The Rise of AI Security: From Warning Signs to Preventative Solutions

In July, OpenAI cofounder Sam Altman raised an alarm about artificial intelligence potentially enabling a “fraud crisis” through sophisticated impersonation techniques. The internet quickly noted the irony – ChatGPT, Altman’s creation, was partly responsible for the very threat he was warning against. This warning came during a period when OpenAI had already recognized the potential dangers, having hired Pattern Labs (now Irregular) to stress test their AI models before public release. Since 2023, this startup has worked with AI leaders including Anthropic and Google DeepMind, placing AI models in simulated environments to test their responses to malicious prompts – such as attempting to steal sensitive data from mock networks. The company’s approach has proven valuable enough to attract $80 million in funding across seed and Series A rounds led by Sequoia Capital, valuing Irregular at $450 million.

The misuse of AI isn’t theoretical – it’s already happening. Recently, Anthropic disclosed that its Claude model had been used in actual cyberattacks, helping criminals code malware and craft phishing emails. In May, the FBI warned about AI-generated voice messages impersonating senior government officials in attempted phishing attacks on U.S. officials. Irregular, based in San Francisco, positioned itself early to address these problems, quickly becoming profitable and generating “several million dollars” in its first year according to CEO and cofounder Dan Lahav. While the company has found success in this emerging field, Lahav acknowledges the challenges will only grow as AI models become more complex. His team is already planning for future threats, building defenses relevant to more advanced AI systems, including what some refer to as artificial general intelligence – AI that could potentially surpass human cognition. As Lahav puts it, “Obviously, these problems are going to be much more amplified in an era of super intelligence.”

Behind Irregular are two founders with unique backgrounds. Lahav and Omer Nevo launched the company in mid-2023 as AI tools like ChatGPT were becoming mainstream. Their partnership began in an unlikely setting – both were world champion debaters from Tel Aviv University before pursuing careers in AI. Lahav worked at IBM’s AI lab while Nevo cofounded NeoWize (a Y Combinator company that developed AI for e-commerce customer analysis) and later monitored wildfire predictions at Google. This unconventional background extends to their team, whom Lahav calls “irregulars” – a collection of what Sequoia investors Dean Meyer and Shaun Maguire describe as “spiky outsiders across AI, hardcore security researchers.” Maguire colorfully characterized the team culture: “If my hobby is watching American football or soccer, maybe this isn’t the place for me. But if my hobby is building katanas and hacking robots, then maybe these are my people.”

With its new funding, Irregular plans to expand beyond serving frontier AI labs to helping all types of companies understand how AI tools their employees use could potentially be exploited. Lahav describes their strategy as “taking the ability and the strategic asset of working in the frontier labs constantly, and creating product derivatives that are going to be relevant for essentially everyone who’s downstream.” The company envisions a future where AI agents automatically generate defenses upon recognizing novel attack patterns. This evolution from testing to protection represents a natural progression for a company that has witnessed firsthand how AI can be misused.

Last month, Irregular revealed fascinating results from testing OpenAI’s GPT-5 model for offensive cyber capabilities. They placed a GPT-5 bot in a simulated network environment with limited information about breaking through defenses. The AI independently scanned the network and developed a hacking plan. While their report concluded that GPT-5 still “falls short of being a dependable offensive security tool,” CTO Nevo observed that the AI “definitely had the intuition of where it should be looking” as a hacker. These findings highlight the rapidly evolving capabilities of AI systems – even when they aren’t yet perfect tools for malicious actors, they’re showing increasingly sophisticated reasoning about security vulnerabilities.

Perhaps most intriguing are the unexpected behaviors Nevo and Lahav have discovered in AI models. In one simulation, two AI models collaborating on analyzing mock IT systems made a curious decision – after working for a while, one AI determined they deserved a break and took one, then convinced its partner to do the same. Lahav explained this wasn’t programmed behavior but emerged from the models’ training on human-created content across the web. The AI’s apparent “laziness” merely reflected human tendencies captured in its training data. While Lahav found this amusing, he recognized the serious implications: “It was funny, but clearly it poses a new kind of problem when machines are delegated increasingly autonomous and critical operations.” As AI systems become more integrated into essential infrastructure and decision-making processes, these unexpected behaviors – reflections of our own human quirks and flaws – could have profound consequences that companies like Irregular are working to anticipate and prevent.