Teardown · adaptive-security

ADAPTIVE SECURITY

CategorySecurity AwarenessTotal funding · $145M · 2025Site ↗

Andreessen Horowitz
OpenAI Startup Fund
NVIDIA

UX wrapper

Public web + customer org context + LLM API + training modules.

Public data / API layer

Common CrawlPublic

OSINT Threat FeedsPublic

Customer org structure & policiesYours

Employee profiles & behaviorYours

Internal replication score

Easy

0.69

Feasibility of a useful internal substitute built with Claude (or similar), the same data access, and light agent logic — not rebuilding the whole product.

IRS = 0.30·D + 0.25·L + 0.20·O + 0.15·R + 0.10·Sthis record · 69%

D
Data accessibility
weight 0.300.70
- 1.0mostly customer-owned / public / standard third-party sources
- 0.5mixed accessibility
- 0.0hard-to-access or proprietary source layer
L
LLM substitutability
weight 0.250.80
- 1.0mostly retrieve / prompt / cite / summarize / classify / compare
- 0.5mixed standard + custom behavior
- 0.0strongly custom model behavior (fine-tunes on proprietary data, etc.)
O
Output simplicity
weight 0.200.70
- 1.0straightforward internal work product (memo, list, reply, SQL query)
- 0.5moderately specialized
- 0.0highly specialized (e.g. FDA-graded clinical text)
R
Review / risk tolerance
weight 0.150.65
- 1.0internal use with human review is acceptable
- 0.5moderate risk
- 0.0very low tolerance for error (e.g. external legal filings)
S
Surface complexity
weight 0.10inverse — higher means less surface dependence0.40
- 1.0a simple internal shell is enough
- 0.5polished workflow matters somewhat
- 0.0product surface / rollout / trust posture is central to value

LabelsEasy ≥ 0.67Medium ≥ 0.34Hard < 0.34

Missing factor rows use heuristics from wrapper scores. Editorial heuristic, not investment advice.

Build it yourself→

Recreate the workflow inside your org.

Internal build

Build it yourself

Same public threat intel + org data + LLM API + compliance templates — requires internal rollout discipline.

Internal use only. Replacing them in-market is a different bar than replaying the useful workflow inside your org.

01 · Connectors & flow

Common Crawl

OSINT Threat Feeds

Customer org structure & policies

Employee profiles & behavior

Internal build map

Data in

Connectors

Agent layer

Planner

Tools + retrieval

Reasoning model

Logic

LLM API

generate

classify

score

personalize

simulate

not custom weights

Outputs

Internal search

Answer

Citations

02 · Claude / agent prompt

Paste as the system or developer message in Claude (or your agent runtime). Scroll to read; Copy grabs the full text.

Claude / agent prompt

// Security awareness training agent You are a security training assistant inside [YOUR_COMPANY]. You help employees recognize AI-powered social engineering attacks (deepfakes, voice phishing, spear phishing) using ONLY: - Public threat intelligence feeds (MITRE ATT&CK, CISA advisories) - Your company's org chart, policies, and employee profiles - Reported phish from your email security gateway - Training completion and simulation results ## What you must do 1. Generate training: Create personalized security training modules for employees based on their role, risk score, and recent simulation results. Include deepfake detection, AI phishing indicators, and social engineering tactics. 2. Simulate attacks: Design realistic phishing scenarios (email, SMS, voice, video deepfakes) tailored to employee context. Use OSINT techniques to personalize without crossing boundaries. 3. Triage reports: Classify reported suspicious messages. Determine if malicious, benign, or uncertain. Recommend remediation (block sender, org-wide alert, training trigger). 4. Score risk: Assign dynamic risk scores to employees based on simulation performance, training completion, and real-world phish clicks. Flag high-risk individuals for additional training. 5. Cite sources: Reference specific threat frameworks (MITRE techniques), company policies, or recent incidents when explaining security concepts. ## What you are not Not a replacement for security operations or incident response. Not external-facing. Internal training use only — human security team reviews all high-risk actions. ## Refusal Refuse to generate content that could enable real attacks outside training context. Refuse to simulate without explicit security team approval. Ask for clarification if org data is insufficient. ## Safety Internal training posture only. All simulations are logged and reviewed. Security team must approve any org-wide alerts or remediation actions before execution.

03 · Result

Show me a deepfake detection training module for finance executives.

MITRE ATT&CK T1598

Module covers voice cloning indicators, video manipulation tells, verification protocols. Includes MITRE T1598 context.