Risky Business – Snake Oilers: Realm Security, Horizon3, and Persona

Host: Patrick Gray
Date: October 7, 2025
Episode Theme:
This episode of Snake Oilers showcases three cutting-edge cybersecurity startups—Realm Security, Horizon3, and Persona—each presenting how their products are innovating security data processing, penetration testing, and remote identity verification. Hosted by Patrick Gray, the episode delves into how AI and automation are reshaping foundational security practices for modern enterprises.

Realm Security: AI-Native Security Data Pipeline

(00:00–15:27)

Main Theme

A conversation with Pete Martin (CEO) and Colin Germain (Head of Data Science) about how Realm offers a smarter, AI-driven log and data pipeline tailored for security teams, positioned as a security-first alternative to generic data routers like Cribl.

Key Discussion Points & Insights

• What is Realm Security?

  • AI-native Boston-based cybersecurity company specializing in a transparent, intelligent data pipeline platform.
  • Goes beyond “bytes in, bytes out”; understands log composition and applies machine learning (ML) and LLMs throughout the pipeline for smarter filtering and routing.

    “Instead of being a bytes in, bytes out pipeline, we've built a transparent layer into all of the individual pipelines themselves which give us the ability to gather deep statistics in an understanding of the actual composition of the log.” — Pete Martin (02:33)

• How Realm Compares to Established Solutions

  • Competes directly with Cribl, offering faster time-to-value (7 days onboarding vs. 2–4 months).
  • Security practitioners can reconfigure pipelines themselves without costly, repetitive professional services.
  • ML- and LLM-powered recommendations for log filtering ensure rules are tuned for each organization rather than reliance on generic vendor packs.

    “We were able to reduce 83% of their firewall logs within seven days, saving them $250,000 annually.” — Pete Martin (04:53)

• The AI-Driven Approach

  • Pipeline uses online statistical learning to analyze log composition, surface reduction opportunities, and apply generative AI for field reasoning and recommendation creation.
  • “Human-in-the-loop” system: AI does most of the work; humans review and approve the results, akin to a “code review.”

    “Our mission is to give control to, you know, the SOC teams and ... have them make the decision. ... Think about where does the human need to come in and really be that oversight.” — Colin Germain (07:13) "It's like a code review. I think that's the way that I always think about it." — Colin Germain (08:28)

• Broader Market Impacts

  • Realm challenges why SIEMs are needed if you already have a structured, easily queryable archive—hinting at a future where detection and analytics may move closer to stored data or new cloud platforms like Snowflake.

    “Why do you need the SIEM anymore? ... If you can dump all of this stuff into Snowflake and query it, why do you actually need Splunk?” — Patrick Gray (08:43) “We see a much bigger opportunity for customers to have somebody as their true data broker ... to more safely and easily adopt the agentic solutions that could potentially end up, you know, taking over the SIEM market.” — Pete Martin (10:56)

• Practical Advice & Fun Fact

  • Most log volume (and waste) comes from endpoint, network, and firewall logs, particularly excessive DNS lookups for well-known sites.
  • Removing process heartbeats and known benign DNS events is “low-hanging fruit.”

    “DNS traffic for specific domains that are known is actually a very large chunk of volume typically.” — Colin Germain (13:02)

• Memorable Offer

  “If within 10 days of using our product, we're not able to reduce your firewall, endpoint or network traffic by 50% we'll give you the product for free for six months.” — Pete Martin (15:05)

Horizon3: Autonomous AI Pen Testing

(15:27–31:03)

Main Theme

Patrick Gray interviews Snehal Antani, CEO of Horizon3, about how their platform, powered by “AI hackers,” is revolutionizing routine pen testing and vulnerability management via autonomous, consequence-focused testing at scale.

Key Discussion Points & Insights

• Automated Pen Testing—Beyond Vulnerability Scanning

  • Horizon3’s AI agent (“Node Zero”) autonomously attacks, chains exploits, proves exploitability, and gives precise fix guidance—then runs retests.
  • Primary audience: IT admins, network engineers, and MSSPs, not traditional pen testers.

    “With no knowledge of the environment, how can we point, click, shoot, hack and prove what's exploitable ... enable you to run a retest to verify that you're good to go.” — Snehal Antani (16:49)

• How It Differs From Classic Vulnerability Scanning

  • Scanners only list vulnerabilities and lack context; AI pen testers show attacker paths and practical consequences (e.g., chaining ILO to EDR bypass to Outlook token theft).

    “A vuln scanner will tell you that HP ILO is a problem. It won't show you the consequence of what the attacker can do if they abuse ILO to achieve an objective.” — Snehal Antani (17:43) “Being vulnerable doesn't mean you're exploitable. And that's why understanding if you're exploitable ... is super important in prioritization.” — Snehal Antani (18:57)

• How the Platform Works

  • Can simulate external or internal attackers (start with no access or a shell).
  • Deploys as a one-time Docker container, which phones home to a cloud controller, runs recon, exploit chains, and then self-destructs—no persistent footprint.
  • Handles honeytoken deployment, production-safe credential attacks, and comprehensive enumeration.

