Humans are often the weakest link in the cybersecurity chain. Just last week, cleaning product giant Clorox claimed a cyberattack that may have caused as much as $380 million in damages was the result of a contracted service desk staffer resetting a password for a hacker pretending to work for the company.
IT departments are aware of the risk of human error, of course, and try to address it with education. Usually, this means a few emails and some simple training. But the advice in these types of training are generalized and only rarely tailored to the specific needs of staff. That’s one reason why people never even bother to read those emails.
This is the problem that female-founded cybersecurity startup Fable wants to tackle with a personalized approach. The company is coming out of stealth on Tuesday, with $31 million funding; an April 2024 seed round led by Greylock Partners at $6.5 million and a $24.5 million Series A led by Redpoint Ventures in May this year. Garry Tan, CEO of Y Combinator, has also invested. A source familiar with the deal said the business is valued at $120 million.
Founded in 2024 by Nicole Jiang, 31, and Dr. Sanny Liao, 42, who spent years at $5.1 billion cybersecurity company Abnormal, Fable claims its AI helps determine which employees need help improving their security practices and offers custom tips and guidance to them. All of its content, from videos to scripts, are generated by AI.
“We’re solving this holistic human problem.”
For instance, an employee who isn’t using mult-factor authentication might get a quick briefing on their PC about what tools they can use to protect their accounts. Or a user who might be targeted by a deepfake scammer will get a video of both the real Jiang and an AI-created version to show them how effective such attacks can be, followed by some guidance on how to be cautious. At the backend, IT can monitor whether the employee then takes corrective actions, like downloading a password manager with multiple layers of authentication. Fable’s tools can be used on a variety of platforms, too, including Slack, Microsoft Teams or email.
“We’re an AI-first human risk platform, and we’re solving the problem of reducing human errors,” Jiang tells Forbes. “It’s a personalized experience that gives people time back when they already know what to do, but really hyper focus when people don’t, when they are, you know, not as secure as they should.”
Jiang, who also spent a year each at Microsoft and $20 billion-valued data science and surveillance company Palantir, and cofounder Liao have history in AI-powered security. At Abnormal, they were early employees and helped the business sell an AI that figured out what emails are legitimate and which aren’t. Abnormal also has an AI agent that guides users through using email securely.
Jiang doesn’t think there will be competition between Fable and her old employer. “For us, it’s less about solving the email problem, we’re solving this holistic human problem.”
Fable’s main competition is in the cybersecurity education space, where one of the incumbents is KnowBe4, which was acquired by private equity firm Vista Equity Partners for $4.6 billion in 2022.
Greylock investor Saam Motamedi, who also invested in Abnormal, says that KnowBe4’s training materials are static and don’t adapt to employee needs the same way Fable’s do. “I think we can build something much, much bigger,” he says, saying he sees Fable on a path to over $1 billion in annual recurring revenue in the coming years. “That can lead to a standalone public company.”
Though it’s only making itself known to the wider world now, Fable’s spent the past year building its products for customers across financial services, healthcare, logistics and tech. It counts mortgage provider Pennynac and software company Genesys among its first clients.
Arvin Bansal, chief information security officer at C&S Wholesale Grocers, said that he started using Fable amid a spate of ransomware attacks in his industry and needed to educate a diverse staff about the risks. Impressed by the Fable AI’s ability to spin up relatable, short, sharp content, he rolled it out and within a week said the feedback was hugely positive. “That’s where I saw the power of AI, how quickly the content was created and how quickly it could be distributed,” he told Forbes. He said he’d seen “increased awareness, fewer risky clicks, and a noticeable rise in users reporting phishing attempts.”
Jiang says it’s worked with political entities too, including the Democratic National Committee in the run up to the election last year. “We helped proactively do a lot of the personalized security briefings for all their campaign staffers,” she said. The party may have lost, she notes, but at least it didn’t suffer any significant breaches. “Which is still a win for us,” she added.
