This Week in Startups - Next Unicorns: Preventing future fraud using AI with Sardine CEO Soups Ranjan | E1802
Episode Date: September 5, 2023This Week in Startups is brought to you by… LinkSquares. Life for in-house legal just got a whole lot easier. From contract creation to execution and more, LinkSquares is the go-to for all your lega...l needs. Learn more at https://linksquares.com/twist LinkedIn Marketing. To redeem a $100 LinkedIn ad credit and launch your first campaign, go to https://LinkedIn.com/nextunicorn Roots. Invest in the only real estate investment trust that creates wealth for you and its residents at https://investwithroots.com/twist * Today’s show: Sardine CEO and Co-Founder Soups Ranjan joins Jason to discuss the potential harms of generative AI re: fraud (9:53), the value of intrinsic AI (29:48), Sardine's fraud-prevention solution (26:02), and much more! * Time stamps: (0:00) Sardine CEO Soups Ranjan joins Jason (6:11) What Soups learned from his time as Coinbase’s director of risk management and data science (8:36) LinkSquares - The go-to for all your legal needs. Learn more at https://linksquares.com/twist (9:53) Fraud in finance and spotting bad actors (15:03) “Pig Butchering” scams and Kitboga’s crackdown (24:35) LinkedIn Marketing - Get a $100 LinkedIn ad credit at https://linkedin.com/nextunicorn (26:02) Using machine learning to prevent future fraud (29:48) Extrinsic AI vs. intrinsic AI and doomsday scenarios (33:53) What sets Sardine apart from other companies (35:19) Roots - Head to https://investwithroots.com/TWIST to sign up and start investing today! (36:53) Overlap in techniques, actors, etc. in fraud protection * Check out Sardine: https://www.sardine.ai/ FOLLOW Soups: https://twitter.com/soupsranjan * Read LAUNCH Fund 4 Deal Memo: https://www.launch.co/four Apply for Funding: https://www.launch.co/apply Buy ANGEL: https://www.angelthebook.com Great recent interviews: Steve Huffman, Brian Chesky, Aaron Levie, Sophia Amoruso, Reid Hoffman, Frank Slootman, Billy McFarland, PrayingForExits, Jenny Lefcourt Check out Jason’s suite of newsletters: https://substack.com/@calacanis * Follow Jason: Twitter: https://twitter.com/jason Instagram: https://www.instagram.com/jason LinkedIn: https://www.linkedin.com/in/jasoncalacanis * Follow TWiST: Substack: https://twistartups.substack.com Twitter: https://twitter.com/TWiStartups YouTube: https://www.youtube.com/thisweekin * Subscribe to the Founder University Podcast: https://www.founder.university/podcast
Transcript
Discussion (0)
So fraudsters, you know, as they use AI, we are using AI as well.
So we think that the future of identity verification online is actually a battle of box.
Extrinsic AI versus intrinsic.
This weekend startups is brought to you by Link Squares.
Life for in-house legal just got a whole lot easier.
From contract creation to execution and more, Link Squares is the go-to for all your legal needs.
Learn more at link squares.com slash twist.
LinkedIn marketing.
To redeem a free $100 LinkedIn ad credit and launch your first campaign, go to LinkedIn.com
slash next unicorn.
And Roots.
Invest in the only real estate investment trust that creates wealth for you and its
residents at invest with roots.com slash twist.
Hey, everybody, welcome back to this week in startups.
It's our next unicorns series.
If you don't know about the unicorn series,
go to this week in startups.com slash unicorns.
And what you'll find is all the companies that we have on
when they're growing fast and they figured something out
and they got product market fit,
you have a pretty good eye and a pretty good track record
for figuring out when those companies are going to get to that coveted unicorn status,
which means absolutely nothing.
All that matters is your customers,
but hey, we use this term unicorn, it's good branding,
everybody loves it. It's a milestone. But, you know, typically when a company hits that unicorn status,
it's because you're doing something very important in the world. Now, AI, it's empowering people.
We know that. Every day, every week, especially on Mondays with Sundeepe on this show,
we look at all the progress being made and it is extraordinary. But there's going to be downsides.
It's downstides to every technology. Look at the smartphone. Everybody gets a smartphone. Now,
nobody's sleeping. Oh, kids have anxiety, eating disorders. And so as a technologist, as somebody
who is a capital allocator in technology,
or somebody just covering technology,
I'm all three, actually.
You really need to be aware of the downsides.
Nothing's free in this world.
You know, you want to put in nuclear power.
You get the downside of nuclear weapons
or, you know, a nuclear power plant,
tragically, you know,
causing a meltdown.
So everything has its ups and downs.
Even, you know, putting in these big solar farm or wind farms,
hey, there's birds that get impacted or eyesores of, you know,
windmills.
