With AI in its toolbox, the Bulgarian Kikimora.io readies to conquer a market worth hundreds of billions of euros

Do you remember T-1000, the shape-shifting assassin robot from the second instalment of the Terminator sci-fi films? It could transform and quickly adapt to different situations in order to approach its target and kill it. Now imagine that something like this - although far from this scary scenario - is already happening, at least when it comes to the transformational part for the purpose of a successful... cyberattack.

No, this article will not deal with the natural fear of the unknown future and the smart technologies that will populate it alongside humans. However, it will draw attention to the real uses of artificial intelligence in the present time, and even more so to its uses to do good. In addition to its potential to save a lot of unnecessary expenses and headaches.

Artificial intelligence has opened up new possibilities, as almost anyone can now discover how to infiltrate a platform with a few questions and break through a company's defences. Accordingly, we also observe more attacks. But that's not all," commented Krasimir Kotsev, founder and CEO of the information security outfit SoCyber and the newly founded Kikimora.io.

He gives an example of current cyberattacks based on social engineering through AI phishing/voice impersonation/voice theft and deep fake (stealing another person's image). Senior political figures have already become their victims, but potentially anyone can fall under their blows.

Apart from that, malware has also started to massively change and adapt in real-time using artificial intelligence, thereby preventing security systems from detecting anomalies in the software code," says Krasimir Kotsev.

It is here that the analogy with the Terminator movie can be made. Malicious code based on artificial intelligence also works on the principle of the already mentioned transformation of the robot - "it just changes its source code independently and extremely quickly," the cyber security expert points out. Damages to an attacked organization can run into the hundreds of thousands of euros, if not more.

The good news is that cybersecurity companies are also using artificial intelligence to build defences against cyberattacks. Krasimir Kotsev's team already has such a product in its toolbox - the Kikimora.io platform. The great news is the successful attraction of funding of nearly 1 million euros, with which the startup will develop its innovative service.

Last year, when the company announced its product and announced the first 150,000 euros raised, it signalled that it was already looking for additional funding. Back then, the hope was to attract around 450 thousand euros of fresh capital. The fact that the investment goal has been met twice now signals the potential of Kikimora.io.

What attracted the investors?

On the one hand, there is the cybersecurity market, which is expected to reach $400 billion by 2030. On the other, the apparent interest towards companies developing artificial intelligence over the past year cannot be ignored.

We are creating a product that will not only change the way vulnerabilities are managed, but through the use of artificial intelligence, it will create a new system for prioritizing and measuring critical vulnerabilities. This will practically show the risk facing each organization in the context of their business logic, infrastructure and security level," explains Krasimir Kotsev.

He and his team believe that the approach to security needs to change from a "one-size-fits-all pill" to a risk-based approach, where the risk assessment of a vulnerability or security issue is based on several key vectors:

1. Threat intelligence data, or who and how often would be motivated to hack the given organization, how much this vulnerability is actively attacked in the industry and with what success.
2. The affected system’s priority from the point of view of the user company – the same vulnerability would have a radically different impact, depending on whether it affects, for example, an organization's ERP system or a laptop in the administrative office.
3. The level of protection and exposure of the respective system and the way threats relate to the already applied security measures.

“Thus, if we take an energy company as an example, where the number of vulnerabilities could easily reach tens of thousands, our smart Kikimora would narrow the focus to just a few dozen vulnerabilities that could actually harm the company. In this way, a company would save huge costs for operational data analysis and reduce the time to fix problems by several times.

At the moment, the interest in the cybersecurity industry is very high, partially also due to the introduction of new regulations and laws in the field (NIS 2, The Cybersecurity Act, PSD3, GDPR, HIPAA, DSA, etc.) that will oblige businesses to take better care of their information security.

I think this is also a huge motive for more investors to express their desire to join this investment round", says Krasimir Kotsev.

Kikimora saves the business money

At the moment, Kikimora.io is in its most basic version or so-called MVP, but even so, it manages to solve problems for companies. Current customers report that not only do they have a better overview of their vulnerabilities, but they can easily and quickly make decisions about which vulnerability to start with and how to better prioritize their resources.

