Apple Podcast Link
Jonathan Dambrot: I'm currently the CEO of Cranium ai headquartered in Short Hills, New Jersey, and we focus on building capabilities using AI to secure the AI revolution. And that's always been our just massive transformational purpose.
Jim Barrood: That's what you're doing now, but how did you get to this place? Why don't you take it from how high school?
because I know you've had a long entrepreneurial career. Yes. And I want to hear I think everyone should hear. How extraordinary it is.
Jonathan Dambrot: Yeah. So Jim, I was trying to think about how many years I've known you as we were starting to plan for this. And it's been a while. It's been a long time.
So you knew me in college, right? And I started my entrepreneurial journey in high school. I was a magician. And I started a magic company and it was, not really cool at when I was growing up to be like a young entrepreneur. Like I was that nerdy kid. Today it's the norm.
There's just like an expectation that young kids are going to start software companies and change the world or whatever. Back then it was, for me it was really exciting to be able to, I ma I manufactured three magic tricks. I sent them all over the world and then I performed every weekend.
It's how I paid for college. Way different than my kids today, right? I, and then, I bought my first car, so that was exciting. I got to see like how to run a business very early. It taught me a lot of lessons about, what I, how I thought about certain things. And then went onto another journey in college.
I started a chocolate business as so my grandfather was a chocolatier, so that was always fun, right? Being the magician c chocolatier guy. And that was, a business that I was in for a few years in college and ended up selling that business. And then going back to graduate school.
And I got, that's when I got into Hooked on Technology and started another company called Prevalent. And that's really where we started thinking about how do we look at cybersecurity for very large enterprises? How do we look at that? And it was it's been a fun journey. I sold that business ended up at KPMG.
After that as a senior partner working on third party security and AI security, and then incubating what's today cranium to really think about how do I. Understand what an AI system is looking especially since, we were basically working with the biggest companies on their AI challenges and we literally couldn't find anything that was being done to secure them when I was at KPMG.
So that was the, in like my journey and the incubation of this idea.
Jim Barrood: Amazing. Amazing. I have to ask you questions about the magician. What was one sort of lesson learned from that experience?
Jonathan Dambrot: There's so many lessons learned from that experience. There are no illiterate magicians, by the way, so it's funny.
Like I hung out with a lot of kids who were just really into magic and you find that when people surround something that's a passion. They really just, that's all they want to do. That's all I wanted to do. I really, I found joy in just this very deep knowledge of a subject. And I used to collect magic books and I had books that were like 150 years old where I'd find these magic tricks and I, nobody else knew 'em.
So that was so much fun for me. As I was in that, at that age where I wanted to differentiate myself, I wanted to do something different, but be with a group of people that were super passionate. And I think that's what persists for me. You going to do things that are meaningful.
And those are the things that you'll drive grit and do, determination and do whatever it takes to drive success.
Jim Barrood: Got it. What about at the chocolate store? How did you not eat all the profits? I would have that problem. Any lesson learned there?
Jonathan Dambrot: Yeah, Jim the lesson is don't eat that much chocolate.
So I, I gained so much weight in that business so yes, it took a long time to figure out, once I was outta that business, how to lose that weight. I made very good chocolate chip. Like my chocolate was fantastic. My grandfather actually, he was in New York, used to win all the.
Awards like in the New York Times this, there was a critic called Mimi Sheridan, and she used to rate my grandfather's chocolate every year. And he always won five out of the top 10 chocolates in New York. And he was trained in Switzerland and I studied with him. And that was a joy in my life.
I got to spend time with my grandfather. I, that was. One of those moments you you think about times in your life where I got to know him way better. I learned, a critical skill from him. I learned a lot about business and so that was a great time. Probably, the eating of the chocolate, like I, I gave joy to a lot of people.
But chocolate business, hard. It's a hard business.
Jim Barrood: Got it. So let's move to prevalent. What did you learn from there and talk to us specifically how you built this business, but then sold it. And then worked for the acquirer. Yeah. That must have been a big difference in culture. Yeah. Talk to us about that because some, a lot of, entrepreneurs get their companies bought by bigger companies.
