying on security awareness training, but from the consumer's point of view, where do you think, how damaged do you think societal trust will become?

Kevin

Right. Well, we can already start quantifying it. Right. In the sense that we're seeing consumers lose tens of billions, billions if not hundreds of billions of dollars today to things around fraud and phishing and social engineering. So that's one way to look at the problem and put a number to it. Second is. Yeah, I mean, I think like again, just even numbers aside, just anecdotally. Right. Hearing the stories like yours, Craig, around, you know, the, your YouTube experience. Right. Or mine about just some of the disinformation campaigns that are happening about layoffs, for example, in the tech industry. It's a very real threat. And you, the reality is that it's also just getting started as well. Like over the past three or six months, we've seen it ourselves how much better the AI models have gotten at deepfake phone calls. Right. Like, I think everyone's probably seen deep fakes for a couple years now, but in the past six months, it's not just scripted deepfakes, it's interactive deepfakes now that are very good. So I don't have to, you know, hop on a call and get a deep fake mask put on, but I'm still the one who's the brains behind it speaking and thinking. I can now, like, we actually have team simulation capabilities where, you know, a team's call can get generated and it's not a person behind at all, but it's an AI agent who's thinking, responding has natural pauses and ums and you know, acts like a human. And that's, that's what is really scary is that AI keeps getting better at that.

Craig

Yeah. What is human risk management?

Kevin

So it's Our human risk management is a, is a category recognized by security analysts, but we think about it as a very broad platform capability from the DOBL side. So it's, you know, traditionally the, there's been security awareness training and that's a huge part of human risk management. Right. Like, hey, if I'm going to reduce human risk, I really need to train my workforce against it. But we go beyond that in the sense like there's other capabilities such as like real time interventions to prevent folks from, you know, maybe sharing that, sharing that Google Doc or that Office365 document. Right. With the, with the whole world. And then also we think a lot about the red teaming side as well, where it's like if you're going to manage human risk and really reduce it, your job isn't just to train, your job isn't just to do these real time preventions, but your job is to really pen test your whole human program. Right. And understand where the gaps are. Like maybe, maybe we've got some significant gaps with our workforce in offshore locations. Right. Maybe we've got some significant insider risk where, you know, there are folks that, that can be bribed. Right. Like if I want to get access to your, your YouTube account, Craig, my best bet is probably to go bribe someone on the YouTube customer support side. And so that's what we mean by human risk management is how do you holistically evaluate all the different risks that, that are opposed to the humans on your side, the organization, train against that risk, test against that risk with red teaming and then put in proactive interventions.

Craig

Yeah, and you're, that's, that's in your company. That must be a never ending process.

Kevin

Yeah, and it's a never ending process. And you'll actually see us launch some more products this year as well to add more real time intervention capabilities. And, and that's really the power, power of the social engineering defense platform. Right. It's like we're the first platform that enables you to, there are products out there that enable you to do the individual pieces, but there's no product out there that enables you to do, hey, we could find these attacks, we could take them down, we could do real time interventions. Now you're going to see more and more of those products this year and then we can really train and test against these attacks as well.

Craig

Yeah, and how do you initiate an attack? I mean, what does an AI native defense actually look like in practice?

Kevin

Yeah, the AI native defense in practice is, I mean, we chatted about our two agent capabilities, right. The agent that enables you to analyze all these attacks and shut them down in real time, that's critical because if you're just throwing bodies at the problem. Right. You're not going to keep up with the AI threat. Second is the AI agent that enables you to simulate and test against these attacks as well. So, you know, essentially the defensive agent and the offensive agent. Right. And that all offensive agent, it has the ability, you know, if you've seen like the whole craze around open claw and how AI agents now can interact with the rest of the world through any digital means, like that's what the offensive agent can do. It can do texts, it could do phone calls, it can go, you know, do phishing emails, create fake websites. And, and that's a real, real scary capability of AI.

Craig

Yeah. But for you guys, when you are simulating an attack, Attack. Okay, how do you make it as, as close to a real world attack as as possible?

