CISPA STARTUPS

Technology

Many companies are unaware of the attack surface they present to cybercriminals. The St. Ingbert-based company AIS wants to change that and helps companies uncover digital vulnerabilities and take appropriate security measures. The CISPA spin-off has developed the Findalyze platform, which enables companies to continuously monitor their Internet-exposed IT infrastructure and thus proactively secure it. Through the "attacker's goggles," the software examines publicly available information from companies for potentially security-relevant aspects, evaluates them, and provides actionable insights to improve and maintain IT security posture.

Scientific Background

To determine and reduce the potential attack surface, Findalyze applies various security-related checks and testing procedures to enterprise IT assets, such as domains, email addresses, or externally visible technologies. Under the technical and conceptual leadership of Dr. Oliver Schranz and Dr. Milivoj Simeonovski, both of whom earned their doctorates at CISPA, a scanning and evaluation mechanism was developed that processes the results for companies and makes them available on a dashboard. Through permanent knowledge transfer, AIS ensures that the latest findings and attack vectors are also incorporated into the platform.

Technology

CodeShield is a cloud-native security solution for AWS, specifically focused on detecting IAM privilege escalations and attack paths. The platform analyzes the entire cloud infrastructure of an AWS account, including serverless functions, databases, EC2 instances, networks, API gateways, IAM policies, and security groups. It combines the results into a comprehensive graph that shows which resources are publicly accessible and which issues are the most critical to address.

Scientific Background

CodeShield was founded by Johannes Noll. He brings extensive experience in cloud security and developed the solution to proactively protect organizations against IAM privilege escalations and security vulnerabilities in AWS environments.

Technology

CyberTide is an AI-powered platform for data security in the AI era, providing organizations with comprehensive protection against data loss, insider threats, and compliance risks. The solution combines Data Loss Prevention (DLP), Insider Threat Protection, Data Security Posture Management (DSPM), and AI Security Posture Management in a single, context-aware security stack.
At its core, CyberTide uses advanced AI algorithms to detect sensitive data across various channels, understand its context, and assess risks in real time. The platform enables automated enforcement of security policies and immediate incident response, helping organizations maintain data integrity and compliance continuously.
CyberTide is particularly suited for organizations in highly regulated sectors such as financial services, healthcare, legal, and insurance, where data protection and compliance are critical. The solution can be deployed on-premise or in a private cloud to ensure full control and security.

Scientific Background

CyberTide combines leading AI technologies with deep cybersecurity expertise to develop intelligent data protection solutions that adapt to evolving threats. Through close collaboration with research institutions and strategic partners such as Antler, Earlybird, Tenity, CISPA, BMBF, Swiss Insurtech Hub, IBB, and BITKOM, CyberTide positions itself as a pioneer in data-centric security solutions

Technology

Detesia is a platform for detecting deepfakes in images, videos, and audio, focusing on highest accuracy, transparency, and forensic value. Users can upload media via an API or a pay-per-use web platform and receive a detailed analysis of the content’s authenticity.
At its core, the solution is based on a multi-detector framework, which combines several specialized AI models, each trained on different manipulation techniques such as face swaps, lip-sync manipulations, or generative diffusion methods. In addition, explainable AI is applied: the system transparently shows which features contributed to its decision, such as inconsistencies in lighting, motion, or artifacts.
Beyond pure AI detection, Detesia provides additional forensic tools, including reverse-image searches, metadata analysis, and watermark verification, to comprehensively verify the origin and integrity of media. The platform is particularly designed for organizations that need not only to detect manipulative content but also to document it in a legally robust manner.
For practical use, Detesia is highly flexible: companies can operate the solution on-premise in highly sensitive environments or integrate it conveniently via a cloud API. In both cases, compliance with GDPR is ensured. Platform performance shows a detection accuracy of over 98% on benchmark datasets, with suitability for real-time scenarios as well as batch processing of large volumes of media. Target users include law enforcement agencies, media organizations, and financial and insurance companies.

Scientific Background

Detesia is a spin-off of the CISPA Helmholtz Center for Information Security in Saarbrücken. The founding team combines scientific expertise in artificial intelligence, cybersecurity, and forensic analysis. Its foundation is built on years of research in explainable AI, tamper-resistant systems, and media forensic methods.

Through this close connection to cutting-edge research, Detesia ensures that its technology is not only highly accurate but also scientifically grounded, verifiable, and trustworthy. This positions the company as a pioneer in deepfake detection “Made in Europe”, combining technological innovation with social responsibility and regulatory compliance.