Jonathan Dambrot: Yeah, it was a, frankly, as I look at the things that define me as a leader, going through that experience, we ended up, prevalent, we started as a consulting company. It was cyber consultancy. We then started to specialize. And our first foray, we were working with some very large cyber companies of that time, so Symantec was one of our biggest partners.
You remember that company? It got bought by broad Broadview and we look at, how could we help support the things that we were seeing in the lar, these large enterprises, which weren't getting done fast enough. So we started specializing things like policy management, and then what we really keyed on was a challenge that all of our banking customers were really focused on at the time was third party security and third party risks.
Because they were seeing a lot of their breaches coming from organizations where they were sending data, but they couldn't control those. Enterprise security, environments, and they were seeing a lot of that happening. So we put our energy on that and we started building product and then we ended up separating the consulting business and the software business.
And then those, we put a leader in the consulting business. I ran the software business and that grew to be one of the top third party security companies in the world. So that was really exciting to see the growth. We grew like crazy. We really started to help again, the biggest banks. Biggest, companies who were focused on how do we solve this really entrenched problem.
And that, for me, the lesson once we sold it was, how do I continue to grow where, I don't necessarily have the majority of the business ownership any longer, right? Like, how do I make sure that, and it I spent two years there and we continued to grow the business and then I came outta the business and yeah, it was, I didn't think about it much differently, Jim.
Even though we had a new owner, they obviously had different controls that they wanted to put in place. And, I ended up coming outta the business, but I thought about it the same way and we continued to grow the same, the same way.
Jim Barrood: That's great. And then, so how did the thinking go to start Cranium?
What was that sort of thought process? When did it hit you?
Jonathan Dambrot: So at K-P-M-G-I, my team was building an agent called Casey. Originally, I was trying to call it Marwick, by the way. KPMG. The M in KPMG is actually for marwick. What happened there was we were building these models, we were taking really sensitive data from the largest enterprise in the world.
We were publishing these to endpoints and creating a pipeline to solve again, third party security as well as other cyber challenges. We couldn't call it Marwick because the risk team and the marketing team basically said you would have to get approval from the great grandson of Marwick.
And I was, being an entrepreneur Jim I don't like this. I don't, hearing no is not my, in my, vernacular. So I was like. Give me his number. I'll call him today. No problem. They were like, Jonathan, that we're telling you no, like you just, no this is not never going to happen.
And so we called it Casey. And what it was, our first foray into being able to deliver AI at a scale against this really sensitive data. And what we found was that as we were starting to go into production, into these enterprises, again, I worked with very large enterprises while I was at KPMG.
There was no process to put them into production securely. There was no DevSecOps for ai and it wasn't even on the radar of the ciso. So I started incubating the idea of cranium every time we were doing this, and we must've done this like 20 times. And I was like, this can't be true. Like we've been building DevSecOps for 20 years.
How is it that we don't have this for ai? And that was, that's where I started thinking about it. I got an opportunity to pitch KPMG. So they started building an incubator called KPMG Studio. We were the, I was the first one to go through it. I was also the, probably the only partner. Who was like willing to like, give up my career to go do something like this.
And I was probably one of the few that they looked at that could meet the independence and risk requirements. So I pitched the firm on a Monday. They funded at me on a Wednesday. So the head of advisory globally, which was an ama, it was amazing to watch it because my experience with KPMG is way different than what I think people think about with the Big four.
They were excited about. Investing in innovation and helping that. So we, yeah, they gave me my first 3 million bucks. I got to build my team and started building. It was really fun.
Jim Barrood: That's amazing.
And so what year was that? When did it, when did you launch?
Jonathan Dambrot: So we started incubating in 2021. And then we spun the business out in 2023.
And then our Series A Investor is one of the top cyber investors in the world at Sin Ventures. So Jay Leak who was the former CISO at Blackstone and Nokia and then, created his first fund and then Sin Ventures more recently he's been fan, they've been fantastic. And then Telstra Ventures, now Titanium Ventures did our series A.