Our larger customers are already using it to its full capacity, and their saved costs are in the tens of thousands," says Krasimir Kotsev.

Kikimora’s main client target are companies with over 500 employees, which host systems, data storage and various applications for internal use. These are mostly software companies, energy companies, and those working in the healthcare, IT, financial and fintech services, and transport sectors.

The company is already developing functionalities that will make the platform suitable for smaller companies as well. Such functionality is Integrated Consulting, a tool which allows one to check the security of individual smaller components of a given application or infrastructure in only a few hours, without the need to do a comprehensive security audit, Penetration Test or Vulnerability Scan of the company.

Soon the platform will be completely based on artificial intelligence, which will allow for an even faster and optimal process."

To date, Kikimora generates revenue from several clients on a subscription basis (subscriptions range between $159 and $740). Revenues for 2024 are expected to exceed EUR 175,000, and in the next 5 years, the forecast is for rapid growth and going over EUR 9 million in terms of revenues, reaching a CAGR of 166% for the period.

How will this happen?

The raised funding of 1 million euros will help to improve the Kikimora.io platform, expand the international presence and invest in the development of artificial intelligence. The funds will also be directed to strengthening the brand and establishing its position in the market.

A priority market for the company is Great Britain, known for its national policy in the field of cyber security and its ambition to be a leader in the sector. The country is also a good springboard for business across the Atlantic.

“Given that two of our main markets are the financial industry and critical infrastructure, we consider the UK as a good potential market. Germany and Bulgaria will also be markets in which we want to develop, but there we will target smaller organizations specialized in software development," explains Krasimir Kotsev.

According to him, Bulgaria remains a key market, especially for SoCyber's consulting activities.

We are firmly determined to position Bulgaria as a leader in cyber security services and make companies fully aware of the criticality of digital security."

Currently, the company's entire team is about 15 people, half of whom work on the Kikimora.io project. At the beginning of 2024, 6 new positions will be opened - both engineering and business development and sales.

“Building AI requires resources – such as investing in the right employees. It is still hard to find experts who can build algorithms for the purpose of machine learning (data scientists), and additionally, when you create artificial intelligence, you not only have to build the algorithm but also train it with a lot of data. This requires time and additional resources. Much of the data needs to be purchased from external sources. Apart from the topic of artificial intelligence, a large part of the expenditures are linked to the actual writing of the software code."

Once it fulfils its goals, the company plans a new financing round hoping to generate 4-5 million euros, but it is still early days. The option of public trading of the company is also being considered - on the BEAM market of the Bulgarian Stock Exchange, but "we are exploring options on the Frankfurt and London stock exchanges".

Precisely in view of the expected additional investments in the future, the company has already undertaken a strategic corporate restructuring. In December 2023, Kikimora.io and SoCyber transformed into a joint-stock company and a subsidiary, respectively – the former is more of a software company, while the latter will continue to develop into a consulting business.

Kikimora.io is a product with high added value and given that we expect additional investments in the future, and in view of the potential for a public offering and sale of shares, the restructuring into a joint-stock company is more appropriate and will allow easier financial presentation, creation and managing budgets, including better management of our marketing, branding and merchandising."

Founded in 2018 by network security expert Krasimir Kotsev, SoCyber, the company that developed the Kikimora.io software, closed its first investment round in April 2022 with funding from IMPETUS Capital. The 75,000 euros raised gave an initial boost to its new software and the company's strategic expansion to international markets, including the USA, the UK and Germany.

The lead investor in the second round is Vitosha Venture Partners. According to them, Kikimora.io is well-positioned to capitalize on the fast-growing cybersecurity market, expected to reach $400 billion by 2030. Kamen Bankovski of Vitosha Venture Partners highlights the team's significant experience and understanding of cybersecurity issues.

IMPETUS Capital invested an additional 200 thousand euros and continues to support the company since it offers an effective solution for cybersecurity analysis and vulnerability management. Viktor Manev, co-founder of IMPETUS Capital, emphasizes the need for quick and efficient analysis without unnecessary costs for companies.

Through Seedblink, Kikimora.io raised an additional 103 thousand euros from angel investors, such as Iva Tasheva and Boycho Boychev, who together contributed a total of 80 thousand euros.