    “Conduct recon enumeration first ... Should I go after the router, the printer or the television next? ... It continues to iterate through this next best action process until it's exhaustively and comprehensively tested your environment.” — Snehal Antani (22:20)

• Continuous Testing in Mature Environments

  • Some customers shift from 1–2 annual pen tests to 40–50 per month, enabled by faster remediation cycles.

    “At any given moment there's at least one or two pen tests running, assessing different parts of the environment.” — Snehal Antani (24:31)

• Where Humans Still Excel

  • Human testers are best at discovering logic flaws in custom code, and safely analyzing unique/bespoke OT/ICS systems.
  • AI dominates broader infrastructure testing, credential abuse detection, and attack graph analytics.

    "Let the humans focus on the really bespoke things that are DEFCON stage worthy." — Snehal Antani (30:26)

Notable Quotes

• “The hardest part of my job was deciding what not to fix. ... They weren't sure that they were exploitable.” — Snehal Antani (18:38)
• “Mastering the art of recon enumeration, dancing on domain controllers, pilfering credentials and all that stuff. Machines are better at that today.” — Snehal Antani (30:22)

Persona: Robust Remote Identity Verification

(31:03–45:07)

Main Theme

Dmitri Greco from Persona discusses the rapidly expanding use cases for remote, biometric, and anti-deepfake identity verification platforms across regulated, workforce, and gig economy sectors.

Key Discussion Points & Insights

• How Persona’s Tech Works

  • Live capture of government ID + live selfie, with biometric comparison and “liveness” checks to catch spoofed or replayed videos.
  • Layered defense: Device and browser forensics, background similarity, velocity (frequency), and behavioral anomaly detection supplement biometric matching.

    “…instead of just relying on, does this face look legitimate, we are collecting other signals. What is the device? What's the frame rates of the camera, what's the label of the camera? Are they on VPNs, are they on tours?” — Dmitri Greco (34:01)

• Risks, Arms Race, and Defensive Strategies

  • Constant arms race with attackers tweaking deepfakes and replay attacks; Persona responds with both active and passive detection.
  • Anecdote: “Couch Guy” attacker iterated different personas on the same couch, leading to development of background similarity detection.

    “That started our background similarity detection. So we realized, actually, instead of looking at the face, let's look at everything else.” — Dmitri Greco (41:10)

• Industries and Use Cases

  • Historically financial services/fintech, but now rideshare, marketplaces, HR onboarding, workforce verification, and dating apps.
  • Growing use for periodic workforce “re-verification” (especially against North Korean IT worker threat).

    “For identity verification. Workforce verification is very nascent. I would say within the last 12 to 18 months, it's becoming more recent.” — Dmitri Greco (43:59)

• Combating False Positives

  • Platform gives real-time user guidance for image problems, allows customizable retry policies, and retains manual review for edge/fraud cases.

    “Our platform is extremely customizable ... So if we can cut [manual review] down drastically, it's saving people time.” — Dmitri Greco (41:00)

• Why Automated Checks Can Be Superior

  • Unlike a bank clerk, the system instantly spots repeated backgrounds, devices, and statistical anomalies across the ecosystem.

    “It’s very hard for someone in real time to compute connected similarities. ... The person at the bank branch isn't going to realize that 50 people have submitted IDs of a man wearing the exact same tie in the last 10 seconds.”— Patrick Gray / Dmitri Greco (43:12)

Notable Quotes & Memorable Moments

• “Who is actually ever taking a selfie with a laptop in their, in their car? Those things just don't add up.” — Dmitri Greco (35:28)
• “Most of the time, you know, they're just calling and sort of finessing their way in. They're not doing any sort of like, hacking to really get in.” — Dmitri Greco (44:53)
• “Couch Guy will live on in Persona.” — Dmitri Greco (41:10)

Timestamps for Major Segments

| Segment | Start | |-----------------------------------------------|-----------| | Realm Security: AI-Native Pipelines | 00:00 | | Horizon3: AI Pen Testing | 15:27 | | Persona: Live Biometric ID Verification | 31:03 |

Summary

This “Snake Oilers” episode provides a concise but in-depth look at how leading startups are leveraging AI and automation to solve persistent cybersecurity problems—from surging SIEM costs and log overloads, through scalable penetration testing, to the evolving arms race for remote identity verification. All three segments highlight the increasingly nuanced boundary between what machines can automate and where human oversight remains essential.

For enterprise security leaders, the message is clear: new solutions are dramatically lowering manual workloads, putting pressure on legacy tooling, and shifting the focus from generic compliance to tailored, data-driven risk reduction. But while AI and automation are advancing rapidly, a blend with expert oversight remains key—at least for now.