So what is the big?
downside to AI. I've been talking about this. I got laughed, laughed off my home podcast
when I said, I think this AI is going to result in a lot of financial fraud. Think about all the
fishing and misinformation. If you train an AI to look at the data and to pick targets and to refine
its emails and its ways of trying to fish, say, a body of users, it's going to get better,
just like hackers get better, but it might get better faster. And so the company we're going to talk to
today and the founder is exactly focused on that. And this is what we call in the industry
skating to where the puck is going. I mentioned this last year during the AI revolution
and watching ChatGPT3 come out and blow everybody's mind. Well, founders have been working on this
issue and anticipating it for even longer. This is why founders are such a precious and important
resource in the world. Founders think about the future. They skate to where the puck is going. They
They invest, and this is why capital allocators are important, they invest capital allocators
money knowing that 70, 80, 90% of the dollars will go to zero.
They'll be wiped out as we try to predict the future and build products and services to delight
and protect and entertain customers, customers known as human beings on planet Earth.
Fraud, gosh, it's one of the biggest issues.
And there's a certain amount of fraud that's acceptable in every ecosystem.
And our job is to keep it to that acceptable level.
I don't think any of us expects that there's not going to be some amount of
of piracy, some amount of shoplifting, some amount of credit card fraud, or even online fraud.
So Sardine is the name of the company we're going to talk to today.
They were founded in 2020 to try to identify and stop bad actors.
Their algorithm helps customers detect fraud before it happens.
And Soups, Ranjan, is the co-founder and CEO of Sardine.
Soups, welcome to the show.
Thanks for having me, Jason.
Really excited to be here, a big fan of your show.
Thanks, pal.
I appreciate it.
Have you been watching for a long time?
Are you one of these people who watched in college and then makes me feel old?
No.
I'm getting on the older side as well.
No, I watch occasionally, yeah.
Okay, great.
I appreciate that.
I think that's the right way to watch this.
Speaking of Startups, if you're busy, if you're a young founder, every episode is essential
for you.
Now, you get busy, you should maybe scan.
We do four or five episodes a week.
You scan it.
You pick the ones that are most important, put them on a playlist and start with those, right?
I understand that we're producing a lot of content here.
Maybe you can't get through every all five hours a week,
but cherry pick the top two hours.
I think you're going to do pretty well.
I had somebody on the program, Soups, who was like,
oh, yeah, I listened to you in high school.
And I'm like, how old is he?
27.
I said, wait a second.
So I've been listening since like the 10th episode.
I said, ah, that makes sense.
So now you've got the name Soups.
How did that go in high school?
Everybody must have had 100 jokes, huh?
Yeah, well, growing up, no one actually ever called me by my first name.
It's very long.
It's supranamia.
Supernumria.
What does it mean?
It means the root word actually comes from pranam, which is really hello or namaste in Hindi.
Namasteya.
Yeah.
So it's a good hello.
Oh, I like it.
Very nice.
Yeah, yeah.
Beautiful.
So then somebody gave you the nickname soups, your mom, your dad, your siblings, who gave it to you?
Oh, no, no, not my parents.
My undergrad friends, they did.
It's a great nickname.
Great nickname.
Totally.
And in India,
growing up,
it's very common
to just go by your last name.
So all my growing up years,
I went just by my last name,
Grand John,
until I came to the US
and I was like,
okay, I have to do something
with my first name.
So I chose what my nickname
my friends gave me.
I love it.
A good nickname,
I'm here for it.
All right.
So you worked at Coinbase
during the formative years,
2015 to 2019.
And you had a great title,
director of risk management
and data science.
and this is really at a company that not only had a lot of stake finance,
this was a completely new area that had a couple of traits.
One, these projects and these tokens that were being sold,
they move instantly and the transactions are not reversible.
And so there's a permanence to getting hacked here where it's not like you can have
some window to reverse the charges.
It's instant, it's irreversible in many cases.
Some of these things have global actors.
So what did you learn to the extent you can talk about?
Obviously, I know you got some confidentiality there, but Brian's a friend of the show.
What did you learn taking on such a seemingly insurmountable challenge?
And did you succeed or how did you do?
Yeah, no, absolutely.
It was a great learning experience because, as we say, if you can solve for fraud in crypto,
you can actually solve for it anywhere, exactly for the reasons, as you mentioned,
because crypto is fungible.
it's not reversible
and it's instantly transferable
and instantly you can sell it and deposit
the fiat into your wallet
of choice right
so what I learned was that
as the world of
money movement becomes increasingly
global right and we've seen that
not just via crypto but via all the
other neo banks which have been popping up
in every country on the planet
as money movement becomes instant
and fast you know
the same characteristics that crypto has
are actually present in all sorts of
faster payment methods as well, right?
Because they're also instantly transferable
and they're not reversible.
