Despite the annual cybersecurity training courses that employers require their employees to complete, human-driven cybersecurity breaches still occur. The problem could worsen as generative AI enhances the scale and personalization of social engineering campaigns.
Anagram, formerly known as Cipher, is revolutionizing employee cybersecurity training to adapt to the evolving nature of these campaigns.
Based in New York, Anagram has developed a platform that offers hands-on security training for enterprises. This training includes bite-sized videos and personalized interactive puzzles designed to teach employees how to identify suspicious emails and communication. Unlike the traditional once-a-year, lengthy training sessions, Anagram’s approach is more frequent and engaging.
According to Harley Sugarman, the founder and CEO of Anagram, the activities involve tasks like creating personalized phishing emails to educate employees on recognizing sophisticated campaigns targeted at them.
Sugarman explained that Anagram drew inspiration from successful platforms like TikTok, Duolingo, and Khan Academy, which have effectively engaged users and influenced behavior change. By applying these lessons to the security space, Anagram aims to enhance cybersecurity training.
Initially, Sugarman’s vision for the company was to enhance enterprise cybersecurity employees’ skills through a “capture the flag” training approach. This approach involves building software with vulnerabilities and having security researchers identify the bugs and write code without falling into the same traps.
However, chief information security officers (CISOs) expressed concern about their non-security employees being the weakest link in cybersecurity. This feedback prompted Cipher to pivot in January 2024, leading to the rebranding of the company as Anagram. Since then, Anagram has experienced significant growth and secured clients such as Thomson Reuters, MassMutual, and Disney.
Anagram recently raised $10 million in a Series A funding round led by Madrona, with participation from General Catalyst, Bloomberg Beta, and Operator Partners. The company plans to utilize these funds to expand its sales team and further enhance its product. Sugarman stated that Anagram has already reduced phishing failure rates from 20% to 6% and aims to approach zero.
Sugarman highlighted that Anagram’s launch coincided with a critical juncture in the cybersecurity industry. The advancements in generative AI enable more personalized social engineering campaigns, making it increasingly challenging for individuals to distinguish between real and fake. Traditional email security platforms may struggle to detect AI-generated phishing attempts due to the strength of randomization and generation capabilities.
Anagram is also developing an AI agent to reside in enterprise employees’ emails. This agent will be trained to identify potential cybersecurity mistakes before they occur, such as prompting users to reconsider sending credit card information via email.
In the meantime, Anagram aims to make progress with its puzzles and TikTok-style training videos.
Sugarman emphasized that humans are capable of avoiding suspicious links in emails, stating, “Humans are not dumb, we built skyscrapers, we can do space travel.”
