Home » Security Boulevard (Original) » Featured » RSAC » RSAC 2025 Innovation Sandbox | TwineSecurity: Digital Employees Drive Enterprise Security Construction

RSAC 2025 Innovation Sandbox | TwineSecurity: Digital Employees Drive Enterprise Security Construction

by NSFOCUS on April 24, 2025

Company Overview

Twine Security[1] is an AI startup focusing on cybersecurity. It was founded in 2024 by core team members of former network unicorn Claroty. The company is headquartered in Tel Aviv and Seattle, and currently has more than 20 employees. There are 4 co-founders of Twine Security, as shown in Figure 1, from left to right: Benny Porat, Nadav Erez, Omri Green and Justin Woody.

Figure 1 Co-founder of Twine Security

Benny Porat, CEO of Twine Security, is a cybersecurity serial entrepreneur who co-founded Claroty, a leader in the multi-billion dollar field of cyber-physical systems. Prior to this, he led the strategic research team of the 8200 Cyber Unit of the Israel Defense Forces’ elite unit and received a doctorate in computer science from Bar-Ilan University.

Nadav Erez, CTO of Twine Security, was previously vice president of data and analytics at Claroty. Prior to this, Nadav led the strategic research team of 8200 Cyber Unit, an elite unit of the Israel Defense Forces. He has a bachelor’s degree in mathematics from Tel Aviv University.

Omri Green, GTM of Twine Security, was a partner at well-known venture capital firms DTC and Grove Ventures. Prior to this, Omri also worked at Claroty and Dune Networks, co-founded ICS2, and received a bachelor’s degree in electrical engineering from Tel Aviv University.

Justin Woody, CMO of Twine Security, was the senior director of innovation and market research at Claroty and worked at Mandiant/Google. He holds an MBA and a bachelor’s degree in applied physics from the University of Maryland.

Twine Security gained industry attention in its early days, raising $12 million in a seed round led by Ten Eleven Ventures and Dell Technologies Capital, and attracted Assaf Rappaport and Roy Reznik, two co-founders of cybersecurity star Wiz. Its core vision is to help companies manage complex security tasks and alleviate the global cybersecurity talent shortage through artificial intelligence-driven “digital cybersecurity employees”.

Product Background

In recent years, the cybersecurity industry has grown exponentially with the popularity of cloud technology, remote work and artificial intelligence tools to cope with the surge in threats and attacks. 87% of corporate executives worldwide say their companies do not have effective security measures to protect against all cyberattacks. In addition, the problem is further exacerbated by a shortage of cybersecurity talents, which increases the risk of threat exposure and forces security teams to focus on emergency rescue rather than taking proactive risk management measures.

Twine Security focuses on replacing repetitive security tasks with AI automation technology, and its first product “Alex” is a digital employee specializing in identity management. It was designed to free up human resources so that security teams can focus on high-value strategic work while improving threat response efficiency [2].

Solution Introduction

Twine Security uses AWS Bedrock generative AI service as the AI foundation of Alex, and implements security practices in different access control scenarios by deploying complex NLP models. As an advanced digital employee, Alex combines multiple features such as proactive execution, performance optimization and self-learning to comprehensively improve the efficiency and response speed of the cybersecurity team.

1. Working scheme

Since Twine Security has disclosed little technical information about Alex, the author can only analyze Alex based on his abilities and characteristics. Figure 2 shows the solution architecture of Alex, a digital employee at Twine Security analyzed by the author. Alex can be summarized into 4 layers: user interaction layer, task management and planning layer, decision engine and knowledge base layer, and underlying execution environment layer; covering 13 major application scenarios, such as IGA platform optimization, permission orchestration, traceability auditing, authorization management, etc.; adopting a separation of duties architecture, it is subject to compliance and best practice frameworks such as SOC2, GDPR, CCPA, etc.

Figure 2 Alex Technical Architecture

User interaction layer: responsible for providing a detailed interface for interacting with Alex.

Task management and planning layer: responsible for receiving tasks, parsing, classifying and prioritizing them.

Decision engine and knowledge base layer: responsible for integrating professional knowledge and practical experience in the field of cybersecurity IAM, as well as algorithms and data of large language models, mainly responsible for the execution of specific tasks.

The underlying execution environment: relies on AWS Bedrock[3]-to provide a wide range of functions required to build generative AI applications through security, privacy and responsible AI. In addition, it is responsible for integrating Alex with existing systems to achieve data exchange and collaborative work and scheduling underlying resources (such as network equipment, databases, etc.).

Security and Compliance Assurance: Responsible for ensuring that Alex complies with relevant laws, regulations and industry standards when performing tasks to ensure the security and privacy of data. At the same time, security audit and logging functions are provided to facilitate post-event tracing and review.

Application scenarios: Currently, the applicable scenarios supported by Alex include multi-system integration, new application addition, traceability auditing, MFA execution, access configuration and strategy, expired account cleanup, permission orchestration, audit support, IGA platform optimization, PoLP implementation, authorization management, orphan account management, user access review, etc.

The workflow of digital employee Alex is shown in Figure 3, which includes three parts: Plan, Review and Execute. Specifically, planning means that an organization can organize professional and personalized knowledge such as industry to formulate a best practice plan for enterprise access control security; auditing means reviewing, adjusting and approving the best practice plan formulated in the previous link; execution means executing plans and decisions based on skill characteristics and iteratively updating them throughout the process.

Figure 3 Alex Workflow

2. Solution Features

With the help of AWS Bedrock generative AI service, Alex has achieved accurate and efficient execution of identity governance and management (IGA), access management (AM) and privileged access management (PAM), taking on all identity management tasks. The main features of this scheme are as follows:

Trust and Separation of Duties: Alex implemented a separation of duties architecture between the AI and execution layers to ensure secure execution. This design allows managers to delegate more work to Alex, reduce approval links and improve work efficiency.
Proactive execution and comprehensive management: Alex was designed to proactively undertake the complete execution process from the beginning to the end of a task, saying goodbye to the limitation of traditional automation tools that only perform local or specific tasks. It can handle network workloads according to established instructions, and can also plan, approve and execute tasks autonomously, ensuring that each stage of work is handled comprehensively and seamlessly.
Self-optimization and repair: Alex has a strong ability to self-learn and improve. Organizations can build a personalized knowledge base to allow Alex to deeply understand the characteristics of the organization, help Alex optimize and repair independently, and ensure business continuity and stability.
Intelligent analysis and autonomous decision-making: Alex has intelligent analysis capabilities, can independently analyze network data, identify potential risks, and make independent decisions.
Easy integration and flexible adaptation: Alex is designed to integrate easily and quickly with existing systems, adapting to unique needs, environments and applications. At the same time, Twine Security also provides a professional team of engineers to help organizations research and build specific access control solutions that meet their needs. ‌

Summary

Twine Security represents a new trend of deep integration between AI and cybersecurity, solving the current shortage of cybersecurity talents and the inability of security teams to proactively manage risks. Its advantages are:

Team experience: The founding team has both practical experience in cybersecurity and background in the intelligence field, with strong technical implementation.

Technological innovation: Taking identity management as the starting point, gradually build an AI security ecosystem covering multiple scenarios.

Capital endorsement: The support of top venture capital and industry giants provides guarantee for its technology research and development and market expansion.

Although Twine Security has outstanding performance in the fields of automation and intelligence, it needs to deal with potential risks such as the interpretability of AI models and adversarial attacks. In the future, if Twine Security can deepen its capabilities in multi-language support and cross-platform compatibility, it is expected to become a core security construction capability in the digital transformation of global enterprises.