So look at Zell in the US,
look at Picks in Brazil,
look at UPI in India, right?
So for me, the biggest learning was that
as money movement becomes instant and global,
the impact of fraud or scams
is going to be huge.
And in fact, we are seeing that today
if you go look at in the UK,
the amount of money being lost to scams has actually quickly overtaken the amount of credit
card fraud losses that they typically used to have. And I'm pretty sure with Fed now or RTP ramping
up in the U.S., the same story is going to hold true very much over here as well.
Life for your in-house legal team can be so hard chasing down signatures, pouring over contracts,
toggling between all the different tools that back and forth with the sales team, it's brutal.
and legal stuff. Oh my God, bane of my existence, right? It's just so much. It's a deluge,
but it doesn't need to be that way. All you have to do is use link squares. It's the first
AI-powered end-to-end contract management solution. What does it do? It gives your legal and your
revenue teams the tools they need to help sales close deals faster while delivering a seamless
experience for your customers. So you can create, review, approve, and execute your contracts
easily in one place while prioritizing tasks and integrating with the tools your team already
knows and loves. Link Squares is where all your legal needs come full circle. Start streamlining
your contract management process today and make life for those in-house legal people so much
easier with just a few clicks. Learn more at linksquares.com slash twist. That's linksquares.com
slash twist to start streamlining your contract management process today. And if you're not doing your
contracts right, it's going to cause all kinds of downstream problems. Do it right, linksquares.com
slash twist.
When you look at the attacks and you look at the attack vectors, if you were to put them into buckets,
I'm a neophyte on this, I can guess, but I'm sure there are certain buckets of fraud that
occurs in crypto and then wider, you know, in finance. Let's just start with the finance
kind of area. We'll leave out corporate espionage. We'll leave out, you know,
are in actors trying to get,
and just talk about people trying to get money.
Of people trying to get money,
where are these actors based,
and what are the attack vectors they're using or trying?
We all know, there's like the classical,
what's the country in Africa that everybody associates
with the classical fishing scam?
Yeah, Nigerian print scam.
The Nigerian print scam.
Then we've got, you know, China,
you've got Russia, the mob,
and then you've got domestic acts.
actors, like maybe organized crime here in the United States, you got cartels, probably south of the
border. I don't know. Tell us the buckets of where financial fraud is coming from and who are
the actors, broadly speaking. Yeah, absolutely. So I would actually broadly bucket it into the following
categories. One is synthetic identity, right? So I create a synthetic identity out of thin air. It could be,
you know, I'm using a dead person or a minor or a child's social security number,
apply for a loan using my own name.
And then the first time I do it, I get denied.
But the next time I do it, the Bureau thinks that, yeah, this is a legit person.
And then they approve me.
So that is one type of fraud.
The second one, I would say, is mules, money mules, right?
So it could be money mules that you recruit right on the street, right?
Like you pay someone a couple of bucks to create an account,
you do KYC for a neobank or a bank, right?
And you pay them for doing that.
Or they could be recruited via a social media forum, right,
on Instagram or Facebook, etc.
Right.
Then the third category I would call is your regular credit card theft.
Right.
So I obtained, you know, a bunch of stolen card numbers.
Previously, if I had a bag of stolen card numbers,
the first thing I would go buy would be a smart TV, right?
Because that was the most expensive thing I could buy.
But then I would have to worry about disposing it off.
But now in the day and age of crypto or NFTs or neobanking,
the best thing I can do is actually load money into a digital wallet, right?
And then find ways via which I can take money out of that wallet.
Maybe I create a virtual card in that neobank,
put that virtual card in an Apple Pay or a Google Pay wallet,
And now I can go spend on that Apple pay, Google Pay.
So the world of stolen card fraud has become much more murkier,
much more harder to unravel because what used to be a simple point solution-based mechanism
to defeat it does not work anymore, right?
And the most interesting one and the most prevalent one is the world of just scams in
general.
So they used to take the form of Nigerian print scams, right?
Where those emails were full of grammatical errors and spelling mistakes, right?
Yes.
But in this day and age, with Gen AI and LLMs, it's very easy to write perfectly curated.
In fact, even personalized email targeting anyone, right?
I could target a message to appear to be like me to you, Jason, for example.
Right.
And then it's all, all these cams are some form of social engineering.
They originate via a text or via an email.
Oftentimes, like, Jason, by the way, do you often get these wrong number text?
messages, for example?
Yes, I have gotten many wrong texts.
I don't reply to them.
I block them.
I assume if somebody knows it's me, they're going to start with J-Cow.
And literally, yeah, I have to change my phone numbers on some regular basis because
I am paranoid about scams.
Yeah, 100%.
And what turns out is that there's a big gang of folks who are based somewhere
in Southeast Asia, right?
