Adaptive Security - Maxthon | Privacy Private Browser

Executive Summary

Adaptive Security has emerged as a critical player in the AI-powered cybersecurity sector, raising $81 million in Series B funding in December 2025. This brings total funding to $146.5 million across three rounds in 2025 alone. The company’s rapid growth reflects an urgent market need as deepfake incidents surged 17-fold from 2023 to 2024, with over 100,000 cases in the United States. Singapore faces particularly acute vulnerabilities, having experienced several high-profile incidents including a $499,000 deepfake CEO scam in March 2025, prompting comprehensive regulatory responses from MAS, SPF, and CSA.

Part 1: Case Study Analysis

Company Background

Founded by: Brian Long and Andrew Jones (previously grew Attentive to $500M annual revenue)

Launch Date: January 2025 (public)

Headquarters: New York

Total Funding: $146.5 million

Series A (April 2025): $43 million led by OpenAI Startup Fund and Andreessen Horowitz
Follow-on (September 2025): $12 million led by OpenAI Startup Fund
Series B (December 2025): $81 million led by Bain Capital Ventures

Investor Profile

The investor consortium signals strong institutional confidence in the AI security sector:

Bain Capital Ventures (Lead): Third investment in Brian Long’s ventures (TapCommerce, Attentive, Adaptive)
NVIDIA (NVentures): Hardware/AI infrastructure alignment
OpenAI Startup Fund: First and only cybersecurity investment, reflecting AI safety concerns
Andreessen Horowitz (a16z): Leading tech venture capital
Financial Services VCs: Capital One Ventures and Citi Ventures indicate banking sector recognition
Abstract Ventures: Early-stage tech focus

Market Problem & Validation

The Threat Landscape:

Social engineering accounts for over 95% of successful cyber breaches. Traditional security training was designed for email-based phishing but fails against multi-channel AI-powered attacks across voice calls, text messages, video conferencing, and deepfake impersonations.

Market Indicators:

Deepfake incidents grew 17x from 2023 to 2024
Over 100,000 deepfake incidents in the U.S. in 2024
More than 50% of Adaptive’s customer discussions involve deepfake incident reports
Creating convincing AI clones now requires only seconds of audio or short video clips

Product & Technology

Core Platform Features:

Multi-Channel Deepfake Simulations
- Voice call impersonations
- Text message phishing
- Video deepfakes
- Email social engineering
Individualized Training
- Personalized based on employee responses
- Real-world scenario testing
- Behavioral adaptation
AI-Driven Risk Assessment
- Automated threat triage
- Executive risk scoring
- Identification of most exposed teams and processes
- Vulnerability mapping
Real-Time Protection
- Continuous monitoring
- Adaptive defense mechanisms
- Pattern recognition across attack vectors

Customer Base & Traction

Growth Metrics:

500+ enterprise customers (within 11 months of launch)
Net Promoter Score (NPS): 94 (world-class; 50+ is excellent)
Third financing round in 2025 alone

Notable Customers:

Financial Services: PayPal, Ramp
Technology: Figma, Vimeo, Perplexity
Consumer Brands: Xerox, Bose, TaylorMade Golf
Sports Organizations: National Hockey League, Professional Golfers’ Association

This customer diversity demonstrates broad market applicability across industries.

Competitive Advantages

First-Mover Focus: Specialized platform specifically for AI-powered threats
AI-Native Approach: Uses AI to combat AI threats
Founder Track Record: Proven success scaling Attentive to $500M revenue
Strategic Backing: OpenAI’s only cybersecurity investment provides technical credibility
Multi-Channel Coverage: Addresses full threat surface, not just email
Real-Time Adaptation: Platform evolves with threat landscape

Part 2: Market Outlook & Industry Analysis

Global Market Dynamics

Market Size & Growth Projections:

The AI security market is experiencing explosive growth driven by:

Proliferation of generative AI tools (ChatGPT, Midjourney, ElevenLabs)
Deepfake-as-a-Service (DaaS) platforms lowering technical barriers
Over 30% of high-impact corporate impersonation attacks in 2025 involved AI-powered deepfakes
Rising regulatory scrutiny across jurisdictions

Key Market Drivers:

Technology Democratization: Sophisticated attack tools now accessible to non-technical criminals
Regulatory Pressure: Governments worldwide implementing AI governance frameworks
Financial Impact: Multi-million dollar fraud cases creating board-level awareness
Insurance Requirements: Cyber insurers demanding better security controls
Reputation Risk: Brand damage from successful attacks driving prevention investment

