Horizon3.ai

What enterprise business problem do you solve?: 
Horizon3.ai enables organizations to see their enterprise through the eyes of an attacker. Our autonomous pentesting platform - NodeZero - is able to continuous assess your attack surface, identifying ways an attacker could chain together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to compromise your systems and data. Our customers use NodeZero to continuously find, fix, and verify the remediation of attack vectors before criminals can exploit them. Our core innovation is the use of knowledge graph analytics combined with adaptive attack algorithms. There are no custom scripts to write or no agents to install, customers are up and running in minutes. We give IT administrators and network engineers "security superpowers", enabling them to operate as ethical hackers with 20 years of experience. Our bigger vision is to deliver continuous attack, paired with continuous defense, executing an integrated learning loop that gets smarter with every interaction, delivered as an Autonomous Security Platform.
Who are your first pilot customers? (It’s okay if you don’t have one yet, but if you do, please list): 
Within our first year of sales, we have amassed > 25 customers. Our customers are primarily mid-market companies with no, or nascent, cyber security capabilities. They span healthcare, financial services, manufacturing, retail, and other sectors. Our typical sales cycle is 6-8 weeks from cold email to deal close, which is a testament to how quickly we are able to prove our value to prospects
What technologies do you use?: 
To minimize the effort and maintenance burden for our customers, our entire system is designed to be ephemeral and single-use. When an customer initiates a pentest through our portal, a virtual private cloud (VPC) on AWS-East is dynamically provisioned. This VPC contains cloud-native services required to implement the command-and-control infrastructure that governs the pentest, as well as graph database services built on Neo4j to store and analyze the knowledge graph. Our attack tools are a combination of open source and custom exploits that are dynamically combined together based on the software and systems fingerprinted by the reconnaissance phase of the attack. Our adaptive algorithms use markov decision techniques to determine the "next best action" during the pentest, similar to how adaptive algorithms are used in chess and AlphaGO
Which category do you see yourself in?: 
Core Tech Infrastructre and Platforms
Where is the company headquartered?: 
San Francisco
How many employees do you have today?: 
26-50
What is the state of your minimal viable offering?: 
Generally Available
How much money have you raised as of 1/1/2021?: 
$2,000,000+
What round of funding will you be seeking next?: 
B
Any other comments you wish to provide?: 
The future of cyber warfare will run at machine speed – algorithm vs. algorithm – with humans by exception Criminal organizations are already using highly automated attack tools to execute ransomware attacks and other campaigns successfully. In Gartner's latest Security Hype Cycle, Autonomous Pentesting is a rising category that recognizes the potential for successfully applying machine learning & AI to conduct offensive cyber operations. For instance, with NodeZero, the autonomous pentesting platform built by Horizon3.ai: - in < 3 , NodeZero successfully compromised Hack The Box "Active", a moderately difficult cyber range -In < 20 minutes, NodeZero autonomously found multiple paths to gain Domain Admin privileges within the network of a financial services company. This company had state of- the-art security tools installed - the hottest SIEM, EDR, XDR, SOAR, & AV, yet NodeZero didn't trigger any security alerts, which proves that customers don't have a tools problem, they have an EFFECTIVENESS problem