Kevin

That's a great question. And, and that's, that's a big reason why this platform has developed. It's like our first product started off on the threat intelligence side. Right. And the executive VIP protection side and the brand protection side and the digital risk protection side. So we're seeing these attacks happen in real time for all of our customers. We're shutting them down in real time for all our customers. But because we know how the bad guys are, are pretending to be you, Craig, that means we can then make our simulation very, very, you know, real world scenario as a result. Because we actually are the ones also protecting against these attacks.

Craig

Yeah, and where is this going? I mean, as I say, it's, it's. People have been seeing it coming for a long time. It's now hitting, it hasn't yet hit in a way that is causing mass confusion. But we've got elections coming up.

Kevin

Yeah.

Craig

And there's a lot of concern about that. Where do you think this is going in next three to five years?

Kevin

Yeah, so we actually got to work with the elections on both sides of the aisle, of course, in 2024. So we work with this nonprofit nonpartisan organization called Defending Digital Campaigns. And you know, just from that one time experience, we already kind of got a sneak preview a lot of different things that were going on. Everything from, you know, what we suspect was AI generated campaigns and ways like pull people into certain content and certain social media groups and then it suddenly pivots right in the messaging. We've seen, you know, fake organizations get spun up and those get linked to certain individuals. So you Know, you talk about next three to five years and at least within the US a major, major election cycle in 2028. Yeah, I mean it's, it's, it's definitely something that we're apprehensive about and thinking a lot about in terms of how to, how to help protect. I think the biggest thing is from, at least from what we could control on the Doppel side is, and that this is what informs our product roadmap is hey, we got to have integrations with as many channels as possible, have give you as much visibility as possible, real time defense as possible, inline solutions and then also proactive threat hunting solutions. So it's really about hey, how do we enable you to get the full view of the problem and then also the full capability to see stop it.

Craig

And do you think enterprises are waking up to this threat or what would you Advise enterprise leaders, CEOs and CTOs to think about in the next five years?

Kevin

I would say yes. And it's certainly a big part of our growth here at Doppel and why we are one of the fastest growing cybersecurity companies in the world now is that at the board level, at the C level, we're talking about AI transformation, we're talking about deep fakes, talking about these bad guys like Shiny Hunters and Scattered Spider and social engineering. We're chatting a lot about executive and VIP protection, especially after a lot of public incidents over the past 12 to 18 months. So that's certainly happening. And my message to large enterprise C levels and really any business out there. Right. Is that this is the problem to solve for on the AI side and the security side side. Again, when we started this company, we didn't even necessarily start this as a security company. We started this as an AI company. And it's with the vision that hey, this is really the problem solved with AI. And when it gets to the point now where you can deep fake anything, anyone and do it in, at scale and in real time, things get really scary. So you know, our, our and our commitment of course to these folks is that we're going to continue to build more and more to give them, them more and more capabilities to stop that. Yeah.

Craig

And, and do you have a use case? You don't have to name the person or the company that that was being targeted and you know you were able to, but are you able in these cases to, to completely solve the, the deep fake misinformation problem or do you get like 97% but there's still gonna be stuff that you can't stop. Stop.

Kevin

Right. I mean, I, I think in the game of risk. Right. Well, I, I, I shouldn't necessarily call the game, but in, in the framework of risk. Right. And that's really what a lot of us think about. On the security side, there are attacks that we totally shut down and totally mitigate. Right. At the same time, will we ever say that risk is 100% prevented? All the time, every time. Right. I don't think anybody can claim that. Any, any vendor, any company. The reality is it's an adversarial, it's an adversarial industry where as you build more defense capabilities, the bad guy is building more offensive capabilities. And so it's a rat race. So I'll give you a specific case study around an attack we really shut down. We saw a case where people had spun up a fake LinkedIn account pretending to be part of an organization, and we actually saw a phishing email come through from that person. But we took that email address, we found the LinkedIn account it was tied to, we found all the adjacent LinkedIn accounts that are connected to that LinkedIn account, their email addresses, their telephone numbers. Right. And so we saw this whole attack happening in real time with that threat graph, and then we shut it all down. Right. Like you actually would see the LinkedIn accounts disappear just within hours, the telephone numbers and emails also getting shut down quickly. And so that's an example of a case where, hey, we were able to shut down intact that was targeting their offshore operations and do it before any real damage was done. Yeah.