Threat Evolution Timeline

2023:

Experimental deepfake attacks
High technical barrier to entry
Limited public awareness

2024:

17x increase in deepfake incidents
Emergence of DaaS platforms
High-profile cases in Hong Kong ($25M) and early Singapore incidents

2025:

Deepfakes become “everyday” threat
Multi-party, real-time deepfake attacks
Mainstream media coverage
Regulatory responses accelerate

2026 Projections:

Hyper-realistic voice and video attacks at scale
Real-time financial fraud challenging authentication systems
Content verification crisis in corporate decision-making
Mandatory detection tools and content credentials

Industry Challenges

Technical Hurdles:

Detection arms race (attackers improving faster than defenders)
Real-time authentication difficulties
Multi-modal attack coordination (voice + video + documents)
Insider threat amplification

Organizational Barriers:

Employee awareness gaps
Legacy security mindsets
Budget allocation resistance
Change management complexity

Regulatory Uncertainty:

Varying compliance requirements across jurisdictions
Liability frameworks still developing
Cross-border coordination challenges

Competitive Landscape

Solution Categories:

Detection Tools: Reality Defender, Sensity AI, Deeptrace
Authentication Platforms: BioCatch, iProov, Onfido
Security Awareness Training: KnowBe4, Cofense, Proofpoint (traditional)
AI Security Specialists: Adaptive Security (multi-channel), Pindrop (voice)
Platform Security: Microsoft Defender, Google Chronicle (embedded solutions)

Adaptive’s Positioning:

Only platform combining simulation, training, and real-time defense
AI-native from inception vs. legacy players adding features
Multi-channel vs. single-vector solutions
Behavioral focus vs. purely technical controls

Investment Trends

VC Activity:

Significant capital flowing to AI security startups
Corporate venture arms (NVIDIA, OpenAI, financial institutions) actively investing
Later-stage rounds getting larger as market validation strengthens
Strategic acquirers (cybersecurity incumbents, tech giants) evaluating targets

Exit Opportunities:

IPO potential as category leader
Strategic acquisition by Palo Alto Networks, CrowdStrike, Microsoft, or Cisco
Private equity interest in high-growth security platforms

Part 3: Extended Solutions Architecture

Comprehensive Platform Capabilities

1. Threat Simulation Engine

Voice Impersonation:

Executive voice cloning
Accent and speech pattern matching
Emotional inflection replication
Background noise synthesis for authenticity

Video Deepfakes:

Real-time facial mapping
Expression synchronization
Lighting and environment adaptation
Multi-participant scenarios

Text-Based Attacks:

Writing style analysis and mimicry
Contextual message generation
Urgency manipulation tactics
Document forgery detection training

Email Sophistication:

Domain spoofing simulations
Email threading context awareness
Attachment-based attack scenarios
Calendar invitation exploits

2. Risk Assessment Framework

Individual Risk Scoring:

Role-based vulnerability assessment
Historical response patterns
Access level correlation
Communication habits analysis

Organizational Mapping:

Team exposure identification
Process vulnerability scanning
Attack surface quantification
Critical path protection

Predictive Analytics:

Threat trend forecasting
Seasonal pattern recognition
Industry-specific risk profiles
Peer comparison benchmarking

3. Training & Awareness Modules

Adaptive Learning Paths:

Role-specific scenarios (finance, HR, executive, IT)
Difficulty progression based on performance
Micro-learning modules (5-10 minutes)
Gamification elements for engagement

Behavioral Change Tracking:

Before/after attack simulation results
Reporting rate improvements
Suspicious activity identification accuracy
Culture shift metrics

Executive Engagement:

Board-level reporting dashboards
Regulatory compliance documentation
Risk committee presentation materials
Audit trail maintenance

4. Integration Capabilities

Identity & Access Management:

Okta, Azure AD, Ping Identity integration
Multi-factor authentication triggers
Privileged access monitoring
Session behavior analysis

Communication Platforms:

Microsoft Teams, Slack, Zoom monitoring
Email gateway integration (Office 365, Google Workspace)
VoIP system connectivity
Video conferencing security layers

Security Operations:

SIEM integration (Splunk, QRadar, Sentinel)
SOAR playbook automation
Incident response workflow triggers
Threat intelligence feed enrichment

Compliance & Reporting:

SOC 2, ISO 27001 audit support
GDPR, CCPA privacy controls
Industry-specific frameworks (PCI DSS, HIPAA, SOX)
Regulatory reporting automation

