Penetration testers are the good guys of cybersecurity. They simulate the behavior of cybercriminals to identify weaknesses in the defenses of public and private organizations, so those entities know what issues to address, which security holes to plug, which defenses to fortify. One of these cyber good guys united some 6 years ago with some friends, two software development experts, and a skilled finance professional, to found Delve Labs, a Montreal company created with the mission to leverage artificial intelligence to help companies defend against cyber attacks. Gabriel Tremblay, Louis-Philippe Huberdeau, Keven Marin, and Frederic Roy-Gobies founded Delve Labs in 2014, and since that time, the company has grown to nearly 2 dozen employees, the majority based in their offices in the Plateau Mont-Royal.
The cybersecurity challenge that Delve Labs is addressing is both persistent and ubiquitous. Indeed, nearly all organizations struggle with it. Even readers unfamiliar with the intricacies of information security are familiar with security breaches, and especially today’s most popular manifestation, ransomware. And, if you’ve read about a ransomware attack, there’s a greater than 50% probability that that attack originated with the exploitation of a software “vulnerability,” or a flaw in the software that allows it to be compromised by attackers. Software vulnerabilities are present, and plentiful, on the networks of all organizations, and can number in the tens of thousands, hundreds of thousands, and even in the millions on some large corporate networks. Fixing all vulnerabilities is impractical, and unnecessary, as some pose a much greater risk to the organization than others. The challenge is knowing which to fix urgently, and which lower-risk vulnerabilities can wait. That’s where Delve Labs comes in.
Sorting through a couple hundred thousand vulnerabilities is clearly not something that even a large team of humans can accomplish practically, so Delve Labs attacked the problem with machine learning, among other technologies. Processing over 40 factors for each vulnerability, the DelveAI engine prioritizes each one in context – and relative to one another – to produce a numbered, prioritized list of vulnerabilities that is recalculated continuously. Ultimately, this process results in highly prescriptive output that provides specific vulnerability remediation instructions to IT teams that will maximize their vulnerability risk reduction for a given amount of resources.
, 
Delve’s solution leverages machine learning for other elements of vulnerability management operations as well, but it’s the company’s exclusive Contextual Prioritization that has placed them in the same conversation with legacy vulnerability management companies that have been in business for nearly two decades, and that boast revenue streams in the hundreds of millions of dollars annually.
Over the past several quarters, the company has expanded its sales and marketing operations into the US. However, from its inception, Delve has benefited greatly from the rich technical talent pool Montreal has to offer, not only in AI expertise but also in cyber security and software development as well. The company now has a growing footprint that extends into the east and west coasts of the US, but its development team is located entirely in its Montreal office.
Louis-Philippe Huberdeau CTO, Delve Labs
In a few short years, Delve has assembled a superb technical team and developed an innovative solution that’s shaking up one of the most established cyber security disciplines, counting some of Canada’s iconic household brands as its customers. In an era where cyber-attacks pose serious, and even potentially existential, threats to many organizations, the potential for Montreal-based Delve is limitless.