Jim Barrood: So tell us more about the company where you've launched in 2023. We're now 2026. And you've grown a lot. So tell us plainly, what does it do? Who are some of the, your customers or potential customers? And then tell us where you're at.
Jonathan Dambrot: Yeah it's been fascinating. The first year we spun out, this again, was not on the top of people's lists.
We, there was a lot of evangelism. We focus primarily on understanding where AI development is happening, and this is again, in the largest enterprise. So we have the largest bank as a customer, largest telecom as a customer largest life science company in the world. As a customer we have, we work with.
Many of these large enterprises and their vendors, and we think about this development, whether it be, kind of those chatbots that are getting integrated into every SaaS application or really complex agentic frameworks. Both internally, so you know, where software development is happening with the ID as an example through all the way to the firewall.
We want to understand where that's happening or. In the third party and the, what we found through our research has been that we can give very good understanding of the threats that are persistent in these AI systems by getting, doing a snapshot of the system, creating something like called an AI bill of materials, which is basically like, you know the soup recipe, like the recipe labeling on food.
It's like it gives you a label of what's inside of an AI system. And then we take that information to simulate that system in what we call. Our arena. And we can give you a really good idea of what the threats look like at very high confidence. And then we build something called shield, which sits on top of that to reme, help remediate the challenges of those threats and risks.
And again, we get massive scale very quickly because of our simulation. Capability and then we can do this for third parties more quickly than, other methodologies for securing ai. And so this was our lesson over the course of a couple of years, like, how do we figure this out with these companies?
Because AI development has skyrocketed. So 2024, you started seeing maybe 10% of organizations investing in things like AI security, 20, 25, maybe 20%, 25%. 2026, I think close to 50 to 60% of the enterprises have now budgeted to figure out how do they understand this challenge? How do they put security capabilities in place?
And then by 27, 28, it'll be a hundred percent of enterprises will have to budget to secure this.
Jim Barrood: Because with all the advances. From my understanding with all the chatbots with all the agents, it's become even more of a mess and more insecure. So companies really have to worry about this. Is that right?
Jonathan Dambrot: Yeah, a hundred percent. I'll give you a good example. So agentic coding, it's like that is first of all the number one agentic use case that is just taken off, right? And what we're seeing there is we'll see development organizations that have. Five to 25,000, even 40,000 developers where a segment of those developers could be thousands.
Like they'll go from zero to having 5,000 people running agentic development with Windsurf or Claude code or one of these pieces. The problem with the construction of those agents is that they're giving them a lot of autonomy and through these kind of file systems and the ability to basically pull information down externally, tie it to internal development, enter, organizations through GitHub and Bitbucket, and the problem is that they generally are taking the identity of the actual developer, but the autonomy.
Is creating major vulnerability. So we found a vulnerability where we could drive persistence into that. IDE move laterally, basically take over the entire thing without the endpoint security applications even picking it up. And so we built some plugins to support that. We ended up calling that brain bleed because we basically, it was like a worm.
If you, if this is happening to you, it can take over almost the entire development environment with, very quickly. And those types of threats, they're not well understood. People just want to go faster. They're trying to drive this. And these become really big challenges, especially if you've got thousands of developers trying to pick this new thing up to try to stay competitive.
And they fall. They fall victim to this.
Jim Barrood: And so where is the company now and what's your vision for it? Like I know you give us some sense for how you've grown.
Jonathan Dambrot: Yeah, so this year our fiscal year ends in April. So year over year we'll probably, by the end of the year we'll be between four and five times year over year growth.
This has become, again, one of the major topics we went from, this was not even a top 10 topic for chief information security officers to. A top 10 item this last year was, top five this year. It's the number one item for every chief information security officer on the planet.
They have to get their arms around how to understand where AI development and AI security is playing a role around the threats that are hitting them, both internally and third party. So we feel really advantaged by that. We're going through our kind of next fundraising process right now. I expect that, we'll get through that process sometime before our Headbanger ball in May which I know you've been at.
