Pushing the frontier of
Risk Intelligence
Protos Labs began in threat-informed cyber risk quantification (see patent). The founders come from cybersecurity and national security consulting backgrounds — including Booz Allen Hamilton — and began by working on how to attach a defensible figure to cyber risk, grounded in real adversary behaviour rather than generic frameworks. For a season, the cyber insurance market was where that work was most applicable, and we focused there.
Over time, the threat-informed half of the work was where the more substantial questions lay. Threat feeds, vulnerability disclosures, dark web chatter, security alerts — all of it available, almost none of it contextualised to a specific organisation. What does this particular threat mean for our environment? Which of our assets, our people, our vendors, our data does it touch? What should be done about it, and in what order? These were the questions that took analysts hours of manual work per incident, and the questions executives and boards needed answered before a decision could be made.
Agentic AI was the capability that made those questions tractable at scale. By 2024, models had become strong enough to take a threat advisory, a vulnerability disclosure, or a suspicious signal and carry out the contextualisation work that an experienced analyst would do — working more thoroughly, across a wider range of sources, and with a speed that manual analysis could not match. We pivoted Protos Labs to adversarial risk intelligence and rebuilt the product around that problem: the gap between a piece of threat data and what it means for the organisation reading it.
The analytical discipline the product now automates — building a picture from incomplete data, working across multiple sources, and producing conclusions that hold up under review — is the work the founders were already doing before founding the company. The continuity between the people and the product is direct.
Protos AI was co-developed with advanced partners, in environments where the analytical work is high-stakes and the standard of reliability must be absolute. Work began in 2024, and the product was built, tested, and iterated in that setting for over a year before we made it commercially available in October 2025.
That co-development is reflected in what the product is today. The architecture assumes air-gapped deployment as a first-class option, rather than a configuration retrofitted later. Auditability is a starting condition, rather than a compliance feature. Every conclusion carries its evidence with it, because in the environments we built for, "the model said so" is not an acceptable answer. The corroboration discipline — working across multiple sources because a single-source conclusion is a lead, not intelligence — came from partners whose own analysts operate to that standard.
What appears in the commercial product today is the result of that year(s) of development. Capabilities that others tag as future roadmap — reliable outputs at scale, deployable in regulated environments, defensible under audit — were required conditions for us from the beginning.
We do not name our partners. But what we carry forward is the operating discipline.
.png)