A groundbreaking venture has emerged in the data loss prevention sector, spearheaded by a startup known as Jazz. The company, founded by Ido Livneh, a former leader at Axonius, has made waves by securing a remarkable $61 million in funding to enhance the way data transactions are analyzed across personnel, systems, and business processes. This substantial investment underscores the rising emphasis on combating data loss risks, especially in an era where insider threats and the exposure of generative AI (GenAI) data are of paramount concern.

In a joint venture led by Glilot and Team8, the funds will be allocated to the advancement of agents that not only analyze the data movements but also contextualize them by considering the environments and processes linked to each transaction. Livneh elaborates that Jazz aims to collect and comprehend signals emanating from various endpoints to effectively interpret the sequence of events surrounding data access and its movement within an organization. “Data Loss Prevention (DLP) is not a novel challenge,” Livneh stated during an interview with Information Security Media Group. “Everyone from board members to security organizations is acutely aware of the risks tied to DLP.” He emphasized, however, that the conventional solutions have consistently underperformed, leading to widespread dissatisfaction among security professionals. “CISOs often express their frustration with existing DLP methods; it seems nobody is particularly fond of them, as breaches continue to recur,” he added candidly.

Founded in 2024 and comprised of a robust team of 44 employees, Jazz recently emerged from stealth mode, coinciding with the announcement of its funding achievement. Livneh has been at the helm since the company’s inception, bringing a wealth of experience from his leadership roles in the cybersecurity space, including an influential stint at Laminar, a data security posture management startup that was recently acquired by Rubrik for approximately $104.9 million.

Addressing the Limitations of Traditional Data Loss Prevention

Jazz is set apart from traditional DLP solutions which predominantly rely on pattern matching, keyword rules, and regular expressions. While effective at identifying blatant cases of data exposure, these methodologies often lack the contextual grasp required to gauge whether data movements pose genuine security threats, a gap Livneh articulated well. The inadequacies of rule-based systems also lead to an excessive number of false positives, which complicates the task for security teams. “From our observations, less than 30% of organizations even attempt to implement a DLP program, and even those acknowledge that their efforts are generally half-hearted,” Livneh noted.

The architecture underpinning Jazz’s operational model features multiple AI agents that deliver a multifaceted analysis of individual data transactions. Each agent examines a transaction from distinct angles—looking at the data itself, system context, human behavior, and the business processes at play. In Livneh’s words, “What we have developed is an autonomous DLP investigator that automatically performs comprehensive investigations of each data transaction. It examines the data, the systems involved, the actors, and the related business processes, ultimately alerting organizations to the critical incidents they need to understand.” This innovative approach allows for a detailed understanding of what transpired, the rationale behind it, and the intent of the participants involved.

Moreover, Jazz aims to reframe the policy interpretation landscape by encoding regulations in natural language. This semantic modeling allows the AI system to decipher the intentions behind the organization’s security protocols rather than merely adhering to rule violations. Livneh provided an example where the emergence of new workflows that are not explicitly documented in policy frameworks still enable the system to evaluate whether such activities align with the organization’s ethos. “We have developed a natural language policy engine that delineates acceptable and unacceptable behavior within the company,” he explained. “This framework allows Melody, our AI system, to conduct evaluations similar to a human, thereby addressing scenarios that may not have been explicitly mentioned in policy documents, effectively bridging the gap between established protocols and daily operational practices.”

The Risk of Sensitive Data Leakage

In a landscape increasingly influenced by generative AI tools and Software as a Service (SaaS) applications, the avenues for data leakage have multiplied exponentially, rendering conventional DLP systems less effective. Livneh pointed out that AI assistants, productivity tools, and various SaaS platforms frequently obligate users to upload sensitive information, thereby creating new channels through which critical corporate data may escape.

“The frequency with which we witness the deployment of new AI and GenAI tools is staggering, and employees are often adopting these technologies without corporate endorsement,” Livneh cautioned. He elaborated that the potential for sensitive data to be compromised is ever-present, particularly when engineers might upload proprietary code bases into personal AI accounts for modifications or when customer information is stored in personal applications instead of official company CRM platforms.

“Numerous reports highlight cases where engineers have inadvertently exported entire code bases and essential documents to personal accounts to leverage AI assistance for product development,” he remarked. Such scenarios can drastically undermine organizational data integrity.

Jazz emphasizes that, despite the advances in automation, the ultimate decisions regarding remediation actions, such as severing network access from devices or addressing incidents, always involve human oversight. Administrators play an integral role by interacting with the system to assess alerts, engage in discussions over ambiguous cases, and clarify what behaviors are deemed acceptable, paving the way for refined policy interpretations. “A human element is always present—in no scenario will a device be disconnected from the network without a designated decision-maker,” Livneh asserted. “Melody presents the administrator with scenarios falling outside established policies, fostering discussions that facilitate ongoing adaptation of the system to align with specific business needs.”