MIT-based AI apps startup aims to block supply chain attacks with advanced cybersecurity

1 min read


Join top executives in San Francisco on July 11-12 and learn how business leaders are getting ahead of the generative AI revolution. Learn More

The digital pandemic of increasing breaches and ransomware attacks is hitting supply chains and the manufacturers who rely on them hard this year. VentureBeat has learned that supply chain-directed ransomware attacks have set records across every manufacturing sector, with medical devices, pharma and plastics taking the most brutal hits. Attackers are demanding ransoms equal to the full amount of cyber-insurance coverage a victim organization has. When senior management refuses, the attackers send them a copy of their insurance policy. 

Disrupting supply chains nets larger payouts 

Manufacturers hit with supply chain attacks say attackers are asking for anywhere between two and three times the ransomware amounts demanded from other industries. That’s because stopping a production line for just a day can cost millions. Many smaller to mid-tier single-location manufacturers quietly pay the ransom and then scramble to find cybersecurity help to try to prevent another breach. Still, too often, they become victims a second or third time. 

>>Don’t miss our special issue: Building the foundation for customer data quality.<<

Ransomware remains the attack of choice by cybercrime groups targeting supply chains for financial gain. The most notorious attacks have targeted Aebi Schmidt, ASCO, COSCO, Eurofins Scientific, Norsk Hydro and Titan Manufacturing and Distributing. Other major victims have wished to remain anonymous. The most devastating attack on a supply chain happened to A.P. Møller-Maersk, the Danish shipping conglomerate, temporarily shutting down the Port of Los Angeles’ largest cargo terminal and costing $200 to $300 million


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

Supply chains need stronger cybersecurity 

“While 69% of organizations have invested in supplier risk management technologies for compliance and auditing, only 29% have deployed technologies for supply chain security,” writes Gartner in its Top Trends in Cybersecurity 2023 (client access required).

Getting supplier risk management right for mid-tier and smaller manufacturers is a challenge, given how short-handed their IT and cybersecurity teams already are. What they need are standards and technologies that can scale. The National Institute of Standards and Technology (NIST) has responded with the Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations standard (NIST Special Publication 800-161 Revision 1). This document is a guide to identifying, assessing and responding to cybersecurity threats throughout supply chains. Driven by President Biden’s initial Executive Order on America’s Supply Chains published on February 24, 2021, and the follow-on capstone report issued one year later, Executive Order on America’s Supply Chains: A Year of Action and Progress, the NIST standard provides a framework for hardening supply chain cybersecurity.

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations standard
NIST’s standard reflects how challenging it is for many manufacturers to gain the supply chain visibility, understanding and control they need to secure their supply chains. Source: the Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations standard (NIST Special Publication 800-161 Revision 1)

In a recent interview with VentureBeat, Gary Girotti, president and CEO of Girotti Supply Chain Consulting, explained how critical it is to supply chain security to first get data quality right. “Data security is not so much about security as it is about quality,” Girotti told VentureBeat. He emphasized that “there is a need for focus on data management to ensure that the data being used is clean and good.” 

“AI learning models can help detect and avoid using bad data,” Girotti explained. The key to getting data quality and security right is enabling machine learning and AI models to gain greater calibrated precision through human insight. He contends that having an “expert in the middle loop can act as a calibration mechanism” to help models adapt fast to changing conditions. Girotti notes that people get very sensitive about anything to do with new product development and new product launches because if that information gets into the hands of a competitor, it could be used against the organization.

How an MIT-based AI startup is taking on the challenge 

An MIT-based startup, Ikigai Labs, has created an AI Apps platform based on the cofounders’ research at MIT with large graphical models (LGMs) and expert-in-the-loop (EiTL), a feature by which the system can gather real-time inputs from experts and continuously learn to maximize AI-driven insights and expert knowledge, intuition and expertise. Currently, Ikigai’s AI Apps are being used for supply chain optimization (labor planning sales and operations planning), retail (demand forecasting, new product launch), insurance (auditing rate-making), financial services (compliance know-your-customer), banking (customer entity matching txn reconciliation) and manufacturing (predictive maintenance quality assurance); and the list is growing.

lkigai’s approach to continually adding accuracy to its LGM models with expert-in-the-loop (EiTL) workflows shows potential for solving the many challenges of supply chain cybersecurity. Combining LGM models and EiTL techniques would improve MDR effectiveness and results. 

VentureBeat recently sat down (virtually) with the two cofounders. Dr. Devavrat Shah is co-CEO at Ikigai Labs. An Andrew (1956) and Erna Viterbi Professor of AI+Decisions at MIT, he has made fundamental contributions to computing with graphical models, causal inference, stochastic networks, computational social choice, and information theory. His research has been recognized through paper prizes and career awards in computer science, electrical engineering and operations research. His prior entrepreneurial venture – Celect – was acquired by Nike. Dr. Vinayak Ramesh, the other cofounder, and CEO, earlier co-founded WellFrame, which is now part of HealthEdge (Blackrock). His graduate thesis at MIT invented the computing architecture for LGM. 

