Security teams can respond 80% faster to events with Cyberhaven’s AI-powered data lineage tools

Enterprise workers are eager to take advantage of AI tools — whether their employer likes it or not. This unapproved use, what’s known as shadow AI, is increasing dramatically: As much as 96% of the work employees do with AI is through non-corporate accounts. Whether done inadvertently or maliciously, this can leak an enterprise’s highly sensitive and proprietary data. 

Security platform Cyberhaven says it can solve this problem by tracking data lineage, or data lifecycles across different users and endpoints. The company has specific large lineage models (LLiMs) for this task, and today is announcing Linea AI, the next generation of it platform intended to help stop shadow AI and predict what flagged incidents may be most dangerous. 

“It manifests itself in this form of lineage: You understand where data is coming from, who has had access to it, across all the different endpoints, across all your users,” Nishant Doshi, Cyberhaven’s chief product and development officer, told VentureBeat in an exclusive interview. 

90% reduction in incidents requiring manual review

According to Cyberhaven’s analysis of the workflows of 3 million workers, AI usage grew 485% between March 2023 and March 2024, and employees are increasingly sharing sensitive data: Nearly 83% of legal documents and around 50% of source code, research and development materials and HR and employee records that employees share with AI are going to non-corporate AI accounts. 

To help prevent this unsanctioned use and protect sensitive company data, Linea AI uses an LLiM trained on billions of real enterprise data flows. Equipped with computer vision and multi-modal AI, it is able to analyze data from images, screenshots, technical diagrams and other materials. A new “Let Linea AI Decide” feature now autonomously assesses policy violations and gauges incident severity to help cut down security operations center (SOC) alert fatigue. 

“So just like the large language model (LLM) which is predicting the next word, we’re predicting what the next actions are going to be,” Doshi explained. 

Cyberhaven claims that, as a result, customers are seeing a 90% reduction in incidents requiring manual review, and an 80% drop in mean time to respond (MTTR) to security incidents related to data security. The company’s tools are able to discover 50-plus critical risks per month not detected by traditional tools. 

“Cyberhaven shows us exactly how our data moves and is used across the organization, giving us visibility not found with traditional security tools,” said Prabhath Karanth, CSO and CIO of family financial app Greenlight. “Now we have a single platform that not only covers traditional data loss prevention (DLP) and insider risk management but actually understands how people use data across our entire organization.” 

Doshi explained that, whereas traditional approaches have focused on pattern matching — identifying network and data patterns to detect anomalies and vulnerabilities — Cyberhaven performs content and context inspection. That is, its platform examines data and provides context around it based on lineage traces. 

“So if you download something, you send it to me, I send it to another five people, they send it to another five people — that’s lineage,” Doshi explained. 

How Cyberhaven protects enterprises’ most valuable data with AI

Cyberhaven’s offering is powered by frontier AI models and a transformer neural network architecture. It uses a multi-stage retrieval-augmented generation (RAG) engine to fine-tune its LLiM to analyze an enterprise’s most valuable data and “get to the needle in the haystack,” said Doshi. 

The platform performs intelligent screenshot analysis, which has been a “persistent blind spot” in data security, said Aaron Arkeen, senior security engineer at earned wage access platform DailyPay.

So, for instance, say a security team wants to prevent screenshots from leaving the company — there could be thousands, and they have to go through each one to determine whether it’s a harmless cat meme or a screenshot containing product schematics. 

“It’s hard to detect, let alone prevent, the exfiltration of engineering designs, AI models, research data, product roadmaps,” said Arkeen.

Keeping tabs on users

Cyberhaven is now taking cybersecurity a step beyond detection with its new autonomous, AI-powered Let Linea Decide feature that sifts through data and user logs to help security teams understand incident severity. The platform understands screenshots, PDFs, source code and other digital materials and can provide context based on data lineage, Doshi explained. It can then discern whether a specific incident needs to be looked at by human analysts.

“We’re trying to predict the next action based on all the historical knowledge that we’ve got: This is an anomalous event, or this is a benign event,” said Doshi. “We call that data comprehension, because you really are looking at the data and understanding that data in-depth.” 

Arkeen explained that when it comes to insider risk, security teams perform enhanced monitoring to create flows of information about specific users that have been flagged as heightened risk (based on any number of factors).  

“Let’s say I put enhancement on you, you were busy this day, 150 events were generated,” he said. “I would have to go through each one of those manually, determine ‘This is business as usual.’ ‘This one looks a little suspicious.’ ‘This one looks really suspicious.’ And I still have other ones to go through after that. What Linea AI is able to do is pick out the ones that are of suspicious nature or require further analysis, and I’m able to save all that time.”

For instance, the platform has been able to detect users sending data to their personal OneDrive accounts or syncing sensitive files to iCloud, said Doshi. A malicious step beyond that is employees leaving a company and attempting to take sensitive data with them. 

“We can in real time prevent users or a set of users from uploading sensitive data to these public LLMs,” said Doshi. “We can warn them and also educate them” when they’re doing something inadvertently or naively. 

DailyPay, for its part, has been able to reduce MTTR by 65% because Linea provides a digestible AI summary, said Arkeen. Typical data loss prevention (DLP) tools require a lot of personnel resources to gain that kind of visibility. 

He looked into other DLP providers including NetSkope, Dtex Systems and Next DLP, but ultimately settled on Cyberhaven because of its data lineage strategy. It was unlike anything he’d seen in the industry, he said. 

“It saves us a lot of time on escalation and triaging and also prevention,” said Arkeen. “Linea AI consistently identifies nuanced risks that traditional systems will absolutely miss.”