When the SolarWinds attack shook the cybersecurity world, it exposed a terrifying truth: even the most trusted software could become a Trojan horse. For Andrew Hendela, Co-founder of Karambit.AI, that moment was the catalyst for building a company focused on answering one critical question: why do we trust software at face value?
The Spark: From Breach to Breakthrough
The SolarWinds supply chain breach revealed how attackers could slip malicious code into trusted software updates and wait weeks before activating. Traditional security tools did not catch it because everything looked legitimate on the surface. For Andrew and his co-founder, that was the turning point. They knew they could build technology to analyze software at a deeper level, uncovering what it would actually do before anyone ran it.
A New Layer of Zero Trust
Zero trust has become the mantra of modern cybersecurity, but it has mostly centered on identity. Karambit.AI asks a different question: why trust the software itself? Their platform can break down software, understand its behaviors, and predict how it will act in practice. This gives organizations the ability to verify software safety before deploying it.
Early Challenges and Breakthroughs
Like most startups, the biggest early challenge was finding the right people who both cared about the problem and were willing to take a chance on a young company. Fortunately, Microsoft saw potential. After proving their technology through demos and navigating the complex procurement process, Karambit.AI became part of Microsoft’s workflow. Today their system is scanning billions of files, proving they can scale at the enterprise level.
Cutting Through the AI Noise
In an industry crowded with hype, Karambit.AI has focused on proof over promises. Andrew emphasized that many companies exaggerate their capabilities. Karambit.AI has taken the opposite approach, showing that their system can automatically detect backdoors, describe software behavior in plain language, and surface risks that others miss. This pragmatic focus sets them apart from those who claim to “do everything.”
Beyond Cybersecurity
While cybersecurity remains central, Karambit.AI is expanding into broader software safety. Their technology can evaluate firmware and other critical systems for risks, ensuring not only security but also reliability. For example, they have analyzed medical device firmware and explained risks in clear terms that even non-technical stakeholders can understand.
The Role of AI in the Next 18 Months
Andrew believes the current value of AI lies in translation. Large language models are powerful when used to explain complex results in ways that different audiences can grasp. Developers, security teams, and business leaders each need tailored insights, and AI can bridge that gap. The focus, he says, should be on practical applications rather than grand promises.
What’s Next for Karambit.AI
The next phase for Karambit.AI involves expanding their reach beyond traditional cybersecurity into areas like safety, reliability, and compliance. Their technology has already exceeded expectations, and Andrew sees opportunities to apply it across a wide spectrum of problems.
Advice for Founders
Reflecting on his own journey, Andrew shared one piece of advice he embraced from the beginning that has made the difference: avoid burnout. Startup culture often glorifies working nonstop, but the reality is simple. If the founders burn out, the company cannot survive, no matter how strong the product is. Taking care of yourself is not a luxury, it is a necessity.