And it's a common scam known as pig butchering, right?
What that involves us, in fact, it involves human traffic.
So these are, the accomplices in the scam are people who've been trafficked and they are being,
you know, coerced into perpetrating these scams.
They are given these phone numbers of, you know, Americans or, you know, Eastern Europeans,
whom they're texting, trying to engage with them.
And once they engage with them, then they will actually.
you always have a ploy saying, hey, I can help you double your money via some investment at
a brokerage or a crypto exchange, right? And in that case, they're going to actually walk you
through the steps of K-Y-C, creating an account, connecting a payment method. And they will even
show you screenshots saying that your money has doubled, but in the back end, it's just a fake
software which is showing that your money is doubling by just moving the bits and bytes,
right? And a lot of people have lost the life savings to scams like that, right?
And this is fascinating, pig butchering, because what you're saying is there's two tiers going on here.
You have exploited people who are forced to do this.
So instead of being forced into some horrible life doing terrible things, they're being forced to, perhaps in addition to whatever other horrible things are being forced into doing, doing these scams, which maybe are more profitable.
Because if you get one pig, and the concept of a pig here is the, I think, you know, the old,
expression on Wall Street that pigs get slaughtered. In other words, if you get too greedy,
you're going to get slaughtered. So they're referring to the marks as pigs. And these are people
in America who see other people claiming to have doubled their money on an NFT in a month,
who say, okay, I'm going to double my money, but I'm just going to take my $50,000 life
savings. I'm going to double it. And what people don't understand in this situation is, because
you'd say, who's stupid enough to fall for this. All you need is one person who's weak at one
moment in time. You don't need, and it could be one out of a thousand. If it takes you but one minute
to do each person in a thousand minutes, if you get one, a thousand minutes isn't a lot of time.
You're talking about 15, 20 hours of work, two days of work. You get one every two days.
And that person, you know, sales for what? Five thousand dollars, ten thousand dollars. That's a pretty
good living. Yeah, yeah, totally. And then the, and then of course, there's the, the classic IRS
scam or the, you know, folks who are impersonating Elon Musk and asking.
them to send money to a crypto wallet so that they can double their money, right?
So fraud and scam is as old as money.
People always innovate and find newer ways of making money off of other people's greed.
And in the world of Generative AI, that problem is going to get even worse, much, much worse, right?
So, yeah, and I just as a quick note for folks, if I'm asking you for money, people tell me that they've been getting scammed by social media accounts for myself.
or if Elon's asking for money,
I can assure you that we're okay
and that we don't need $5,000.
I think somewhere I'm going to find the $5,000
to cover my flight back
from wherever my passport was stolen.
And I think Elon's going to do okay.
I don't think you have to worry
about his $5,000, you know, Bitcoin.
I'm sure he depreciated Bitcoin,
but I don't think you need to send him one.
I think he's okay.
So this is super fascinating
that all these scams exist.
The question is,
if it's only one out of a thousand people and they're you know who fall for it I don't know what
percentage of people fall for it every year here in the United States but it does seem to be targeting
specific demographics those demographics seem to be the least technically adept people they go
after retirees they go after non-technical people who you know can't identify which cryptocurrency
to buy or which gift cards to buy my favorite of all of this is there is a YouTube channel
called kit Boga I don't know if you've ever seen this one I've seen that
K-I-T-B-O-G-A, Kit Bogus show.
And this guy pretends he's a grandma.
I guess he gets a bunch of phone numbers,
puts him into databases,
but he's a hacker himself.
And then he puts on a voice modulator
and he lets people try to scam him.
And what they always do is these scammers at call centers,
and it seems like it's coming out of India, maybe, or Manila.
I think it's, like you said, Southeast Asia kind of area
where there's low-cost workers,
or maybe traffic workers tragically.
And they will dial for dollars
and then they try to convince somebody
that they need to upgrade their window software
or they're going to have some problems
and their accounts have been compromised.
And they say they're calling from Bank of America
or they say they're calling from their bank or whatever.
They get them to log in.
And all they do is say, hey, put in a gift card,
type in the numbers and then we'll solve the problem.
And then what he does is he claims the gift cards
as opposed to giving it to them.
And they yell and scream on the phone.
No, no, no, no, no.
Give me the code.
don't type in the code.
It's pretty hilarious to watch it.
But maybe you could talk about that attack.
100%.
Yeah.
So Kit Boga is doing a phenomenal job at, you know,
bringing to light how these scams are being perpetrated.
The attack vector is the following.
So typically you'd get this email or text again, right,
like claiming to be IRS.
Typically the victims are elderly.
Or they could be a bank refund scam where, you know,
I tell you, Jason, for example,
hey, I'm calling you from Chase,
you know, Chase owes you a refund of $100,
but in order for me to give you $100,
you first have to send me $100.