And it's going to be very exciting this year. We just announced Collective Soul is going to be the headliner, so that's very exciting. And then we're going to, hopefully raise our next round, announce that, and then put ourselves in a position where we can continue to lead in the market.
Jim Barrood: Got it. And then when you think about your competition,
Jonathan Dambrot: yeah.
Jim Barrood: Would we know what, who your competition is? Or.
Jonathan Dambrot: Yes and no. You know what's funny is a lot of my competitors that I like, we, when we spun out this, those competitors that were there have been acquired by other companies that are actually our partners.
And what's, it's fascinating to watch. We're seeing a lot of change in the AI security landscape. As different things pop up. We think about ourselves as a platform where, you know. We want to be an AI security plane where we're plugging in, again, between the IDE and the firewall, and we're really helping organizations understand that if there's something that's been built by a small startup for a point solution, and it's something that we're not going to develop, we just pull it in.
So like we'll pull in things that are to the right of us where they may have things in runtime that they need to be able to see. We're integrating those. Now, there may be things to the left of us on the development side where we need to plug into those, and we've done that for these enterprises. So we sit squarely as that kind of platform for AI security professionals.
And that's been really helpful because, again, we're, we enable organizations at the, to keep pace and we'd, if something is. Meaningful enough and it fits our thesis, we'll build it and we'll go fast there. If it's something that somebody's already built and we need to pull it in, we'll pull it in.
Jim Barrood: And what is the vision five years from now for the company? I know you're going to become a unicorn at some point. You can make a prediction or not. That's up to you. Do you want to go public or any sense for, you've been through this before, so what's your. I'm really curious to see your vision, how you think about it now.
I'm sure it could change.
Jonathan Dambrot: No, I was just talking to somebody about this the other day, about going public, jim, I don't know, maybe 10 years ago, 15 years ago, going public was like, you get to a hundred million, you're growing 20 50% or a hundred percent like that, you're on a trajectory to go public.
Today, it's going to be like 500 million or more. You have to be profitable. You've going to be growing 20% like. I think very few AI and technology companies are going to go public. There's just too much money in the private marketplace. And there's, just still a ton of m and a activity. I, it's hard for me to gauge that five years, like the last three years in AI time, I feel it's even more than dog years.
It's 10 years instead of seven years, right? I've been at this for 30 years and I still have my hair, right? I think five years it's going to be insane. I was with Peter Diand, like listening to Peter Diamandis at A-K-P-M-G event, and he was talking about like the rise of robots, in, in the home.
Our whole life is going to change. The fortunate part for us is as we look forward, everybody's going to be developing software and we think about this meaningfully where. Applications are going to change. We're really good at understanding that. What are the threats? How do we surround them? So I think we're going to again, be part of that reference architecture regardless if it's now five years from now and we you, it will require AI to secure ai and we want to continue to build.
Those market leading capabilities. It's really hard though. If we start getting that escape velocity, yeah, I would love to go public, but I that, I think very few companies are going to continue to go pub. We've already seen it, right? You've seen a reduction in the number of companies going public by 90% since 1995, something like that, right?
Jim Barrood: Yeah, no, absolutely. So you are well positioned it seems because there's been a lot of disruption in this space too, right? A lot of, start AI startups are disrupted by the big LLMs. It just adds a feature and they're gone. Or they, or there's just too many me toos. But you seem to be at that epicenter of security.
Something that's not as disruptable because you have good market share. Is that where you're at?
Jonathan Dambrot: I think this whole episode with anthropic is fascinating recently. So here you have a company that is embedded broadly in the government. One of the top frontier models we have, we use them as well.
And we have a situation where they announce Claude code security and it takes. Maybe what, a hundred billion dollars off the market caps of these really big SaaS companies and security cyber companies and others, right? Just wipes some wipes that those that down. And then what the next. Week or two weeks later.
