Headline
Startup Spotlight: Knostic Tackles AI's Oversharing Problem
Cybersecurity startup Knostic, a finalist in this year’s Black Hat USA Startup Spotlight competition, adds guardrails to how AI uses enterprise data to ensure sensitive data doesn’t get leaked.
Source: Deemerwha Studio via Shutterstock
The intense popularity of public generative artificial intelligence (GenAI) tools over the past two years has resulted in many applications rolling out new chat capabilities and other features driven by large language models (LLMs). However, many organizations are learning that connecting LLMs to their internal knowledge repositories is a risky endeavor.
“Business leaders are surprised when the search tools provide anyone [with] answers to sensitive questions, such as, ‘What are people’s salaries?’ and 'What are the most recent M&A due diligence results?’” says Sounil Yu, co-founder and CTO of Knostic. Even if the permissions and access controls are set correctly on the files containing sensitive data, the inferences made by the LLM can also lead to oversharing.
AI without controls potentially exposes the organization to increased risk, primarily by exposing information to the wrong people, said Gadi Evron, co-founder and CEO of Knostic, in an April interview with Dark Reading.
“How can we curate personalized information and actually give you value — answer with what you need to know instead of just saying stuff?” Evron said.
Knostic says it is the only company defining per-user need-to-know and creating a knowledge control layer.
“Most companies are focused on addressing the oversharing problem solely through data scanning/permissions and information classification,” Yu notes.
Knostic’s technology provides organizations with visibility, control, and curation. For visibility, the platform continuously queries the GenAI tool (currently Microsoft’s Copilot) on various sensitive topics from the perspective of different users and roles to identify unexpected exposures. For control, Knostic’s technology captures and displays permissions for content and gives users the ability to modify those permissions. Just because a user can access the data file doesn’t mean the user is supposed to know its contents, Yu says.
“By correcting the permissions of sensitive content, we can prevent oversharing through Copilot,” Yu says.
Access should not be binary — either yes or no — so the technology gives security teams the ability to curate search query answers to fit the user’s need-to-know level.
The company started by focusing on Copilot for M365. Looking ahead, the company is working on solving the need-to-know problem for tools beyond Copilot and Glean for all software-as-a-service tools that incorporate LLMs as a feature.
Startup Spotlight Finalist
Evron and Yu originally planned to call the company Knowalls, a play on words that could mean “no walls,” “know walls,” and “knows all,” but decided against it because of the negative connotation around “know-it-alls.” The word Knostic is based on the Greek word gnostic, meaning relating to knowledge, which fits with what they were building, Yu says.
The four finalists in this year’s Black Hat Startup Spotlight competition — DryRun Security, Knostic, LeakSignal, and RAD Security — will present their business models to a panel of judges during the Black Hat USA Conference in Las Vegas on Tuesday, Aug. 6. The judges for this year’s competition are Ketaki Borade (senior analyst, Omdia), Coleen Coolidge (CISO adviser, SF Info Security), Trey Ford (CISO adviser), Hollie Hennessy (senior analyst, Omdia), Maria Markstedter (founder and CEO, Azeria Labs), Lucas Nelson (founding partner, Lytical Ventures), Robert J Stratton III (venture partner, NextGen Venture Partners), and Rik Turner (principal analyst, Omdia). The “Shark Tank”-style competition involves each finalist making a presentation and then answering questions from the panel.
Finalists have the opportunity to demonstrate their technology on the show floor at Black Hat. Visitors to Knostic’s booth will be able to see how the solution “provides visibility into what is being overshared, capture need-to-know, and control and curate access to knowledge based on a user’s need-to-know,” Yu says.
Startup Brief
If the company were a band, what would its band name be?
Guardians of Gnosis (thrash metal).
If your company had a mascot, what would the mascot look like?
A barn owl, because an owl is known for its knowledge and wisdom.