And now the real weakness in the ecosystem
is not neo-banking.
It's not banking.
It's nothing to do with the financial infrastructure.
The real weakness in the whole infrastructure
is actually the fact that in our telephony
and our email infrastructure,
we never actually built sender verification.
So I can easily pretend to be Chase.
And actually the phone number would look like it's coming from Chase, right?
So that's weakness number one in the infrastructure.
Second part to it is that the attacker typically then convinces the elderly victim
to install tools like TeamViewer, any desk, Citrix.
These are remote access tools.
They allow typically customer support to control the screen of,
a user so they can guide them through
whatever was wrong in the machine.
But scammers are exploiting that tool.
What they then do is they actually walk the
grandma into creating an account
at an exchange or a brokerage, right?
And they will actually take control of the screen,
move the mouse, you know, help
type and stuff. And then
at a particular moment in time,
they may actually black out the entire screen.
And these tools actually allow you to do that.
I can actually be in your computer, Jason.
I can black out your screen and you would not have any clue
what am I doing? In fact, I could be now
wiring money out of your bank into mine.
And yeah, it's oftentimes too late because once
money is gone, it's gone, right?
Now, what we realized, and this was actually the founding
story of Sardin, was that
then I got together with my co-founder Zahid and Naditia,
these sort of social engineering scams
in 2017, they were like the fastest growing attack vector
during my days at Coinbase. And I was not
able to solve for it. So,
2019, 2020, when I met my co-founders, I was like, hey, we got to solve for this, right?
And the first thing, the very first thing we built is a behavior biometrics product,
which allows us, if we are embedded in the bank's portal, it'll allow us to tell the bank
and warn the customer if the screen of the customer is being controlled by someone else.
If someone else is typing on the screen, someone else is moving the mouse on the screen,
or if, you know, you are doing a bank transaction, Jason,
and I'm actually on the phone with you,
we do active phone call detection,
or I may be asking you to take screenshots
because I, as a scammer,
may actually want you to take screenshots
because I have a chain of command.
I need to actually provide proof to my bosses
to get paid that actually Jason did this money movement, right?
So this is your solution,
and how does it work?
You install something on the consumer's product,
you install something in the web browser, in the app.
Where do you try to protect users
and or provide this?
tool to providers and which providers are you providing to?
Who are the customers? Who pays you?
Yeah.
Yeah.
So the solution looks like an SDK and then there is an API, right?
The SDK is, you know, available in both a JavaScript form as well as a mobile SDK,
both Android and iOS native SDKs.
And very lightweight privacy aware, we don't really look at what are you typing, right?
We are more interested in someone else typing than you or the typing speed, etc.
And today we offer this of all fraud and compliance solution to a variety of customers.
So we have 250 plus customers worldwide.
There are banks, banking as a service platforms, many neobanks, both B2C and B2B neobanks,
gift card exchanges, NFT platforms, crypto exchanges, as well as we are branching into
many other newer categories as well,
like auto marketplaces, etc.
So wherever there is risk of money movement,
we are there.
So looking at this,
you provide that software development kit.
That's what SDK stands for.
They drop it into their app.
They drop it into their desktop stuff.
And then this bank, we'll call it Acme Bank,
or some gift card exchange.
We'll call it gift card exchange.org,
whatever.
They may not be up on the latest security.
So your team is looking for all these patterns, and then everybody gets to share in that defense.
So instead of each organization having to recreate the wheel, they go to your organization,
they pay you a reasonable fee, I'm sure.
I'm guessing tens of thousands of dollars a year.
I don't know how do you price it?
Yeah, VE price as a SaaS model, as well as a usage based on top of it.
The SaaS model covers for a platform, which includes a dashboard, which gives you full visibility
into the vector, network graph analytics, a low-code rule editor such that a fraud or compliance
professional who does not, they don't need to know SQL, they can create new rules on the fly.
And of course, behind the scenes, we are doing machine learning to catch all sorts of fraud and
scams.
When you're selling to business to business buyers, you want to get your pitch in front of the
decision makers.
Why?
Upper level execs make purchasing decisions, right?
And these high level folks are busy.
They're hard to find.
They're impossible to try.
target on most social media platforms because those social media platforms don't have what LinkedIn
has, which is 950 million members and the entire database of where they work, what city
they're in, how many people work for them and their titles.
In that 950 million member base at LinkedIn, there are 180 million senior level execs.
That tracks, right?
About 15% of people would be senior level execs.
And about 1%, 2% are the C-level executives.
LinkedIn ads is specifically built for business to business marketers to get to those 10 million
C-level executives with 180 million senior level executives.
No other platform can do it.
Period.
Full stop.
And LinkedIn is going to help you reach your audience in a very respectful business environment.
When people are on LinkedIn, they want to do business.