5. Response Orchestration

Automated Actions:

Suspicious call flagging
Video conference authentication challenges
Wire transfer approval workflows
Document verification processes

Human-in-the-Loop Controls:

Multi-party verification requirements
Out-of-band confirmation protocols
Code word systems
Physical presence validation

Incident Management:

Forensic evidence capture
Chain of custody documentation
Law enforcement liaison tools
Post-incident analysis

Part 4: Singapore Market Impact & Regulatory Response

Singapore’s Vulnerability Profile

Digital Infrastructure:

Digital penetration exceeds 95%
Asia-Pacific financial hub
High concentration of multinational corporations
Advanced telecommunications infrastructure
Extensive cross-border business operations

Attack Surface:

Global business language (English) reduces localization barriers
High-value targets in banking, shipping, trade
Regional headquarters for Fortune 500 companies
Government digitalization initiatives create broader exposure

High-Profile Incidents

Case Study 1: March 2025 CEO Deepfake Scam

Incident Details:

Finance director at multinational firm
Zoom call with fake CFO and executives
Multiple synthetic identities rendered in real-time
US$499,000 fraudulent wire transfer
Sophisticated use of business context (M&A discussions)

Attack Methodology:

Initial WhatsApp message from “CFO”
Live-streamed Zoom video call
Multiple impersonated executives
Secondary scammer posing as legal counsel
Fake NDAs and Board Letters
High-pressure, time-sensitive instructions

Lessons Learned:

Video calls no longer trustworthy without secondary verification
Insider knowledge suggests reconnaissance or data breach
Multi-party coordination increases perceived legitimacy
Finance teams particularly vulnerable due to authority-based workflows

Case Study 2: December 2023 Political Deepfakes

Incidents:

Deepfake video of PM Lee Hsien Loong promoting cryptocurrency scam
Deepfake video of DPM Lawrence Wong endorsing investment scam
March 2025: PM Lawrence Wong warnings about continued scams using his likeness

Impact:

Erosion of public trust in digital communications
Government credibility concerns
Market confidence risks
Prompted comprehensive regulatory response

Regional Context: Hong Kong Precedent

February 2024 Incident:

Finance worker at multinational firm
US$25 million fraudulent transfer
Multi-participant video conference with all deepfakes
Funds later recovered through Hong Kong-Singapore law enforcement cooperation

Regulatory Response Framework

1. Joint Agency Advisory (March 2025)

Issuing Bodies:

Singapore Police Force (SPF)
Monetary Authority of Singapore (MAS)
Cyber Security Agency of Singapore (CSA)

Key Directives for Businesses:

Protocol Establishment:

Verification mechanisms for video calls/messages from executives
Multi-channel confirmation for fund transfers
Challenge-response systems (code words, OTPs)

Employee Training:

Recognition of deepfake indicators
Vigilance for unsolicited video invitations
Awareness of AI-generated document authenticity

Technical Controls:

Audio-visual element analysis
Detection of manipulation artifacts
Abnormal lighting, lip-sync issues, unnatural movements

Process Safeguards:

Never disclose confidential information without verification
Immediate escalation protocols
Separation of duties for financial transactions
Alert mechanisms for fund transfer personnel

Incident Response:

Immediate bank notification
Transaction blocking procedures
Police report filing
Evidence preservation

2. MAS Deepfake Information Paper (September 2025)

Risk Categories Identified:

Market Risk:

Falsified CEO statements destabilizing stock prices
Fabricated calamitous events
Market confidence disruption
Investor relation damage

Cyber Risk:

AI-generated phishing campaigns
Synthetic identity creation
Biometric authentication bypassing
Insider threat amplification

Fraud Risk:

Social engineering at scale
Executive impersonation
Customer impersonation
Account takeover attacks

Regulatory Risk:

Non-compliance with verification requirements
Inadequate customer authentication
Failure to implement safeguards
Reporting obligation breaches

Recommended Mitigating Measures:

Onboarding Controls:

Enhanced KYC procedures
Liveness detection in biometric capture
Multi-factor identity verification
Document authenticity checks

Authentication Strengthening:

Multi-factor authentication for privileged accounts
Out-of-band verification for high-risk activities
Behavioral biometrics
Device fingerprinting

Monitoring & Detection:

Deepfake detection algorithms
Anomaly detection systems
Brand abuse monitoring across digital channels
Social media impersonation tracking

Process Enhancements:

Separation of duties for critical transactions
Dual authorization requirements
Call-back verification protocols
Code word systems for sensitive operations

3. CSA Advisory on Detecting Deepfakes (Updated 2024-2025)

The 3A Framework:

Assess the Message:

Source verification (is it truly who it claims to be?)
Context evaluation (does it behave as expected?)
Aim analysis (urgency, unusual requests, suspicious links?)

