"We want to specifically understand the vulnerabilities that are caused by the adoption of AI and AI agents in different applications, and then solve those vulnerabilities," says Nair. "The Hertz Community has been key for Multifactor's trajectory, and this new support helps us keep developing our open-source technologies."
The Entrepreneurial Initiative
Since 2012, the Harold Newman and David Galas Entrepreneurial Initiative has provided financial and professional support to Hertz Fellows who propose innovative entrepreneurial projects. A panel of experts judges the projects, and one or two are selected each year to receive support. The Initiative recognizes honorary Hertz Fellow Harold Newman, a former member of the Hertz Foundation board of directors, as well as David Galas, a Hertz Fellow and chairman of the board. For each selected Hertz Fellow, the Initiative provides up to $25,000 in funding, as well as mentoring and feedback from others within the Hertz Community.
Nair’s Path to Cybersecurity
Nair has been studying cybersecurity since high school, when he launched several startups and began working for a healthcare tech startup in Singapore to address the issue of keeping patients' sensitive health data safe. As a Hertz Fellow at UC Berkeley, he later completed a PhD in computer science and developed new cryptographic methods. He also worked for the CIA, applying his expertise to national cybersecurity challenges.
AI Agent Vulnerabilities
Today, he is focused on how AI agents open new windows into people's data. He points toward a recent demonstration by security researchers showing how to hijack Google's AI bot, Gemini, with a poisoned Google Calendar invitation. Even if a user doesn't open the calendar invitation, Gemini accesses it. It follows its instructions on controlling devices associated with Google, potentially leading to breaches such as unlocking linked doors in someone's home.
"Instead of tricking a person to do something they're not supposed to, like open an email, you're tricking an AI agent," Nair explains.
Multifactor’s Approach
Multifactor, co-founded by Nair and mathematician and cryptographer Colin Roberts, has already developed cryptographic techniques that protect against these vulnerabilities. Their products enable AI agents to log into systems and accounts without ever storing credentials in plain text, ensuring that an AI agent has only the authorization it needs for the exact tools and features it requires. They have also developed a method to collect extremely detailed logs of the actions an AI agent carries out.
"Right now, a lot of companies are trying to fit the conventional human security model to AI agents," says Nair. "They are forcing AI agents to interact with systems in the same way a person does, but this leads to a lot of vulnerabilities. We're building solutions that enable the exact same functionality, just without the security risk."
Adoption and Future Plans
Already, Multifactor has partnered with several large companies that want to ensure their AI workflows are secured. They are also unveiling a waitlist for a more consumer-oriented security platform. The technology, acting like an advanced password manager, would allow people to grant AI agents, such as ChatGPT or Claude, access to specific data from other accounts without requiring direct access to passwords.
"This is a cool way that we hope everyday users of AI can take advantage of our platform to make their day-to-day lives easier and safer," says Nair.
Alignment with the Hertz Mission
Nair says that the mission of Multifactor, a public benefit company making most of its technologies open-source, aligns closely with the Hertz Foundation's mission. Many of his early angel investors and backers have been Hertz Fellows, and his connections through Hertz have significantly influenced the development of his ideas into Multifactor. Hertz Fellows, including Philip Welkhoff and his wife Martina, Judy Savitskaya, and Max Kleiman-Weiner, have been integral to his success, he says.
The Next Pillar of Cybersecurity
"Cybersecurity is often broken down into pillars, identity security, web security, and network security. Sometimes you see technology creating new pillars, like the emergence of cloud security. We think agentic AI security is the next pillar of cybersecurity and we want to be the company that defines it," Nair says. "Readers can be amongst the first to experience this technology for themselves by joining the waitlist at multifactor.com."