Technology

Fuzzware is a software solution for security-critical analysis of embedded firmware without the need for physical hardware. The platform enables full-system fuzzing based on binary files, without requiring source code or physical devices.
By accurately modeling Memory-Mapped I/O (MMIO) and fully emulating the system, Fuzzware provides a comprehensive security assessment that goes beyond isolated components. This allows companies to test their firmware in a realistic and efficient manner for vulnerabilities.

Scientific Background

Fuzzware is a software framework for the automated security analysis of embedded firmware that operates without the need for hardware. It was designed to address the challenges of fuzzing monolithic firmware by accurately modeling the interactions between software and hardware. Fuzzware combines lightweight program analysis, re-hosting, and fuzz testing to increase the effectiveness of the fuzzing process.

Technology

InputLab is a spin-off of the CISPA Helmholtz Center for Information Security in Saarbrücken. The company provides a platform for the generation of fully synthetic test data for schema-based data formats such as XML, JSON, or OpenAPI. No real personal data is required, ensuring GDPR compliance. Test data is generated based on schema definitions like XSD files or API specifications, enabling systematic coverage of edge cases and boundary conditions that are often missing in traditional test datasets. The solution is particularly suitable for complex software systems in industries such as FinTech, healthcare, and public administration, which rely on structured data.

Scientific Background

InputLab’s technology is based on years of research in formal grammar and synthetic data generation. Instead of relying on AI models, InputLab uses a proprietary specification language called ISLa to formally describe data formats and generate valid test data. This approach avoids the risks of using real data and allows full control over the generated test cases. InputLab has already discovered errors in widely used software libraries during pilot projects—errors that had previously gone undetected.

Technology

Kertos is a no-code SaaS solution connecting an organization’s entire infrastructure to manage personal data and fully automate privacy processes. By executing workflows, handling data subject requests, and building self-maintaining records of processing activities, Kertos makes manual privacy (GDPR) compliance a thing of the past. The integration of external systems plays a central role in the automation of data privacy tasks. This requires corresponding API keys, access tokens or comparable access information. Kertos develops a hybrid zero-trust architecture to make sure data transfer takes place only between the (potentially on-premise) worker nodes and the integrated systems. Thus, the Kertos backend itself never comes into contact with costumers’ API keys or customer data.

Scientific Background

Kertos focuses on the automation of processes, the secure management of privacy requirements and the simplification of everyday workflows for all stakeholders involved. The founders Dr. Kilian Schmidt, Johannes Hussak and Alexander Prams combine relevant practical experience and professional knowledge, which they acquired at renowned universities such as the Technical University of Munich and the Humboldt University of Berlin. While Dr. Kilian Schmidt, with his background in law and first-hand experience with legal processes, takes on the role of "legal expert" in the founding team, Johannes Hussak contributes expertise in product development and innovation as CPO and COO. The team is completed by Alexander Prams, who is responsible for the technical implementation of the Kertos solution in his role as CTO and with his field of expertise, automation.

Technology

NetBird is a next generation solution of network access and security that has been developed as open-source software since 2021. The platform combines Zero Trust principles with a highly scalable peer-to-peer network enabling organizations and teams to securely connect remote resources. It is based on Wireguard® and provides a fast and secure network for any use case, that verifies policies and client context at the edge, not at centralized gateways.

Scientific Background

NetBird has a team with over twenty years of experience in software and infrastructure engineering fields. They come from their countries' best information systems and computer networking universities with a focus on information security. They built their careers in data, automation, and security engineering, always providing the best user experience while keeping security a default option.

Technology

The weakness sequire technology discovered in 2023 in large language models (LLMs) is in the way this technology works. This means that it cannot be
simply "turned off". There is no simple, monocausal approach to fixing the problem. Instead, a mix  of approaches to a homogeneous, secure environment for language models, i.e. an LLM operating system. In addition to the results of their own research, they use traditional elements for protection, such as process separation, rights management, hypervisors, etc.

Scientific Background

sequire technology played a leading role in the discovery of the most important vulnerability in the area of Large Language Models (LLM). 
In the current OWASP Top 10 for LLMs, the Indirect Prompt Injection vulnerability discovered by sequire technology is the number one threat; The German Federal Office for Information Security (BSI) also warned about this in a separate publication. The research combines own findings on LLM vulnerabilities with known principles from the field of operating systems and computer security systems and computer security to create a secure environment for running LLMs.