Analyse Audio-Visual Elements:

Facial inconsistencies (unnatural movements, poor lip-sync)
Lighting irregularities (shadows, reflections)
Visual artifacts (blurring, pixelation at edges)
Audio quality (robotic tone, unnatural cadence)
Background anomalies (inconsistent environments)

Authenticate Using Tools:

Content provenance verification
Metadata analysis
AI-generated content labels (emerging from Meta, OpenAI)
Watermark detection
Cross-reference with known authentic sources

4. MAS AI Risk Management Guidelines (November 2025)

Comprehensive Framework for Financial Institutions:

Governance Requirements:

Board-level AI oversight
Senior management accountability
Risk committee involvement
Cross-functional coordination

Risk Management Systems:

AI model inventory
Risk assessment methodologies
Testing and validation protocols
Third-party AI vendor management

Lifecycle Controls:

Development standards
Pre-deployment validation
Continuous monitoring
Change management processes

Capabilities & Capacity:

Technical expertise requirements
Training programs
Resource allocation
Vendor partnership evaluation

Deepfake-Specific Considerations:

Authentication system robustness
Customer-facing AI safeguards
Hallucination prevention
Explainability requirements

5. Online Criminal Harms Act (OCHA)

Enforcement Mechanism:

Directives to social media platforms
Takedown requirements for scam content
Implementation deadlines
Penalties for non-compliance

Recent Actions:

September 2025: SPF issued directive to major platform
30 September 2025 compliance deadline
Enhanced safeguard requirements
Improved takedown mechanisms

Singapore Government Initiatives

Financial Commitment

$20 Million Parliamentary Initiative (January 2024):

Deepfake detection capability development
Public-private partnership for technology solutions
Research funding for counter-deepfake technologies
Safe internet infrastructure investment

Public Education Campaigns

Scam Public Education Office (SPEO):

Established 2023
Coordinated anti-scam awareness
Multi-agency collaboration

Campaign Programs:

“S.U.R.E.” (Source, Understand, Research, Evaluate)
“Unseen Enemy” (CSA cybersecurity campaign)
“I can ACT against scams” (SPF/National Crime Prevention Council)

ScamShield Resources:

24/7 Helpline: 1799
Website: www.ScamShield.gov.sg
Mobile app for scam detection
Reporting mechanisms

Corporate Impact in Singapore

Financial Sector:

Enhanced KYC/AML procedures
Biometric authentication upgrades
Multi-factor verification expansion
Employee training mandates
Regular security audits
Incident response planning

Multinational Corporations:

Treasury function fortification
Executive protection programs
Communication protocol overhauls
Third-party risk reassessment
Cyber insurance policy reviews

Small-Medium Enterprises:

Awareness gap challenges
Resource constraint issues
Simplified framework needs
Government support programs

Market Opportunity for Adaptive Security in Singapore

Total Addressable Market:

Financial Services:

170+ commercial banks
50+ merchant banks
700+ insurance companies
Numerous fintech startups
Payment service providers

Corporate Sector:

7,000+ multinational corporation regional headquarters
4,200+ international companies
Extensive SME ecosystem
Government-linked corporations

Estimated Contract Values:

Enterprise (500+ employees): SGD 150,000 – 500,000 annually
Mid-market (100-500 employees): SGD 50,000 – 150,000 annually
SME segment: SGD 10,000 – 50,000 annually

Penetration Strategy:

Regulatory Compliance Positioning: Market as MAS guideline adherence solution
Risk Transfer Partnership: Collaborate with insurers for policy requirements
Government Partnership: Align with CSA, MAS initiatives
Regional Hub Strategy: Singapore as Asia-Pacific headquarters
Local References: Secure 2-3 anchor customers (ideally banks)

Competitive Advantages in Singapore:

MAS guidelines create urgency
High-profile local incidents drive awareness
Regulatory sophistication favors comprehensive solutions
English-language business environment reduces localization needs
Government co-investment opportunities
Regional expansion base (SEA, Greater China, India)

Regional Expansion from Singapore Base

Southeast Asia:

