Cybersecurity’s quantum leap: A field full of opportunities

The article was published on June 18 in FoundME.

Liina Kamm, Senior Researcher at Cybernetica, and Marion Lepmets, CEO of SoftComply, shed light on the hottest current topics in cybersecurity and artificial intelligence. Startups have several advantages over industry giants, and keeping these in mind, it’s definitely worth applying to the Cyber Accelerator by July 13.

How can we be sure that novel cybersecurity solutions don’t actually increase data protection risks? How do we balance their security with practical benefits? Amid this rapid development—who’s steering the ship? And how can startups compete with major players?

According to Liina Kamm, Senior Researcher at the Institute of Information Security at Cybernetica, the rapid development and increasing accessibility of AI tools has created both exciting opportunities and new problems. “The more powerful AI becomes, the more we trust it—and the more it can help us. But we must still keep a clear mind and critically assess whether the outputs, suggestions, and decisions are logical and justified,” she explains.

“There are now a lot of new tasks specifically related to AI risk management,” Kamm points out. “The more complex the system and the more critical the tasks, the more detailed and well-thought-out the risk management must be.”

Many companies today claim that their services are powered by AI, but it’s hard to evaluate whether it’s truly a learning system or just a set of automated algorithms. If it is a learning system, how can we ensure that it evolves at a reasonable pace and doesn’t become overly autonomous?

Another big dilemma is balancing data processing with security. Complex AI-powered language models, such as Phishbite, can detect patterns and spot even the smallest behavioral changes to help protect businesses from cyberattacks. However, such AI-based solutions often require processing sensitive data in the cloud, which raises concerns about data security.

Kamm lists key risk areas as data quality, data accessibility, bias, and user education. “The quality of an AI model is highly dependent on data quality—volume, bias, and accuracy all play a major role,” she explains.

“By accessibility, I mean whether intellectual property and individual rights and privacy are protected. For instance, there is far less Estonian-language content than in globally dominant languages,” she adds. “There are many types of bias—from historical to algorithmic—and unfortunately, all of them affect AI systems. So AI still can’t make decisions on its own; it needs decision support. But even that can be risky, since humans also make mistakes, and if AI provides a plausible justification, it may be difficult to make an objective decision.”

This leads to the last—and arguably most important—topic: educating people. “The more people understand how AI systems work, what risks and biases exist, the easier it is for them to use the results and make decisions based on them,” says Kamm.

“You have to know how to ask the right questions in the right way—that’s when you’re most likely to get good and consistent answers from AI,” she confirms.

Control is critical

According to Marion Lepmets, founder and CEO of SoftComply, which develops risk and document management applications, we all consume an enormous amount of software and services daily. “It’s hard to believe any of us truly has full control over our own data,” she notes.

SoftComply builds applications for risk and document management specifically aimed at manufacturers of medical devices and other safety-critical products. Their clients include NASA, Formula 1 Racing, Rheinmetall, and major U.S. medical firms like ThermoFischer and Dentsply Sirona.

Lepmets stresses that today, cybersecurity must be a top priority for any product whose safe usage is critical and that includes significant software components or is entirely software-based.

On one hand, there’s still no clear standard for how much of a role AI should play in safety-critical products or how it should be evaluated. On the other hand, increasing regulations—especially in the EU—are slowing down time-to-market for new products, Lepmets points out.

Startups have several advantages

Compared to big players like Microsoft, Palo Alto, and CrowdStrike, smaller companies may seem overshadowed. However, the cybersecurity market holds a place for everyone—there are plenty of areas where startups can become strong competitors through targeted research, niche focus, and innovation.

According to Kamm, startups can more easily integrate AI into their systems, products, and services. “They’re not burdened by legacy systems, so they can create standout and cutting-edge solutions. But it’s crucial to analyze where the data flows—does it, for example, leave Europe?—and at least assess the key risks to inform customers of potential threats,” she advises.

One great way for startups to break into the cybersecurity and AI space is to join an accelerator. The Cyber Accelerator, organized by the Tehnopol Startup Incubator and the Estonian Information System Authority (RIA), is designed specifically to support early-stage cybersecurity startups and spin-offs.

SoftComply received valuable support from the Cyber Accelerator. Previously focused on product risk management from a safety perspective, they expanded into cybersecurity capabilities thanks to the accelerator program.

“AI development has been powerful, but incorporating it into safety-critical product development is very complex and tightly regulated—it imposes additional demands on companies, so they must thoroughly assess whether AI is truly worth pursuing,” Lepmets explains. “During the accelerator, we were able to focus specifically on how to help our users manage cybersecurity risks better.”

She adds that startups’ key advantage is flexibility, allowing them to quickly respond to market changes and develop new ideas fast. “Our strength is definitely our adaptability and speed. For us, it’s not unusual to turn a new idea into a product within weeks—and that gives customers the sense that they are truly being heard,” says Lepmets.

SoftComply has participated in several accelerators, but they particularly appreciated the Cyber Accelerator’s style and unique features. “Its practical focus was impressive—strong expert mentors and engaging interactive workshops where experience and know-how were shared,” says Lepmets.

The accelerator program kicking off this fall offers selected teams €60,000 in funding, field-specific mentoring, and training that helps bring innovative cybersecurity solutions to market faster.

This year, the accelerator is focused on solutions that address and mitigate cybersecurity threats emerging alongside digitalization—for example, process automation, AI applications, countering social engineering, quantum-proof cryptography, or cybersecurity in the space sector.

The application deadline is July 13. Apply HERE!