Reken Unveils On‑Device AI Fraud Shield After Stealth Launch

0
5

Key Takeaways

  • Shuman Ghosemajumder, former Google “click‑fraud czar” and early Shape Security employee, launched Reken to combat the erosion of trust in online communication driven by AI‑powered fraud.
  • Reken’s core technology, the Reken Private Core, runs tiny proprietary AI models on‑device, avoiding cloud transmission, reducing breach risk, latency, and reliance on third‑party LLMs.
  • The first product, Northstar, offers real‑time phishing‑and‑fraud detection by verifying legitimate sender signals rather than merely flagging AI‑generated text, aiming to replace ineffective security‑awareness training.
  • Reken envisions a Reken Network where adopters’ devices share anonymized threat intelligence, creating expanding “protected circles” of trustworthy communication, similar to Apple’s iMessage blue bubbles but with stronger verification guarantees.
  • The company raised $10 million seed funding (Greycroft, FPV Ventures) and is launching Northstar via an early‑access program for enterprises, government, and universities, with additional products and third‑party extensibility planned.
  • While network effects depend on broad adoption, Ghosemajumder argues that only AI that is fast, private, and resident on the user’s device can reliably defend against increasingly sophisticated AI‑driven scams.

Founder’s Background and Motivation
Shuman Ghosemajumder earned his reputation at Google as the “click fraud czar,” designing systems that shielded the company’s advertising revenue from cybercriminals. Afterward, he joined Shape Security as an early employee, where the firm’s bot‑mitigation technology attracted a $1 billion acquisition by F5 in 2020. Observing how AI is now being weaponized to erode trust in digital messages, Ghosemajumder left to start Reken in 2024, aiming to address what he calls the biggest security threat of the AI era: the collapse of confidence in online communication. His experience combating fraud at scale informs Reken’s approach, which prioritizes real‑time, on‑device protection over reliance on user vigilance.


The Reken Private Core: On‑Device AI Architecture
At the heart of Reken’s solution is the Reken Private Core, a suite of small, proprietary AI models engineered to execute directly on a user’s device—be it a laptop, desktop, or mobile phone, or workstation—without routing data to external cloud services. By keeping processing local, the platform mitigates two major drawbacks of cloud‑based AI security: the heightened risk of data breaches during transmission and the latency that can frustrate users waiting for threat analysis. Moreover, Reken avoids dependence on large third‑party models from providers such as OpenAI, Anthropic, or Google DeepMind, which would introduce both cost and potential data‑exposure concerns. The Private Core’s design enables organizations to retain full control over their communications while still benefiting from cutting‑edge AI detection.


Technical Challenge: Real‑Time Performance on Commodity Hardware
Ghosemajumder identified the central R&D hurdle as proving that Reken’s AI could deliver high‑fidelity threat detection on ordinary corporate hardware—standard laptops lacking GPUs—while operating fast enough to block attacks in real time. Simply quantizing a large language model (LLM) to fit limited resources would not suffice if the resulting inference speed remained comparable to that of a full LLM, which would be too slow for instantaneous protection. Reken’s breakthrough lies in achieving both resource efficiency and low latency: the Private Core’s models are deliberately lightweight yet sufficiently expressive to recognize sophisticated fraud patterns within the milliseconds needed to intercept a malicious message before it reaches the user.


Northstar: Replacing Ineffective Security Awareness Training
The inaugural product built on the Private Core, Northstar, targets phishing and authorized‑push‑payment fraud. Ghosemajumder critiques traditional security‑awareness training as largely futile, arguing that expecting employees to become “forensic digital investigators” places an unrealistic burden on humans, especially as AI‑generated scams grow more convincing. Instead, Northstar provides just‑in‑time AI intervention that spots threats invisible to the naked eye. Rather than relying on the flawed strategy of flagging AI‑generated text—an approach rendered useless by the widespread, benign use of AI for drafting emails—Northstar emphasizes positive verification signals. It checks whether a message genuinely originates from a trusted entity such as a bank or retailer, allowing users to trust legitimate communications while being warned about spoofed notes that merely appear to be from Amazon, PayPal, or similar brands.


