Big news! My good friend Tim Hwang and I have started a company, International Persuasion Machines (IPM).
Our company is based off several foundational principles:
- The history of cybersecurity is, in essence, chasing threat actors up an escalating software abstraction pyramid (e.g. as we build new layers of abstractions in code, we chase new issues upward, from the low level attacks on physical machines upwards to the current app security landscape),
- Fixing the current set of maladies on the internet (misinformation, fraud, abuse) requires establishing new security layer of for a new layer of software abstraction,
- That abstracted layer concerns attacks not on the technical layer of a system, but an inversion of the normative expectations surrounding a systems provided technical affordances.
Collectively, we envision these attacks on the normative expectations of deployed software as fundamentally an issue of sociotechnical cybersecurity. Re-imagined, the Russian Interference in the 2016 election, Gamergate, and the proliferation of synthetic media for various forms of fraud are all a question of sociotechnical cybersecurity. By re-framing these "attacks", we can adopt the more traditional language, thinking and approaches afforded by cybersecurity to systematically mitigate these concerns.
IPM helps companies mitigate these issues by providing an automated red-team-in-a-box - our custom software allows for the rapid prototyping and deployment of complex bot attacks at scale. Instead of using this platform to engage in nefarious behavior, we afford it to our customers so that they can quickly and proactively identify and mitigate the types of vectors these attacks would emerge from, accumulate systematic data about how those vectors would work in practice, and be able to verifiably close the gap on these types of attacks. Please visit our company site to learn more!