Craig

And are the platforms like LinkedIn, YouTube, are they cooperative when you want to take something down?

Kevin

That's a great question. So a lot of our work on the doppel side is to build relationships. These platforms, Right. Become trusted reporters, get access to APIs, hotlines. And so the quick answer there is yes, in the sense that, like, because we've been able to develop that reputation and earn that trust as a trust reporter, that's how we're able to effectively coordinate and partner with a lot of these organizations. I do think that without those relationships. Right. Is harder, it's slower, it's less successful. And, and, and again, that's the reality of a lot of the work that we do day to day is to build those relationships and earn the trust reporter status.

Craig

Yeah. Is scale a problem? I mean, if, if these attacks are being, being done at scale?

Kevin

Yeah.

Craig

I mean, not just a few discrete deep fakes on YouTube or Twitter, but if they're, if they're flooding the Zone, you know, do you have the capacity to head that off?

Kevin

Right. It's a huge problem. And we talk about like there's, you know, there's just increased volume when it comes to AI, right? A lot of folks debate, hey, does AI really bring new attacks or is it just more of the same stuff? And I think at a certain point it becomes semantics. Like, there's no question, it just increases volume. There's no question increase the velocity of these attacks and how quickly they could be spun up. There's no question that, you know, the kind of, the variety and the fidelity of these attacks are also really, really high. You know, that's why we give it a FEES framework. And so in order to have the capacity to combat them, you also need to be using AI, right? AI to fight AI. And, and that's why the AI agents we've built so critical, like you could, for example, test your team by manually calling into, you know, every, every employee and every customer support line and every help desk line, but it's just not scalable. And you could manually have security analysts look at every single impersonation alert and try to take it down, down, but again, it's just not scalable. So how do you actually deploy AI effectively to build up your own capacity? That's a business critical mission, critical problem to solve.

Craig

And do you think that you'll grow or your industry segment will grow to the point that it'll keep ahead of the misinformation and deepfake and prevent it from eroding societal trust, or do you think that we'll never get ahead of it? It'll kind of like cyber security has been all along whack a mole, you know, cat and mouse game.

Kevin

Well, our job is to make it not whack a mole, but to be. How do we be strategic and proactive? You know, that is our mission, right? Is to solve this problem. I think the mission is never ending in a sense, like, yeah, it's not again, because it is an adversarial cat and mouse game. You know, even if we get to level X, right, then the bad guys just will focus in on getting to level Y. But so I'll say this is absolutely our mission to solve this problem. I strongly believe that we're already doing things and we are already building things that give our clients a significant leg up and then it's our continuous investment in that platform that enables us to stay ahead.

Craig

Yeah, why don't the various platforms, I mean, why don't you sell to them directly or why don't they develop this kind of technology so that the stuff never appears? Or if it appears, it's only up for a couple of minutes.

Kevin

So I do think the platforms do invest a lot in this space already, you know, to varying degrees of success, of course. Like the reality is like, there's certainly a lot getting through, but I do believe that a lot of these platforms are investing in, you know, trust, safety, teams, integrity, solutions, things like that. We have an advantage where you, our business model is different, right? We don't, we don't make money off ads, you don't make money off views, things like that. And then also because of our business model, we get to learn what ground truth is from every company in the world. Right. And that's. So that's always a challenge, right? Is, you know, if you're one of these big social media platforms, you operate with billions of users. How do you know what's real, what's not? Well, our business model is based off working with each individual organization, which means then we know the ground truth for every individual organization and that scales up. The more, more customers we sign up, the more ground truth data we have, the more revenue we have. So I think that's an advantage we have. And then to answer kind of the last question, there is like, well, why don't we sell directly to the platforms? It's for those reasons aforementioned. Right. One is like, there is actually a real technology and business model advantage when you're selling directly to the individual organizations. It scales up the ground truth better. Second, we have tried exploring selling to the platforms and what ends up happening is that they all have very unique and customized requirements. Just because like, yeah, if you're working with YouTube, right, that looks different than LinkedIn, that looks different than Facebook in terms of the data models and even the people organization structures. Right. Things like that. And so we found it's not a very repeatable product for ourselves. So we think this is the most efficient way for us to partner with them is to be that trusted replacement reporter, work directly with the organizations getting infected. So we collect that ground truth and, and basically augment what they're already investing in.