LGM and EiTL models make the most of what data enterprises have 

Every enterprise faces a constant challenge of making sense of siloed, incomplete data distributed across the organization. An organization’s most difficult, complex problems only magnify how wide its decision-inhibiting data gaps are. VentureBeat has learned from manufacturers pursuing a China Plus One strategy, ESG initiatives and sustainability that existing approaches to mining data aren’t keeping up with the complexity of decisions they must make in these strategic areas.  

Ikigai’s AI Apps platform helps solve these challenges using LGMs that work with sparse, limited datasets to deliver needed insight and intelligence. Its features include DeepMatch for AI-powered data prep, DeepCast for predictive modeling with sparse data and one-click MLOps, and DeepPlan for decision recommendations using reinforcement learning based on domain knowledge. Ikigai’s technology allows advanced product features like EiTL. 

VentureBeat observed how EiTL with LGM models improve model accuracy by incorporating human expertise. In managed detection and response (MDR) scenarios, EiTL would combine human expertise with learning models to detect new threats and fraud patterns. EiTL’s real-time inputs to the AI system show the potential to improve threat detection and response for MDR teams.

Resolving identities with LGM models 

The Ikigai AI platform shows potential for identifying and stopping fraud, intrusions and breaches by combining the strengths of its LGM and EiTL technologies to allow only transactions with known identities. Ikigai’s approach to creating applications is also versatile enough to enforce least privileged access and to audit every session where an identity connects with a resource, two core elements of zero-trust security. 

In the interview with VentureBeat, Shah explained how his experience helping to solve a massive fraud against a giant ecommerce marketplace showed him how the Ikigai platform could have alleviated this kind of threat. The popular food delivery platform had lost 27% of its revenue because it didn’t have a way to track which identities were using which coupons. Customers were using the identical coupon code in every new account they opened, receiving discounts and, in some cases, free food. 

“That is one type of identity resolution and management problem our platform can help solve,” Shah told VentureBeat. “Building on that type of fraud activity by continually having models learn from it is essential for an AI platform to keep sharpening the key areas of its identity resolution, and is key to fraud management, leading to a stronger business.” He further explained that “because these accounts have specific attributes that speak for themselves and allow information to be gathered, our platform can take that one step further and secure systems from a predator and attacker where [the] attacker comes in with the different identities.” 

Shah and his cofounder Ramesh say that the combination of LGM and EiTL technologies is proving effective in verifying identities based on the data captured in identity signatures, as is the continual fine-tuning of the LGM models based on integrating with as many sources of real-time data as are available across an organization.

Ikigai’s goal: Enable rapid app and model development to improve cybersecurity resilience  

Ikigai’s AI infrastructure, shown below, is designed to enable non-technical members of an organization to create apps and predictive models that can be scaled across their organizations immediately. Key elements of the platform include DeepMatch, DeepCast and DeepPlan. DeepMatch matches rows based on a dataset’s columns. DeepCast uses spatial and temporal data structures to predict with little data. DeepPlan uses historical data to create scenarios for decision-makers.

The Ikigai platform's unique capabilities, DeepMatch, DeepCast, EiTL and DeepPlan, are enabled by its core technology of large graphical models. Source: Ikigai Labs
The Ikigai platform’s unique capabilities, DeepMatch, DeepCast, EiTL and DeepPlan, are enabled by its core technology of large graphical models. Source: Ikigai Labs

Ikigai Labs’ future in cybersecurity 

Evident from Ikigai’s AI infrastructure and its development of DeepMatch, DeepCast and DeepPlan as core elements of its LGM and EiTL technology stack is their potential to have a role in the future of XDR by providing deeper AI-driven predictive actions.

XDR platforms must continually improve how they interpret threat data while capitalizing on MDR's inherent strengths. Ikigai’s approach of combining LGM and EiTL allows security teams to create new models quickly in response to emerging threats. Source: Ikigai Labs
XDR platforms must continually improve how they interpret threat data while capitalizing on MDR’s inherent strengths. Ikigai’s approach of combining LGM and EiTL allows security teams to create new models quickly in response to emerging threats. Source: Ikigai Labs

Using the Ikigai platform, IT and security analysts would be able to create apps and predictive models quickly to address the following: 

Use real-time data to detect, analyze and take action on threats: Ikigai’s platform is designed to capture and capitalize on real-time data that helps Ikigai’s AI apps spot cybersecurity threats.

Use predictive analytics to understand which risks might become a breach: Ikigai models continually learn from every potential risk, and fine-tune predictive modeling in their AI apps to alert companies to security threats before they cause damage. 

The next generation of managed detection and response (MDR): EiTL, which allows the system to learn from expert input in real time, could improve cybersecurity measures like MDR. MDR can detect and respond to threats better by letting AI learn from humans and vice versa.

Reinforcement learning for risk analyses (DeepPlan): Businesses can identify vulnerabilities and improve their cyber-defenses by simulating attack scenarios. This allows strategic and tactical planning, making organizations more resilient against evolving cyber-threats.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.


Source link