Dune Security

At Dune Security, we envision a future where human error in cybersecurity is automatically minimized, creating a safer digital world through precise, adaptive risk management. Our mission is to transform how organizations protect themselves by redefining behavioral risk assessment using AI-driven continuous analysis and personalized interventions.

We harness cutting-edge technology to deliver dynamic training tailored to individual risk profiles, seamlessly integrating with enterprise security operations to preemptively respond to insider threats and social engineering attacks. By focusing on human factors as the critical frontier in cybersecurity, we build a resilient defense that adapts in real-time to evolving threats.

Our platform empowers organizations to achieve exceptional security outcomes not by compliance alone, but through meaningful behavioral transformation, fostering a culture of security ownership that continuously evolves with emerging challenges. We are dedicated to advancing this new paradigm of cybersecurity, leading the way for enterprises to safeguard their most valuable assets—people and data—with unparalleled precision and insight.

We've been tracking Dune Security since their 2023 launch, and frankly, we're impressed by how quickly they've carved out a distinct niche in cybersecurity. While most companies throw generic phishing simulations at employees and call it a day, Dune took a completely different approach — using AI to actually understand how risky each person is and tailoring defenses accordingly.

The numbers speak for themselves: they've raised $9 million across two rounds and grown to 67 employees in just two years. That's solid traction for a company tackling one of cybersecurity's trickiest problems.

What Makes Their Approach Different

Here's where Dune gets interesting. Instead of treating all employees like potential security disasters, their User Adaptive Risk Management platform creates individual risk profiles. It watches how people respond to simulated attacks, analyzes their role sensitivity, and spots behavioral anomalies through your existing security tools.

The clever part? High-risk users get intensive, personalized training while low-risk folks aren't bothered with endless security modules. We love this — it's like having a security coach that actually knows who needs help instead of annoying everyone equally.

Real Results That Actually Matter

We're always skeptical of cybersecurity metrics, but Dune's client results caught our attention. A 25% average risk score reduction in three months is solid, but the 75% reduction in PCI compliance training time? That's the kind of efficiency gain that makes CFOs happy.

Their partnership with Reality Defender to combat AI-generated media threats shows they're staying ahead of emerging attack vectors. Smart move, considering how sophisticated social engineering is becoming.

Who Should Pay Attention

Dune seems laser-focused on small to mid-sized enterprises — organizations big enough to have real security concerns but not massive enough to build custom solutions. If you're tired of generic security awareness training that nobody pays attention to, this adaptive approach could be game-changing.

We're particularly intrigued by their CISO Advisory Board. Having enterprise security leaders guide product development suggests they understand real-world pain points, not just theoretical threats.