Now they're potentially a supply chain risk where we're going to have to pull them out of the government and anyone serving the government. So think about this for a second. So we look at this landscape and the things that got us here seem to be still true. Like you need to have somebody who you have a dependency, but you need to build resiliency.
Like what happens if tomorrow you can't use the AI you're using and it's embedded in every application that you've developed. How do you think about that? That's great for us, right? Like we, we will give you visibility, we'll help you understand the threat, we'll help you remediate that threat. And then what happens if that cloud code security?
Do you really want the person securing, like building your code for you also securing your code? That doesn't seem like a great idea, right? It's never seemed like a great idea. You want kind of diversity across, the infrastructure and who's building with, who's securing, and that's always been the case.
That's like a fundamental to cybersecurity. So I don't think those things change. And I think we're learning these lessons again because of anthropic. We're going to embed this. Everybody's afraid it's going to be secure, helping secure it, and now you can't use it anymore if you serve the government.
That's really tough.
Jim Barrood: No, that, that's a really good point. Yeah. But as you see it, the SAS YPs, is that it doesn't seem to be affecting you folks at this point, but is it real for other companies? Is that something that is a trend that needs to be concerning for these other SAS companies?
Jonathan Dambrot: Going forward, I think the barrier to entry for development has. I wouldn't say it's zero because the reality is large enterprises still have requirements for the software that goes into their organizations and they still have requirements for infrastructure and security, and they still want to know that there's a group of people who really understand how to secure these architectures in place and they want to talk to that person and they want to be able to.
Poke the infrastructure and not have it be like an agent, right? But we are getting to a place where everyone's a developer, right? And everyone is going to be building these applications and they're getting way better. And we're starting to see more of that come into production, to the point where I estimate these, the total number of.
Repositories for code are going to double again this year. Double. So if you had a, if you had 5,000 in an enterprise, they're going to 10. If it's, we have some customers that have hundreds of thousands of repos. Can you imagine having a million of these things like these applications, everyone's going to be a developer, and how do you really think about getting coverage, especially if you have to put sensitive data in them, if you have to meet the obligations of EU privacy requirements.
Or state requirements, like these things still matter and people really, it's going to be hard to make sure that you know what's happening in your enterprise after all of this, after everyone's a developer. But it's going to happen. It's clearly going to happen.
Jim Barrood: Speaking of the outlook for this rest of this year, are you optimistic? Are you concerned? Some people say there's a bubble. What, how do you see it in your, privileged position as far as the the state of the AI ecosystem?
Jonathan Dambrot: Yeah, I haven't seen demand for AI infrastructure tokens things related to the development of AI systems for the enterprise.
I haven't seen a decline in any of that. So personally my view on this is that will, continue to persist as long as people are trying to integrate and innovate and these changes are happening at the pace they're happening. I just don't see it. And I think to remain competitive in this environment, you've going to be running that fast with these exponential technologies because again, we're going to get to a point where either the cost basis.
Is so different that you can't afford not to, and you're starting to see some of these AI related layoffs, I think. We'll see a reversal in that over time as the jobs become more apparent like Jim, like when I was in college, you saw people trans, transitioning from an a non-internet to an internet based economy that was hard and you saw layoffs and then you saw the new jobs and that can't, we're in that period, that four to five year period of transition.
But I am very hopeful. I see where, at least for what we do and where we play, there's absolute demand. Every organization is struggling with understanding these changes in their own environments. And so I'm very bullish on our space. And I think those that are going to, not if they don't get on the bandwagon again with competitively, not only economically but competitively, you're just not going to be able to keep up in almost every industry unless you're using the technology.
Jim Barrood: And that, so you, what you're saying is as far as jobs, obviously we're going through a difficult period, but you're optimistic that there will be different new jobs and it will even out, or are we. For, I know you can't forecast the future, but what's your gut say,
Jonathan Dambrot: oh no, we're going to, the type of job is going to be different.
In the past you wouldn't have hired a college student that didn't have programming skills. They, that's what the demand was. You wouldn't hire a college student today if they didn't have ai. Skills or had the ability to run age agentic coding, or thought about like, how do you use these?