That's why I say LinkedIn, you think business.
I say business.
You think LinkedIn.
It's that simple.
So make B2B marketing everything it can be.
and get a Hyundai, a $100 dollar credit on your next campaign.
Go to LinkedIn.com slash next unicorn to claim your $100 credit.
That's LinkedIn.com slash next unicorn terms and conditions do apply.
Yeah, so that's the next piece of it is how is AI playing a role here?
I just saw the other day this study of keyboards.
I'm sure you're aware of it.
Now you can look at the cadence or maybe the sounds coming out of each key.
Once they train on a particular keyboard,
can look for patterns. They know you're typing. And just like a keyboard interceptor, which is a
little USB device that you can put on a, most people have wireless keyboards now. But I remember
back in the day, when I was doing IT, you could get a little USB device that would go into the
back of the computer. You'd plug it in. The person would never see it, just a little dongle,
plug the keyboard in, and it's recording every keystroke that that person's doing. Or you can hack a keyboard
and there's keyboard hacks. And this is how the CIA, FBI, everybody does it. They just swap your keyboard
out with the one with the chip in it that remotely sends your keystrokes. Once they have
the keystroke logger, you're done. Anything you do is you'd have to have a biometric to get around
that. So new attacks are coming in. You have AI looking at them and or have machine learning
looking at them. And then you can identify new scams in real time. And then some operator or hacker,
white hat hacker in your company has to define that and make a new rule set. How does that all work?
How does it work in real time? Explain to us.
like what you've caught and how you do it.
Yeah, 100%, yeah.
I want to answer your question in two parts.
So first, I wanted to address the threat of Gen AI to the world of fraud prevention.
So we already talked about how our voice or our videos are all online.
So it's very easy to clone it.
I could clone to talk like you, Jason, or to write like you, right?
So we actually call that world as extrinsic AI, right?
Because that's the world which is trained on publicly available information.
However, we think increasingly that in order to detect identity fraud or to protect from payment fraud, you need intrinsic AI as well.
Intrinsic AI is trained on intrinsic features about you, which are not in the public domain, right?
Which, for example, meaning, like you're typing speed or the way you hold your phone, right?
What do you mean the way you hold your phone?
So the way you hold your phone, all of us have a very intrinsic behavior biometric, right?
it's not accurate enough to replace passwords,
not accurate enough to replace your thumbprint or your touch ID.
However, it's a great fraud signal.
For example, if I picked up your phone, Jason,
and I have shoulder surfed you,
and I know how you type your pin code, right?
Then I could actually be in your phone into all your banking apps,
and I can move money out of them.
However, if you have our SDK embedded,
then we would be able to tell you that the way I'm typing,
anything, is very different than the way you type it.
It'll be about 85% accurate, again, not accurate enough to be an authentication method,
but a great fraud signal, right?
Wow.
So let me pause there for a second and reflect back to you what you said.
If I'm holding my phone and you know I am a hunched over person and my phone is on
more of a flat angle or if you know I have good posture and I always hold it straight up
and I'm at 100% the accelerometer and how my phone is being held and then you
you know my keyboard typing, so you know I'm a two-thumb type or a one-thumb type or typically,
you know I type 60 characters a minute versus 120.
You're going to figure out that, hey, maybe somebody else is holding the phone,
or maybe this is an emulator because there's no accelerometer turned on.
And how would the fraudster know to set your accelerometer and how would they know your accelerometer
settings?
Am I correct?
I had no idea that you guys were doing that level.
of fidelity. That's insane.
Yep, that's exactly right. Yeah.
So fraudsters, you know,
as they use AI, we are using AI
as well. So we think that the future
of identity verification
online is actually a battle of bots.
Extrinsic AI versus intrinsic,
right? And to verify
identities and payments online, you increasingly
need these intrinsic AI signals.
When you look at what's coming in AI,
let's talk about the future because, as I said in the
opening, you ain't got to skate to where the puck is going.
what's coming down the pipe? Because I at the top explained, hey, what if these AIs that are hacking are doing reinforcement learning, they obviously have an unlimited number of cycles. So unlike the hackers that we talked about, whether they're sophisticated Russian hackers, sophisticated North Korea hackers, or they're less sophisticated people who are just simply being trafficked or paid three bucks an hour to try to maybe every month hit.
a $10,000 bingo with some elderly person in Florida who gets greedy and they do a pig scam,
a pig slaughter, or whatever you called it. So where is this all going? And give us the doomsday
scenarios of, you know, what really makes you stay up at night. You spend your life worrying
about this. What keeps you up at night? Yeah, the doomsday scenario is actually pretty clear,
right? Number one, as I alluded to earlier, we don't have proper text or phone calls.
verification of a sender built in.
So I can easily spoof anyone's phone numbers.