Technology

Simplyblock is a clustered cloud storage solution that provides users with the ability to create virtual (logical) block storage devices, that scale arbitrarily in size and speed, yet work just as simple as a locally attached disk. Built upon the industry-standard, and fast NVMe over Fabrics protocol, simplyblock combines a multitude of backing storage technologies (local and remote block storage, as well as object storage) but provides a single, holistic view of the logical device. Furthermore, the solution enables automatic tiered storage (moving data between backend storages for price and performance reasons), as well as industry-expected features, such as compression, deduplication, encryption, and more.

In addition to that, features like immediate snapshots, remote backups, automatic self-healing, and our intelligent data balancing algorithms, as well as enhanced disaster recovery mechanisms help mitigate the dangers of ransomware attacks, or other types of security breaches that cause data loss, data encryption, or data corruption. Simplyblock integrates advanced cybersecurity features to recognize and stop new attack vectors and offer an immediate recovery in situations where data was already modified, aiming to bring a RPO (Recovery-Point-Objective) of 0, hence no data loss, to the world.

We want to democratize the ability to use cloud storage the way the user needs it, not the way it is offered by cloud providers.

Scientific Background

The simplyblock team combines decades of experience in different field, product-related fields, such as distributed systems, storage solutions, cloud infrastructures. Our technology is based on industry-proven components like SPDK (the Storage Performance Development Kit), a framework supported by industry giants such as Intel, and uses NVMe over TCP as the underlying transport protocol, providing an out of the box experience available in Linux and Windows. The combination of components provides an easy to use and high-performance solution to companies running IO-intensive workloads, such as databases, in the cloud.

Technology
The problem of vulnerable Internet-of-Things (IoT) devices grew into a serious menace, culminating in massive DDoS attacks and an even more significant threat to the privacy of personal data. Bitahoy addresses this problem by developing a device that is connected to the home network and analyzes any network traffic. The goal is to provide an automatic solution to detect attacks on IoT devices and thus improve the security and privacy of the users.

Scientific Background
The Bitahoy Watchdog is a distributed system that can protect non-industrial IoT devices from malicious commands and data-exfiltration. After the deployment of the client-part of this system in the user’s network, it is capable of intercepting, analyzing, and filtering network traffic of all the connected IoT devices without any configuration. The system classifies devices and judges their real-time behaviors through machine learning based on previously observed benign activity. The founders of Bitahoy are graduates of the master's course ‘Entrepreneurial Cybersecurity’ at Saarland University.

Technology
chainifyDB converts well-founded scientific findings into marketable, user-oriented software solutions. These help companies to carry out transparent and unambiguously traceable transactions with different trading partners, to reduce conflict potentials and thus to save resources. For this purpose, chainifyDB uses private blockchain technology by extending existing database infrastructures with security functions. chainifyDB's cloud-based software solution seamlessly connects to the most common database management systems, drastically reducing the barriers to entry for secure digital transactions.

Scientific Background
The start-up, which is based at Saarland University, was founded in 2020 as a result of research work carried out by the Big Data Analytics Group. The two founders, Dr. Felix Martin Schuhknecht and Dr. Ankur Sharma, both received their doctorates in computer science at Saarland University. Dr. Schuhknecht's research areas included blockchain technologies, transaction processing, indexing and data management while Dr. Scharma focused on main memory data management and transaction processing in HTAP systems and private block chain systems. The third founder is Prof. Dr. Jens Dittrich. He is a Full Professor of Computer Science in the area of Databases, Data Management, and Big Data at Saarland University.

Technology

Sesame leverages modern Large Language Models (LLMs) to optimize knowledge management for clients. Based in Saarland, Germany, with additional presence in Hamburg and Bavaria, the team prioritizes maximizing LLM benefits while upholding top-notch security and privacy. Their commitment goes beyond interest; they utilize LLMs as invaluable assets for clients through innovative software solutions. Collaborating closely with customers, they merge their ideas with cutting-edge technologies, delivering bespoke solutions tailored to unique business needs. This proactive approach to security enables businesses to optimize operations using advanced LLMs all while safeguarding the privacy of their data.

Scientific Background

Collaborating with esteemed research affiliations like Helmholtz (CISPA), contexxt.ai – the company behind Sesame – demonstrates its dedication to pioneering innovation, with security and data privacy ingrained in every aspect of its approach. Security and data privacy are fundamental pillars of the strategy, deeply integrated into the recommended architectures and methodologies. The team actively explores the security readiness of vector databases, recognizing their potential as optimal primary data sources for language models, especially in terms of data security entry points.