Craig

Yeah. Do you think that eventually this problem will go away because the, the detection and intervention strategies will, will improve to the point that you just can't get a deep fake on of top to social media platform.

Kevin

Right. It's a great question. You know, I'd love, I'd love to get to that point, right. Of not having to, you know, need to monitor those specific platforms. But the reality is like even if that were the case, right. Let's say even if it were impossible to manipulate a particular platform, what we do see the bad guys do is they then go pivot to a different platform. And so we've seen that for example with our own defense capability is like we've we so successfully shut down an attack that we saw the bad guys complaining about it on Telegram like hey, you know this, this technique is not effective at all. Dobble keeps shutting it down. But then you know, what they did is like all right, we're going to do a totally different platform. Then we're going to just focus on a totally different platform, totally different organization that doesn't have Doppel. And so that's, you know, I think that's just the reality of it is like again, the bad guys are always evolving as well is an adversarial back and forth. And our job though is to make it really, really hard for them, make it really expensive for them and discourage them from ever doing it again.

Craig

Yeah. And how do you guys work with customers or enterprises? Is it a subscription and you know, you turn it on and then Apple takes care of, of sort of monitoring all the various channels and the enterprise doesn't have to worry about it or yeah.

Kevin

So yeah, it is SaaS subscription and really this offers out for any listener. Right. We could turn it on in the span of 24, 48 hours for anyone really. Like hey, you know, if Streamyard needed was curious, right. We could immediately turn on that protection, show them what's out there and show them what's already being taken down and then yeah, that's you know, a lot of the value that we add. Right. It's like that peace of mind that you've got this case capability across all these areas. You know, we're a full white glove partner as well. For example, we will work closely with you know, our customer security teams to tune policies to tune, you know, automatic capabilities to their specific business environment. And, and that, that's a lot of you know, ultimately what we sell, right. Is that that peace of mind that white glove service and that and that partnership. Right. So that when the bad guys do evolve and we have to go build something new, we're, we're making, making it happen.

Craig

Yeah. Is it affordable for individuals or is this really an enterprise grade product?

Kevin

We're working on an individual product as well. Like it's, it's today still through enterprises how we protect individuals. So for example, you know, if ION were to protect Craig, right. Then like Ion's helping cover that. So we're going to work on some individual solutions that will come out. But as of today, you know, we, we were work with a lot of different organizations of different sizes, of different scale and it's, it's really that holistic solution. Right. And we work with athletes, we work with politicians, we work with, you know, folks in the entertainment industry. Right. And, and it's all part of the same platform.

Craig

Yeah. You know, big companies like, you know, any big, big, particularly consumer brands have in insurance against reputational damage that. Do you work with insurance companies? It seems to me that insurance companies might require.

Kevin

Yeah, yeah, definitely from a go to market perspective, always happy to partner. Right. So insurance companies or credit card companies or, you know, a lot of different ways that, you know, folks consume our products. So that's definitely always a creative option.

Craig

Yeah. But do you think as this deep fake ecosystem expands, do you think it'll get to the point where any responsible CEO will ensure that they have somebody like Doppel protecting their, their brand or their personnel out on, on social media channels?

Kevin

I'd say yes.

Craig

Yeah. Yeah. I mean, I'm surprised, as I say, I'm starting to see, see public figures selling stuff and it's obviously deep fakes. And, and what is like YouTube's policy? Do they, you were saying that a lot of the business from your point of view, is building relationships so they trust you and when you guys contact them to take something down, it gets done. But are they generally eager to take this stuff down?

Kevin

I mean, I, I certainly can't speak directly to YouTube specific policies, but I would say in general though, like, you know, the partners we work with are very willing partners. The reason why they built these programs. Right. Is because they want to consume this intelligence. They want to, you know, shut down these campaigns. And I, I think a lot of the efforts by these trust and safety and integrity and security teams is to help protect the world from these attacks.