With generative AI tech,
I can actually pretend to be that person, right?
So there are now, you know,
you're constantly seeing, you know,
versions of these scams already appear, right?
Like, white hat hackers have tried, you know,
training an LLM model on their own voice
and they have beaten voice authentication systems of banks,
right, using the LLM generated voice.
folks have also reported things like, you know,
somebody could call my parents and pretend to be me using my voice, right,
saying that, hey, I've been kidnapped and there's a big ransom payment that is needed, right?
So people are losing money like that.
So in my mind, you know, Generative AI is really going to arm the clever,
sophisticated fraudsters, you know, a lot.
And we need to step up our game as well, right?
What are they working on?
Like, so, you know, I, I know there are some people already using AI for hacking.
What are the early warning signals we're seeing?
Or, you know, sometimes there's kind of the gray hack community, you know, black hat,
somebody with nefarious goals, white hat, hats, the people who work for your company who are trying
to fight the black hats.
But there's also the gray hats.
Maybe they're looking for bounties.
Maybe they're a little aggressive in going for bounties.
But they kind of exist in a little, you know,
neutral zone if we're going in the Dungeons and Dragons.
You know, they're not evil.
They're not good.
They're sort of neutral.
Sometimes chaotic neutral.
Sometimes chaotic good.
Who knows?
I don't know if you know these Dungeons and Dragons references.
Tell us about, you know, the alignment of those gray hats in the middle and what they're warning about.
What are they saying?
Here's some stuff I ran just to show you what I can do.
What are they doing right now that is out there?
Yeah, absolutely.
So besides the one example I shared, which was this gentleman who used an LLM to train his voice against Barclays in the UK, against Barclays Bank in the UK, that's one gray hat type of a scenario we know of.
Before I answer the question, let me just caveat it.
Unlike the world of security where this world of, you know, gray hats is actually very well established.
In the world of fraud, we haven't had that, right?
So we don't really have a lot of, you know, gray hats coming up.
hey, hey, you know, I found this or that.
So therefore, internally, we have to always deploy a team of people who are constantly, you know, testing and using new technology to see how we, how fraudsters just could be using it, right?
So you have to have your team, say, attack and pretend you're a black hat.
So you actually do, there's a term for that.
I forgot what it's called.
You can hire people to do this against your company.
Red team.
Yeah, I got a red team, right?
So the red team, you red team something, it means you try to break the security of it.
And so I don't advise people do this.
If you red team like security at your airport and you try to see if you can get a knife or gun through, you're going to be arrested.
So I think they have their own red teams.
Don't do this, people.
So you create a red team.
That's going to be a unique personality who wants to be on the red team, huh?
Yeah.
And that's why we at Sardine, right, the way we are different than other fraud companies is that everyone at the company, including us,
the founders as well as the founding engineers and the founding product managers or the salespeople,
we've all actually been fighting fraud for like a decade or two, right?
So we've seen what is it like to fight fraud internally at the companies that we sell into
nowadays, right?
And we've seen how difficult it is to fight fraud internally because you never have
infinite resources to go build stuff, right?
You have to always, you know, like allocate your resources to building the product.
You should not be allocating resources to fighting fraud.
And that is what our mantra is that, you know, we are the world's foremost experts in fraud fighting.
And, you know, you can hire the world's foremost fraud experts via one API.
Right.
Imagine owning real estate properties.
Where are the people living in your property wanted to succeed as much as you do?
Well, now you can.
Let me tell you about roots.
Roots is a REIT.
That stands for Real Estate Investment Trust that breaks real estate investing stereotypes.
starting with the landlord-tenant relationship.
This is such an innovative idea.
I love it.
Roots is the world's only reed that builds wealth for both the investors in the REIT and the residents living in the units.
So this creates a win-win partnership that delivers better returns.
Here's how the model works.
You invest that Roots buys properties.
They fix them up.
They rent them out.
And the renters get invested in the fund for paying on time, taking care of them.
their property and being good neighbors. And the model's working. The fund is up 36% since it's
launched in 2021, according to Roots. And unlike other alternative assets, your investment isn't tied
up for years. The Roots Fund offers liquidity every quarter. Oh, that's a very interesting device.
You can't do that in venture capital. I can tell you that. So head to invest with Roots.com
slash twist to sign up and start investing today. It's such a clever idea. I talked to the founder and
I was just absolutely blown away about how smart this win-win-win-win is. A win-
For Roots, a win for the people living in the properties, and a win for the people who are investing in the reed.
There are no entry fees, and you can start with as little as $100.
That's investwithroots.com slash twist to sign up today.
If we look at the other side, which is people hacking, you're in fraud, which is to protect people's money, etc., commercial applications.
If you look at just other espionage and other hacking going on there, that's adjacent to you.
Are you going to expand into that category and try to protect, you know, I don't know, a school or, you know, a local government and their employees?