In the ongoing research, the company investigates how vector databases can facilitate tenant separation by integrating knowledge elements with unique TenantIDs. This involves integrating TenantIDs within the vector database, implementing data partitioning techniques, and applying tenant-specific filters. These efforts are aimed at enhancing privacy and security in shared language models, leading to benefits such as heightened data confidentiality, adherence to regulatory frameworks, and bolstered customer trust. By prioritizing security in this manner, contexxt.ai upholds its commitment to ensuring the utmost care in handling data and maintaining trust.

Technology

The Cybervize platform is designed for organizations of all sizes to strengthen their cybersecurity. This solution includes an AI-based SaaS component that identifies risks, recommends cybersecurity measures, and assists with implementation. As an integral part of Cybervize, a moderated user forum promotes knowledge sharing and provides practical guidance. Human advisors provide targeted expert assessments to assist with implementation and conduct periodic reviews upon request.

Scientific Background

Cybervize's technology is based on the application of AI technologies and SaaS solutions to automate cybersecurity processes. The solution draws on proven cybersecurity practices and processes, as well as information security and risk management best practices, to provide a comprehensive and cost-effective cybersecurity solution specifically for small and medium-sized businesses.
 

Technology
Children are surrounded by digital systems and are using them more than ever before. However, many of them are not aware of what is actually going on inside of all these tablets and computers and which risks arise when using digital devices. And how to prevent these risks by following a series of guidelines, from choosing the right password to dealing with cyberbullying and preventing the disclosure of sensitive information to others. Therefore, Foldio aims to prepare children for the digital world at an early age by teaching them the basics of computer science and cyber security in a playful way. To reach this goal Foldio develops educational paper-based toys accompanying mobile video games.

Scientific Background
After launching a first product version, the Foldio Starterset, a programmable paper robot that children can program to know the basics of how computers work, Foldio is currently developing a hybrid point and click adventure game that will teach children the basics of cyber security. CISPA Incubator supports Foldio professionally from the development of a learning concept to the first game prototype.

Technology

fuse.space is the first secure data and collaboration space that records and protects the complex and collaborative process of creative work, to protect its intellectual property. Our vision is to connect the world in creativity. A world where all people and entities can work together easily and securely, without having to know or trust each other. To do this, we are creating a space that supports, transparently documents, immutably secures, and verifiably protects the collaborative process of creative work. We address music creators, architects or scientists, anyone who shares and collaborates on their sensitive and unprotected intangible assets, such as ideas, concepts, and inventions. With the support of CISPA, fuse.space is further developing its solution to enable a secure collaboration space.

Scientific Background

With the help of over 1,000 creators and institutions in the creative industries, we are working together to create a solution that covers and secures the most important work processes and integrates them into their workflows. We ourselves come from the music industry and know the problem and its potential very well. Andre Angkasa has been building digital media services, products, and brands for over 18 years. Alexander Wittkowski, as a music producer and composer, knows the problem from his own experience. He had two of his songs stolen and published under a different name by a very famous pop star. Unfortunately, he lacks any proof of the collaboration process and his IP.

Technology

Hyde is a platform for consumers to monetize their data in a privacy-preserving manner, and for businesses to understand their customers better in a compliant way. Built on a state-of-the-art privacy foundation, Hyde provides transparency, control and data sovereignty for consumers, while allowing businesses to expand their customer data beyond their own premises. The vision of Hyde is to equip consumers with data agency and to equalize business data moats.

Scientific Background

Hyde builds on recent progress in Trusted Execution Environments (TEE). This technology allows to compute on data without exposing it to third parties. Beyond that, Hyde is heavily using Machine Learning Embedding technology to convey consumer taste like music, movies, or shopping. Hyde is led by Dr. Uwe Stoll with a PhD in Semantic Web and Machine Learning, and a long track record in applied AI. CTO Kyohei Hamaguchi (JP) has about ten years of experience in designing complex software systems with an emphasis on information security. 

Technology

Two-factor authentication has become the standard for logging in to most web services. To ensure that logging in is not only fast, but also secure, Deepsign has developed a technology for companies and their employees that turns the individual behavior of users into a second factor. Using artificial intelligence techniques, DeepSign creates a model of how users interact with their mouse and keyboard. This unique interaction pattern can then replace cumbersome authentication via other devices or repeated password entries when logging into a computer. Unlike other biometric features such as a face or fingerprint, interaction patterns cannot be easily copied undetected or accidentally passed on like a password. In addition, the login process remains fast.

Scientific Background

DeepSign puts behavior-based security at the forefront. The founders Jannis Froese and Nils Vossebein studied at Saarland University and combine knowledge about IT security from academia and industry. While Jannis Froese is particularly knowledgeable in the field of machine learning, Nils Vossebein's specialty is the acquisition, processing and storage of data. He is also in charge of sales at DeepSign.

