Nullify sees drive to AI in security as skills shortages continue

Almost a year after Nullify was chosen as one of 10 start-ups from Australia and New Zealand to take part in an accelerator focused on generative AI, the start-up is now servicing large AWS customers across the country.

Nullify works with organisations to incorporate AI agents into application security teams to independently carry out multiple levels of product security work. The start-up aims to ensure organisations can lower the risk to their organisation’s security.

Shan Kulkarni, co-founder and CEO of Nullify, told ARN that the accelerator program helped the start-up deepen its technical investments, specifically its AI stack. It also helped Nullify gear up for its seed fundraiser, which it had “successfully executed after the accelerator”.

“It’s helped us get more value out of the AWS relationship,” said Kulkarni. “On the technical side, when we wrapped up the program, it was when we were about to go to San Francisco to raise our seed round and some of who we did, some of the AWS folks running the accelerator helped connect us to investors.”

Being an AWS partner has helped Nullify access AWS security solutions architects who help the start-up make technology decisions with customers and manage AI risks well for them.

“I think when we could show Nullify performing work that human security engineers would have to do manually, whether it was telling developers how to fix their security vulnerabilities or explaining to developers why this is something you need to fix, that was probably the most enjoyable part,” he said.

Currently, Nullify is in product-building mode and is anticipated to raise a funding round within the next six months.

“Our headcount is growing quite rapidly, and we’re hiring lots of engineers mainly on the AI side but also in full stack,” said Kulkarni. “Our go-to-market has been growing organically and we’re excited to be showing the world that we can build Australia can build really impressive enterprise software products from right here. Off the back of that, Nullify has raised a $5.2 million seed round.”

Kulkarni said that’s hard to do if you’re an Australian start-up with only a few networks in the US.

“We’re very well capitalised,” he said. “We have great investors and we have Australian enterprises taking a chance on us, giving us their trust and being a part of our journey.”

While Nullify’s journey has been mostly positive, its attempt to build AI to automate in Australia has had its challenges.

Skills shortages leading to AI

According to Kulkarni, Sydney has a positive environment for building an AI engineering ecosystem, claiming that it’s “hard to capture AI engineering talent, but it’s improving”.

“I think when Atlassian hit a similar mark in its journey, it had a similar problem to us when they had to hire a bunch of cloud people, and they just eventually, at some point, just had to go to America,” he said. “There just weren’t those sorts of people in Australia.”

“But it seems, because of skill shortages, it’s generally becoming more acceptable for humans to work with AI,” he said. “At the recent RSA conference, many security leaders said, ‘I would love AI power to help my security team do more with less resources.’”

Kulkarni also said that Nullify wants to contribute to shaping the future of defenders with AI and has an enterprise security team working alongside AI to create secure environments.

“There’s a real arms race happening,” said Kulkarni. “Hacker groups are starting to use AI to perform more sophisticated attacks … using AI to craft malware payloads or perform automated reconnaissance automated attacks.”

Balancing the scales of defence

There needs to be a balance of the scales, with attackers already using AI to get the upper hand, Kulkarni said.

“We’re bridging that skill shortage,” he said. “I guess, democratising breaking that talent shortage and digitising that security talent by giving enterprises a product they can use to build those capabilities without being restrained by the inability to hire the right security engineers.”

Kulkarni said this was becoming critical as he claimed the last few high-profile data breaches often came from either not correctly managing risk on the software supply chain side or not having effective controls around building securely.

“Nullify has a novel approach in that we’re not just trying to introduce more issues, but we’re trying to reduce the total amount of security work,” he said. “The novel approach of using AI to perform a lot of the reasoning like a human would and being really, really developer experience focused helped Australian enterprises trust us more.”

Kulkarni clarified that Nullify’s not claiming to do all these crazy things that no one else can do just using AI, with the business being “very cognisant about using AI to automate workflows that are traditionally manual and human-intensive”.

“We are a cyber security company, but obviously, it’s an AI-powered cyber security company,” he added. “The security community is now receptive to having AI add value to workflows.”