We’ve all received that email or text — the urgent message claiming to be from our bank, a delivery service, or even IT support, asking us to click a link or verify our credentials.
Most of us like to think we wouldn’t fall for it, yet attackers are getting better. In recent weeks, a highly sophisticated phishing campaign called Astaroth burst onto the scene. Designed to bypass 2FA and steal Gmail and Microsoft login credentials, Astaroth creates fake login pages where users unknowingly enter their username and password, allowing hackers to steal credentials and proliferate quickly. Astaroth phishing kits are even being sold for $2,000 on the dark web! Along with the news that Russian nation-state actors recently targeted sensitive Microsoft 365 accounts, it’s clear that phishing attacks are nowhere near being solved and, in fact, are getting worse. All of this is underscored by the fact that more and more of us are falling victim to these attacks, evidenced by Verizon’s 2024 data report indicating the click-through rate of phishing scams has doubled since 2016.
As AI makes phishing attempts more advanced and frequent, security teams are struggling to keep up. That’s why we’re excited to announce that Madrona is leading the $10M Series A investment in Anagram, alongside General Catalyst and Bloomberg Beta, to help address this growing threat.
Why Human Security Needs a New Approach
Despite billions of dollars invested in cloud, data, and network security tools, humans remain the last and weakest line of defense in enterprise security. Employees still click on phishing emails, fall for social engineering attacks, and unknowingly expose sensitive information. The traditional security awareness training programs — rigid, generic, and often ineffective — haven’t solved this problem.
At the same time, AI is reshaping the threat landscape. Generative AI enables cybercriminals to craft hyper-personalized phishing messages that are nearly indistinguishable from legitimate communication. These attacks aren’t just increasing in volume; they are becoming exponentially more sophisticated. In addition to the Gmail support scam, we’re seeing an alarming rise in Advanced Persistent Threats (APTs), where attackers use long-term, highly targeted techniques to infiltrate organizations. Meanwhile, increasingly elaborate phishing scams are targeting employees across multiple communication channels, from email to collaboration platforms like Slack and Teams.
Enter Anagram: A Modern Approach to Human Security
Anagram is pioneering a next-generation human security platform designed to empower employees to act securely in real time. Rather than relying on outdated training modules that are just a compliance checkbox, Anagram integrates bite-sized, customizable training and context-aware nudges directly into the tools employees use every day. The goal is simple: change behavior, reduce risk, and make security second nature.
What sets Anagram apart is its ability to:
- Deliver training in real time rather than forcing employees into periodic, easily forgotten sessions.
- Use AI to anticipate and intercept threats, adapting dynamically to an employee’s risk profile.
- Engage employees meaningfully, making security awareness an intuitive and even enjoyable experience.
Why We’re Excited to Partner with Anagram
At Madrona, we’ve been thinking deeply about AI-driven security challenges and the limitations of traditional security awareness programs. We’ve seen firsthand how CISOs struggle to bridge the gap between security policies and real-world employee behavior. When we met Anagram Founder and CEO Harley Sugarman, it was immediately clear he understood this challenge better than most.
As a former engineer at Bloomberg, Harley has a unique perspective on the pain points that enterprise security teams face. He recognized early that a successful security solution wouldn’t come from AI alone, but from a seamless, behavior-driven approach that meets employees where they are.
The results speak for themselves. In just one year, Anagram has deployed at several major enterprises, including Kenvue, Pfizer, and Finance of America, demonstrating measurable improvements:
- Lower phishing failure rates
- Higher reporting rates
- Increased training completion rates
Madrona’s Long-Term Commitment to Security Innovation
At Madrona, we have a long history of investing in leading security products, including Clerk, Stacklok, Cohesity, and Tigera. We believe Anagram represents the next evolution in cybersecurity: a proactive, intelligent, and employee-first approach to human security.
We’re proud to lead this investment alongside our friends at General Catalyst and Bloomberg Beta, and we’re thrilled to have the support of top CISOs and security leaders, including Steve Zalewski (Levi Strauss), Lena Smart (MongoDB), David Cross (Atlassian, Oracle), Tim Youngblood (T-Mobile, McDonald’s), and Andrew Wilder (Nestlé).
As AI-powered threats continue to evolve, enterprises need security solutions that evolve with them. Anagram is leading the charge, and we’re excited to support them in this journey. If you’re a security leader looking to future-proof your enterprise and help your employees stay vigilant against AI-based attacks, check out Anagram here. And they are actively hiring!
Onward!
Related Insights
