Dune Security

High-Level Overview

Dune Security is an AI-driven cybersecurity company that builds a User Adaptive Risk Management platform to automatically detect, score, and remediate user risk from social engineering and insider threats.[1][2][4][5] It serves Fortune 1,000 enterprises by simulating omni-channel attacks (email, SMS, voice, video, encrypted apps like Telegram and WhatsApp), delivering personalized training, and integrating with tools like Entra ID, Okta, CrowdStrike, and Microsoft Defender to enforce dynamic controls.[1][2][3] The platform solves the problem of legacy security awareness training, which treats all users equally and ignores real-time behavior, role, and access levels—replacing it with risk-based prioritization that reduces human-error breaches (90% of incidents) while saving time (e.g., 30+ minutes per low-risk employee annually, 80% less training logistics).[1][2][4][7] Growth momentum includes a 2023 launch, $9M raised across two rounds from investors like Toba Capital and Craft Ventures, and scaling to 67 employees in New York.[4][5][6]

Origin Story

Dune Security was founded in 2023 by David DellaPelle and Michael Waite in New York, NY, targeting the gap in traditional cybersecurity where human error drives most breaches but tools fail to adapt.[3][4][5] DellaPelle, emphasizing continuous threat modeling, drew from the reality that "attackers are constantly finding new ways around" defenses, leading to innovations like AI-generated deepfakes and multi-channel simulations.[3] The idea emerged from recognizing legacy SAT (security awareness training) as broken—static and ineffective against conversational, cross-channel attacks—prompting an AI-powered "credit score for user risk" that analyzes behavior, roles, and integrations like EDR and HR data.[1][3][4] Early traction came swiftly: post-launch funding of $9M, rapid employee growth to 67, and adoption by Fortune 1,000 firms, with metrics like 25% average risk score drops in three months.[4][5][6][7]

Core Differentiators

Dune stands out in cybersecurity by shifting from blanket training to AI-powered, user-adaptive risk management that quantifies and automates defenses based on individual profiles.[1][2][4]

• Real-Time Risk Scoring: Acts like a "credit score" using behavioral signals, role sensitivity, access levels, and data from EDR, IAM, email, and HR—prioritizing the top 5% highest-risk users for escalation.[1][3][4]
• Omni-Channel Simulations: GenAI creates hyper-realistic attacks (deepfakes, phishing) across email, SMS, voice, video, and encrypted apps, unlike legacy tools limited to email.[1][3]
• Adaptive Remediation: Delivers just-in-time, role-specific training with minimal friction for low-risk users; auto-triggers workflows, access restrictions, and integrations for high-risk cases—3x faster response.[1][2][7]
• Seamless Integrations & Reporting: Works with Okta, Proofpoint, CrowdStrike, etc.; provides executive dashboards and compliance (SOC 2, ISO 27001, GDPR as of 2024-2025).[2]
• Proven Impact: 90% breach reduction potential via human error mitigation, 75% less PCI DSS training time.[2][7]

| Adaptive Training | ✓ | Partial | ✗ |[1]

Role in the Broader Tech Landscape

Dune rides the AI-augmented cybersecurity wave, addressing human risk as the "critical frontier" amid rising conversational attacks (e.g., deepfakes, encrypted channels) that bypass traditional perimeter defenses.[3][4][7] Timing is ideal: with 90% of breaches from human error and AI threats evolving rapidly, enterprises demand scalable, frictionless solutions—Dune's 2023 launch aligns with post-pandemic remote work vulnerabilities and regulations like GDPR/CCPA.[2][7] Market forces favoring it include integrations with dominant stacks (Microsoft, CrowdStrike) and certifications (SOC 2 Type II through 2025), enabling Fortune 1,000 adoption while reducing SOC overload.[2][6] It influences the ecosystem by transforming workforces into "proactive defenses," setting a standard for behavioral AI in cyber, potentially pressuring legacy SAT providers to adapt or lose ground.[4][5]

Quick Take & Future Outlook

Dune's trajectory points to enterprise dominance in user risk management, with expansions into more AI-driven simulations, global compliance (e.g., building on 2025 HIPAA/NIST attestations), and deeper SOC integrations amid escalating AI threats.[2][3] Trends like zero-trust evolution and regulatory scrutiny on insider risks will accelerate demand, potentially fueling Series A+ rounds beyond $9M and 100+ employee growth. Its influence may evolve to ecosystem-wide standards, making human layers as automated as code defenses—cementing Dune as the go-to for CISOs tackling the human firewall. This positions it squarely against Dune's opening promise: automatically minimizing human error for a safer digital world.[4][7]