At this point, encountering misinformation feels synonymous with being on the internet. Even social media giants struggle to keep track of and address the rampant untruths that have proliferated on their platforms. So to many, combating misinformation on social media feels like a battle we have already lost. Yet Lisa Kaplan, founder of cybersecurity startup Alethea, is test-driving her idea to tackle a seemingly unsolvable problem.
In her role as the digital director for Independent Maine Sen. Angus King’s successful reelection campaign in 2018, Kaplan developed a playbook for targeting disinformation on social media. She realized individuals and organizations spreading disinformation were using the same strategies again and again. “From what I saw on the campaign, both from real people spreading misinformation and network-organized efforts to spread disinformation, I was concerned because I didn't think that anybody was doing enough,” Kaplan told me.
Yet Kaplan realized that disinformation was not just a risk to political candidates. “What we've been finding is that disinformation is the new malware. It's targeting every company, every organization—it's just a question of whether or not companies have realized it yet,” she said.
She decided to transition her digital strategy from her political career into a cybersecurity startup, Alethea Group. In November 2022, the company raised $10 million in Series A funding from Ballistic Ventures. Alethea’s platform helps companies and nonprofits identify misinformation campaigns and design strategies to address the threat.
I spoke to Kaplan this week about how Alethea’s platform works, her perspective on the threat landscape, and her experience breaking into the technical and male-dominated cybersecurity industry. Our conversation has been condensed for clarity:
Fortune: So, you started Alethea in 2019 to address misinformation and social media manipulation. How did you and the team develop the technology?
Kaplan: I realize you're not supposed to say this as a technology company, but we started as a service. I'm proud of that because we were able to figure out the necessary processes and procedures to be able to detect and mitigate a huge threat. From there, we figured out how to build a technology platform that automates all of the different analytic techniques that we know to work. We're now able to visualize and communicate the insights that clients need through this platform. Our team has the technology internally. We're in a closed beta with about eight customers. We're launching our technology to be sold as a standalone product here shortly.
How do you define misinformation?
We define disinformation as false or misleading content created and distributed with the intent of inflicting harm on an individual, company or organization, or society at large. Whereas, misinformation is false or misleading content shared unintentionally, often by unsuspecting individuals who are active on social media and the internet.
How do you determine whether a circulating piece of information is definitively false?
Our job at Alethea isn't to decide what's true and what's false; our job is to provide our customers with actionable insights and analysis into how online activity within the networks and communities known for spreading false narratives and disinformation may be threatening things like market capitalization and shareholder value, customer base, and brand and reputation.
There is a huge range of entities spreading misinformation and disinformation on the internet, some being individuals, some bots, and some more targeted campaigns. In terms of the threat actors spreading disinformation, what organizations or actors do you think are the biggest threat?
One of the things that's important to recognize is that disinformation is a dynamic threat and it's constantly evolving. So what started as being the Russians in 2016, those same tactics, techniques, and procedures are now being deployed by groups who are seeking to target companies for financial gain and pose potential physical security threats to business leaders.
We're spending a lot of time right now looking at threats emanating from China. We're now seeing more evidence that suggests that they may be shifting to target specific businesses in the U.S., particularly critical infrastructure businesses as well as targeting democracy.
Do you have an idea of what the threat landscape will look like in the future, for example during the 2024 presidential election?
I would say more broadly, we expect to have more actors weaponizing information to achieve a goal because it's fast, cheap, and easy to do. If companies or organizations are vulnerable to attacks, and they aren't actively monitoring for this type of threat, they will be targeted.
One of the biggest changes going into 2024 is that there has been a proliferation of platforms. Misinformation is not just on Facebook and Twitter anymore. People are engaging on all of these niche platforms. For example, Truth Social didn't exist in 2016. The problem has become more diffuse.
So, where we view our role is being able to centralize that risk and help people understand what's happening so that they can make the right decision to protect themselves and their company. With any presidential election year, we do expect an increase in activity. Yet I do think more broadly, we're seeing the trend grow regardless.
Identifying damaging misinformation and disinformation online is one thing, but what is the strategy to combat it once the misinformation has been circulating? Should the strategy differ depending on whether the client is a company, nonprofit, or theoretically an individual?
Every company ends up wanting to take a different approach because it depends on what their goals are. The strategy partially depends on what the risk tolerance is on a given issue. For a lot of companies, when it comes to something like stock price manipulation, there's no risk tolerance, because we're talking about the value of the company and what that means for shareholders.
What we find is that because we're able to catch disinformation and misinformation so early, we give people the opportunity to actually “pre-bunk” instead of debunk these narratives. They can reach their stakeholders and the people they trust with accurate information using their channels.
We have to let the data drive the finding. Being able to have these insights can drive everything from legal action to communications action, whether that's earned media or paid media. These insights can influence physical security teams as well.
Cybersecurity is, like many industries, largely dominated by men. What was your experience breaking into that environment?
One of the things I love about the security field is that it’s highly collaborative. These threats are targeting all of us, and we have to work together to be able to solve them. So I've always found that the security and risk intelligence community has been incredibly welcoming and supportive. Alethea itself is pretty gender-balanced.
On the product and fundraising side, our team has been able to build a great business. It’s hard to argue when you have the numbers and the team to be able to back up.
I recently spoke to several VCs who specialize in cybersecurity, and one thing many of them emphasized is that they look for founders who have technical domain expertise in cybersecurity, and specifically are recruited out of the NSA or Unit 8200 cyber teams. As a cybersecurity founder who had a background in politics as opposed to being a cyber operative, what do you think of that approach? Do you think more people who don’t have that technical background can start cybersecurity companies?
Definitely. To be able to successfully solve a problem, you have to know the problem. Of course, one way to do that is to come from somewhere like NSA, Unit 8200, or you've been on the offensive elsewhere. I think the reason we've been successful in connecting with our clients is that we understand the problem differently. The expertise that we have from having been in our client’s shoes is incredibly important. There are people at the NSA and elsewhere who are looking at it from that angle, as well, but it's different when you're on the outside and you don't have classified information and you don't have the same resources at your disposal in terms of counter offenses.
For us, we're not just trying to reverse engineer the tactic that somebody is deploying. We're trying to help people figure out also, what do you do about it? What's going to make sense for the organization? We've got a fairly seasoned team, and can help customers navigate this new threat because we are in a new digital reality that is uncharted territory.
PayPal potentials: Finally, if you're curious which fintech execs might be in the running to be the next CEO of PayPal, you can read my colleague Luisa Beltran's report on the 7 leading contenders here.
Lucy Brewster
Twitter: @lucyrbrewster
Email: lucille.brewster@fortune.com
Submit a deal for the Term Sheet newsletter here.
Jackson Fordyce curated the deals section of today’s newsletter.