So the reality is no. I think I'm very bullish on this. It's like any other major technology shift. I think the jobs will change Peop. Organizations will either upskill their teams or they're going to have to find people with these native skills, which today is not as high as it should be because we're just in the middle of this trans transformation.
But ultimately, yes it'll balance out and probably in include more people in the economy over time because of just the nature of these technologies and what people need to do. The problem sets will get bigger. Think about a person who has access to 500 agents that they're able to orchestrate and the power of what they can do versus today, right?
It's just, those are the types of things that I think become reality. Where they can run 24 7. Now, that's great. For some people, that's terrible. For some people think like hearing that going, oh my God, that's I don't even want to think about that. But those are the realities I think of what we're going to see in the next few years.
Jim Barrood: Yeah. Good. That's good to hear though, that positivity. So this has been a great conversation Jonathan we usually do adjust one thing. So tell us if there are tips for entrepreneurs and innovators what's one prediction for AI in this year? 2026.
Jonathan Dambrot: Yeah. This year everyone is becoming a developer.
I, if you haven't used these technologies and used these to solve your own problems or those of your organization, you will. And I foresee that people will start picking them up, trying to figure out, oh, I have this problem. I want to see if I can solve it. And they'll be amazed at the power of these capabilities and how far they've come over, even over the last year.
And they'll start to use them meaningfully in solving both personal problems and corporate challenges. It's like when you first picked up Excel. It's oh my gosh, this is incredible. It's going to be that realization and I think we're going to see that hit this year, and then next year and the year after it's going to be how do we look at ag agentic orchestration, how, what is my job and how do I now use all these and actually get the type of leverage that I think people expect?
Jim Barrood: Got it. What about for AI ventures or AI powered ventures raising money now? I know you're in the thick of it. What's one tip for entrepreneurs who are trying to raise money?
Jonathan Dambrot: Look, it's a no better time to start a business. If you are an entrepreneur at heart and you have a great idea and you're solving a big problem and you want to go after it, now you have the capabilities and tools of AI to go support it.
It's, it's obviously changing so fast. So what, you have to be able to, continue to keep up with that. And that's where AI is both helpful and potentially harmful to your business. And you need to be able to go through those punches. And I think investors want people who understand how to do that, have done it.
If you're looking, if you're coming outta college, you want to start a new business, there's no better time. Go do it. Failure rates are always going to be failure rate. If you have a great idea you really, today is no better time. Remember when the cloud hit Jim, like the cost of starting a business went from $200,000 to like $50,000. It was like amazing. Today with ai, you stand up a cloud code and a cloud infrastructure, you could start an AI company and really do it. That's great. The barrier's lower, but the fundamentals are still going to be the same. You going to go sell customers, you going to be able to manage and run a business, keep people and so all of those are build a great culture.
Jim Barrood: Great advice. We usually end our conversation, Jonathan, with a poem or a quote or a saying. What do you want to share with us?
Jonathan Dambrot: Yeah, so one of my favorite books is Man's Search for Meaning and Viktor Frankl. That stands out in my mind. And he had a quote in here, it wasn't his, but he references Nietzsche who says he who has a why to live a live for can bear with almost any how.
And what that really stands out in my mind is if you find the thing that you're trying, that you're working on as meaningful, nothing can stop you. Nothing will stop you. You'll be able to, you have the grit to get through it. If you don't have that why? For unfortunately, that's when. You're unsuccessful because you're not willing to do whatever it takes and get through it.
So I, I've always, I always find the things that I want to do as super meaningful. Like you, Jim, you probably know people right. That, that make a ton of money and just to still just terribly miserable. Like I didn't, I don't get that right. Those people who are going to be successful and happy are going to do the things that are going to bring them.
That meaning regardless of anything else. Those people like, see, know some people that don't make anything. They work in. Charities and they're the happiest people you ever met. So it's going to be meaningful and that really stands out to me.
Jim Barrood: That's a great way to end.