Technology
Smart building automation systems offer comfort, efficiency and economic ways of living and working in the future. Therefore, it is however necessary that tasks, which are now handled by the technology, work reliable and according to official regulations and the individual desires of all users. With this goal in mind, the project develops a new user interface, which guarantees correct, safe and secure behavior at any time. Possible errors during the configuration of the system are detected immediately such that potential risks can be avoided at the earliest point in time.

Scientific Background
The technology, used in the project, is based on current research in the area of the formal analysis of reactive systems, which are characterized by the continuous interaction with an unpredictable environment. Every intelligent building describes a reactive system. With the help of formal models it is possible to analyze the automated control under all possible environment circumstances with respect to the correct behavior, even before the system has been applied to a real world environment. This covers the correct execution of all required actions, especially in safety and security critical situations, but also the protected usage of the personal data that is collected during the execution in the end.

Technology

LUBIS EDA has developed a software tool for the verification of digital integrated circuits (IC) which are part of a lot of semiconductors. With this tool, LUBIS EDA can automatically generate the Verification Intellectual Property (VIP). This VIP can then be used to ensure that there are no functional flaws and bugs within the IC. Functional bugs can not only lead to a malfunctioning semiconductor but can also be an entry point for security issues. The verification methodology is based on the so called “Formal Verification” technique for semiconductors.

Scientific background

Dr. Tobias Ludwig has developed a new and efficient methodology for the generation of the VIP within his time as a researcher at the TU Kaiserslautern. His dissertation resulted in a software prototype that implements this methodology. Dr. Michael Schwarz has done his dissertation at the same chair as Dr. Tobias Ludwig and is an expert in Formal Verification as well as Hardware-Software-Interfaces. Dr. Max Birtel holds a degree in business engineering and was a researcher at the German Research Centre for Artificial Intelligence (DFKI) and the SmartFactory Kaiserslautern in the field of Industrie 4.0 .

Technology

Natif.ai is a deep-tech startup in the field of intelligent document processing. The platform provided by natif.ai enables developers to automatically extract all relevant information from common documents via an API and pass it to downstream systems. In addition, developers can automate their own document processes without deep knowledge of modern AI techniques: the Natif platform guides developers through the entire setup process, trains use-case specific models, and makes them available via an easy-to-use API. The AI learns continuously through an active learning approach. Since all AI models are developed in-house and hosted in Germany (including an own deep-OCR), documents can not only be analyzed extremely fast and accurately, but also meet the highest data protection standards. Currently, natif.ai is working on AI-based forgery detection to assess whether documents have been tampered with. Thus, in the future natif.ai will support companies in both automating and securing document-based processes.

Scientific background

Natif.ai employs a large number of AI experts who studied at renowned universities and then either worked at research institutes such as the German Research Center for Artificial Intelligence (DFKI), some of whom earned their doctorates, or gained experience in the research departments of various commercial enterprises. Today, Natif.ai still works closely with the DFKI and CISPA, participates in funded research projects, and supervises bachelor's and master's theses.

Technology

Complex AI systems are inherently black-boxes with minimal insight into their internal functionality. This bears the danger of decisions that are not justifiable, legitimate, robust against external manipulations or that simply cannot be understood by stakeholders with different backgrounds. To help organizations meet this challenge, QuantPi developed an innovative framework which systematically matches questions about the functionality of AI systems with appropriate algorithms to produce relevant explanations. Furthermore, it allows users to understand how the latter algorithms work and to evaluate risks when interpreting their output.

Scientific Background

QuantPi is a spin-off of the prestigious Helmholtz Center for Information Security (CISPA), located in Germany. We develop automated and scalable solutions for explainability and robustness auditing of AI models. The QuantPi team is made up of leading researchers, engineers and business minds from premier universities around the world. Our customers include well-established companies of various industries and fastly-growing AI startups.

Technology

At the heart of the Xpect approach to modeling safe processes is a representation formalism that not only maps temporal sequences of actions, but also captures their semantics by linking them to existing knowledge. In this way, it becomes possible to prove central properties of abstract processes and concrete sequences and to correct them if necessary. By monitoring the current execution of a process, the violation of central security or compliance rules can be detected in advance and the occurrence of a critical state can be avoided.

Scientific Background

Most of Xpect's employees have many years of experience in artificial intelligence research. For example, many of them were employees at DFKI, with which there is still close cooperation. In addition, they have gained relevant experience in management consultancies or companies in large-scale industry, which pays off in particular when it comes to identifying relevant issues and assessing the weaknesses of current solutions.