Founding Team, Funding, and Early Validation
Reken was co‑founded in 2024 by Ghosemajumder and his former Shape Security colleague Rich Griffiths. The startup secured a $10 million seed round from venture firms including Greycroft and FPV Ventures. Though Ghosemajumder declined to name specific customers, he confirmed that Northstar has undergone testing in Fortune 500 environments, demonstrating its viability in large‑scale enterprise settings. The product is now available through an early‑access program targeting corporations, government agencies, and universities, with plans to broaden availability and introduce additional security tools built atop the Private Core. Third‑party developers will eventually be invited to create their own applications on the platform, expanding its ecosystem beyond the initial phishing‑defense use case.


The Escalating Threat Landscape
The urgency behind Reken’s mission is underscored by recent cybercrime statistics. The FBI’s Internet Crime Complaint Center logged $20.9 billion in reported losses for 2025—a 26 % increase year‑over‑year—and, for the first time, added an AI‑related crime category, recording more than 22,000 complaints. A 2026 poll by Canadian bank RBC found that 83 % of respondents now assume any online message is a scam unless proven otherwise, illustrating a pervasive erosion of trust. Ghosemajumder notes that even seasoned security professionals can be deceived when caught off‑guard, highlighting the need for automated, real‑time defenses that do not rely on human vigilance.


Real‑World Encounter: Internal Fraud Attempt
Reken’s own early days provided a stark illustration of the threat it seeks to neutralize. An intern, during his first week, began receiving messages impersonating Ghosemajumder himself. The fraudsters had scraped LinkedIn to map the new hire’s reporting chain and identify the ideal target for imitation. This incident underscored how attackers exploit organizational charts and personal data to craft highly convincing social‑engineering attacks, reinforcing the necessity of a solution that can verify sender authenticity instantly and without user intervention.


Vision of the Reken Network: Expanding Trust Circles
Beyond protecting individual devices, Reken aspires to knit together its deployments into a Reken Network. When an organization adopts Northstar, its internal communications become cryptographically verifiable. As suppliers, partners, and other entities also deploy the technology, they join an expanding “protected circle” where messages can be trusted across organizational boundaries. Ghosemajumder likens this dynamic to Apple’s iMessage, which separates users into trusted blue bubbles and everyone else, but argues that Reken can go further by providing stronger guarantees of trustworthiness for in‑network communication. The network would continuously improve by aggregating and anonymizing threat intelligence from participants, enabling smarter detection while preserving individual privacy—a balance Ghosemajumder says he refined through his work on Google’s internal Privacy Council.


Privacy Considerations and Data Governance
Harnessing data across the Reken Network inevitably raises privacy questions. Ghosemajumder acknowledges these concerns, noting that he wrestled with similar issues while helping establish Google’s Privacy Council. Reken’s approach is to aggregate and anonymize threat signals rather than retain raw user data, allowing the network to learn from emergent attack patterns without exposing personal or corporate information. This model aims to deliver the benefits of collective intelligence—faster adaptation to new fraud tactics—while respecting confidentiality and regulatory expectations.


Outlook: Adoption, Network Effects, and the Future of Trust
Whether Reken can fulfill its ambition of becoming a universal trust layer hinges on achieving broad adoption; the envisioned network effects only materialize when a critical mass of devices and organizations participate. Nonetheless, Ghosemajumder’s wager is clear: in a world where anyone can be fooled by increasingly sophisticated AI‑driven scams, the only viable defense is AI that is both fast enough to act in real time and private enough to reside on the user’s machine. By delivering on‑device verification through the Private Core and products like Northstar, Reken seeks to restore confidence in digital communication, shifting the burden from fallible human judgment to reliable, omnipresent machine vigilance. The coming months will reveal whether enterprises, governments, and educational institutions embrace this vision and whether the Reken Network can indeed expand the circle of trust across the digital ecosystem.

SignUpSignUp form

LEAVE A REPLY

Please enter your comment!
Please enter your name here