Are you, will you work with those kind of folks as well?
Is that on the roadmap?
Because it would seem that there is some great overlap between these techniques.
So talk to me about sort of the CIA, the FBI, governments, you know, they have their own ways to protect against this.
But then you got the other, you know, it could be a benign agencies, like education or something.
But they could have really important information.
They could have money.
They could have people's private information.
You could have health organizations.
It seems like they're not on the front line of our defense department, but they still have
attack vectors.
These things all overlap, right?
The techniques, the actors, there's some amount of overlap.
Yes or no?
Oh, 100%.
What we've seen is that, you know, with the rise of embedded fintech, right, and as money
movement is becoming embedded in all sorts of industries like education or
construction, etc.
Industries which were not at the forefront of fraud fighting, they increasingly have to be.
In fact, you know, you reminded me, we do work with education sector, we work with local
governments, we work with federal three-letter agencies as well.
And for the education sector, for example, what we have seen, one of the crazy stories
was that folks were applying for a federal student loan, right, with a synthetic identity.
right? And all those private colleges were actually short of the money, right?
They were on the, they were left holding the back, right?
Then let's, and of course, like at the state level, right, the, we are all aware of all the
the money that the government's lost to PPP scams, right?
And again, the challenge over there was no one at the state level has a good repository
of who are the people registered to who work in that state.
and since they don't have a good online repository of folks,
I could actually pretend to be a worker in the state of Ohio, right?
And I could have applied for a PPP loan, right?
And then the state of Ohio is left holding the back, right?
At the federal level, the challenges are different.
At the federal level, the challenges are, you know, more like,
how can we be best prepared via solve these red teaming type exercises that I said
to make sure that, you know, we are not being,
attacked by any of the bad actress, right?
So just for people to recap here,
you're going to get fished with the pig scams,
know about that one, tech support scams,
you got to know about that one, these are obvious.
Then you got, hey, friend is trapped in another country,
needs money, their wallet was stolen, whatever.
You know about that one.
So the investment scams, pig scams are one of them.
You got, of course, social media impersonation,
people like, you're pretending to be me
or other people, DMing you.
I will never do that.
that, always click on the profile, check the profile, make sure it's a verified profile.
Look at the number, look at the follower account, duh.
Scroll down and see how many tweets they've posted.
They usually don't take my entire archive of tweets or Instagrams to pay them, but on Instagram
they do.
They take my entire archive of photos and put them in there.
The follower account would tell you.
And then what we've started doing in the investment community in venture in startups
is we will do two points of contact or three points of contact when there's a transaction
occurring.
So if somebody was investing in a startup and they were part of a party round and they're sending $10,000, they're going to, you know, call you on the phone, let you know, get the banking details. They call you back. And then maybe a second person, the organization will call you and confirm the details. And when you have two people in the loop, this is what we do because people try to scam me. We've had an alert go out in the venture capital community where people are using voice modulators trying to say, hey, I'm an LP in this fund. I want to give you my banking information.
in order to when I get a distribution, send the distributions.
Literally like, hey, we're going to send our Uber shares or a robber shares to somebody
or we're going to give you a cash distribution.
Now, I don't know if that's ever worked, but that is happening in the world.
And so now you have the identity, the social media impersonation, as you're saying,
is moving to voice modulation.
You see, you just have to be hyper-aware of all of these scams.
And you want to have good tools like the ones you're building and have partners who are
just never-ending fighting against this stuff.
Listen, you've been a great guest.
Thank you so much for taking the time.
How can people learn more about the product
if they're interested in using it?
And then I always like to point out
great companies like this are hiring.
So if you're hiring,
give us the one or two positions
that are the most important
and what it's like to work at your company.
What's the culture you're trying to build over there, soups?
Absolutely, yeah.
So first of all, you can find us on website
at www.sardine.
And we are also on Twitter.
You can follow us on at Twitter.
And I occasionally, actually daily write on both Twitter and LinkedIn.
So you can follow me also on LinkedIn.
My handle is just soups, Ranjan, on LinkedIn as well as Twitter.
And the most important positions that we're hiding for right now are, you know,
in our strategic account management team.
So we have an opening for someone who's really passionate about solving fraud or compliance,
has had a background in those areas
and wants to help our customers fight
fraud on their behalf.
Amazing.
Soups, Ranjan.
You've been a great guest.
Everybody who follows Soups.
Ranjan on Twitter.
S-O-U-P-S-R-A-N.
Get it right from the CEO.
Here are the different stories.
Stay up to date on this and protect your grandma,
your grandpa, your brothers, your sisters.
Anybody over 50 or is under 50 and his ingredient,
you know, just not super technically aware.
It's been another great episode of this week and start.
We'll see you next time. Bye-bye.