Indonesia: Large market, increasing digital threats
Malaysia: Financial hub, regulatory alignment
Thailand: Tourism sector vulnerabilities
Vietnam: Manufacturing sector risks
Philippines: BPO industry exposure

Greater China:

Hong Kong: After $25M incident, high awareness
Taiwan: Technology sector concentration
Mainland China: Requires localization, partnership

South Asia:

India: Massive market, rapidly digitizing
Australia: Advanced cybersecurity market

Long-Term Singapore Impact

Ecosystem Development:

Cybersecurity startup ecosystem growth
Talent pipeline development (universities, training programs)
Public-private collaboration models
Regional expertise hub emergence

Economic Benefits:

Reduced fraud losses (direct savings)
Maintained investor confidence
Protected financial hub reputation
Job creation in cybersecurity
Attraction of global security companies

Societal Impact:

Increased digital trust
Democratic process protection
Reduced victimization of individuals
Enhanced media literacy
Stronger social fabric

Challenges Ahead:

Rapid technology evolution outpacing regulation
Cross-border enforcement difficulties
Privacy vs. security balance
Small business adoption barriers
Public complacency risks

Part 5: Strategic Recommendations

For Adaptive Security

Singapore Market Entry:

Immediate Actions (Q1 2026):
- Establish Singapore office
- Hire local country manager with financial services background
- Secure MAS regulatory consultation
- Engage Big 4 consulting partners for customer introductions
Early Wins (Q2-Q3 2026):
- Sign 2-3 local banks as anchor customers
- Develop MAS guideline compliance documentation
- Create Singapore-specific case studies
- Build local support and delivery capability
Scale Phase (Q4 2026-2027):
- Regional expansion into SEA markets
- Insurance industry vertical expansion
- Government agency opportunities
- Channel partner network development

Product Localization:

Singapore English accent and Singlish recognition
Mandarin language support
Regional cultural context in simulations
Asia-Pacific time zone support
Local regulatory reporting features

For Singapore Organizations

Immediate Actions:

Assessment: Conduct deepfake vulnerability audit
Policy: Implement video call verification protocols
Training: Deploy awareness programs
Technology: Evaluate detection and prevention tools
Response: Establish incident response playbooks

Medium-Term:

Integrate deepfake defense into security operations
Update authentication systems
Strengthen third-party risk management
Conduct regular tabletop exercises
Build cross-functional response teams

Strategic:

Make AI security a board-level priority
Allocate sustained budget for evolving threat
Participate in information sharing initiatives
Invest in employee security culture
Plan for regulatory compliance evolution

For Policymakers

Regulatory Evolution:

Strengthen Authentication Standards: Mandate multi-factor verification for high-risk transactions
Incident Reporting Requirements: Create central registry for deepfake incidents
Public-Private Partnerships: Accelerate technology solution development
Regional Coordination: Align with ASEAN partners on enforcement
Content Provenance: Require digital watermarking and authentication

Ecosystem Support:

Expand research funding
Create cybersecurity talent programs
Facilitate international collaboration
Support SME adoption through grants
Establish testing and certification programs

Conclusion

Adaptive Security’s $81 million Series B represents more than a successful fundraising—it validates the urgent need for specialized AI-powered cybersecurity solutions in an era where traditional defenses are obsolete. With deepfake incidents increasing 17-fold in one year and high-profile cases costing millions, the company’s comprehensive platform addresses a critical and growing market.

Singapore serves as a microcosm of global vulnerability. As a digital-first financial hub, it faces acute exposure to AI-powered fraud while demonstrating regulatory leadership through comprehensive guidelines from MAS, SPF, and CSA. The March 2025 $499,000 deepfake CEO scam illustrates that no organization is immune, regardless of sophistication.

The convergence of three factors creates unprecedented opportunity:

Technology proliferation making attacks accessible
Regulatory mandates requiring compliance
Financial materiality justifying investment

For Adaptive Security, Singapore represents both an ideal market and a strategic beachhead for Asia-Pacific expansion. For organizations, the question is not whether to invest in deepfake defense, but how quickly they can implement comprehensive solutions before becoming the next case study. For Singapore, maintaining its position as a trusted financial hub requires sustained vigilance and continued regulatory leadership.

The deepfake threat will only intensify. Organizations that treat this as an IT problem rather than a strategic imperative will face existential risks. Those that act decisively—implementing detection, training, and response capabilities—will not only protect themselves but gain competitive advantage through demonstrated resilience and trust.

The future of cybersecurity is here. The cost of inaction has never been clearer.