An MIT Alumni Association Publication

Data breaches happen with increasing frequency—and with more of our lives online than ever before, the attacks seem to be getting more insidious and more widespread. It is a much different world than when Sumit Agarwal ’98 cofounded Shape Security in 2011 with the simple premise of distinguishing a real person online from a fake person in order to protect individuals from cyberattacks. Today, Agarwal, as COO, estimates that every day, half of all adults in America log into websites that Shape protects against cyber attacks.

The company fights online fraud, protecting 150 million account logins every day, and uses artificial intelligence to detect and shut down automated attacks. Its customers include 60 percent of the US airline industry, 40 percent of the hospitality industry, and 40 percent of the consumer banking industry. What’s more, Shape’s cybersecurity capability has made it the fastest-growing company on the West Coast, and the third-fastest-growing company in the United States. 

It started with a prediction about the state of the future, and the prediction was that as the entire world would move online—business, commerce, love, laughter, entertainment—so too would the attackers in a very profound way.

“We framed the company in a very simplistic way because that is how we thought about it,” says Agarwal regarding the company’s philosophy. He and his cofounders realized that they could start by tackling the issue of human versus nonhuman attacker, in order to detect the automated software used by criminals.

“Now we’re focused on the ultimate problem, which is: Is it precisely the correct human doing what that human normally does,” he says. “Is it you accessing the account that belongs to you? Is it your partner picking up your phone because you left it logged in? Answering that complex question of who will take us from a 300-person company to a 1,000-person company.”

The inspiration for Shape first came while Agarwal—appointed by President Obama as senior advisor for cyber innovation—was working in cybersecurity for the Department of Defense. He observed very complicated security issues affecting military-grade websites and realized it was only a matter of time before those issues affected the average person’s online accounts. “It started with a prediction about the state of the future, and the prediction was that as the entire world would move online—business, commerce, love, laughter, entertainment—so too would the attackers in a very profound way.”

Agarwal’s first business, Quova, an offshoot of the MIT 50K competition, was tied to online logins as well, back in 2000, when you could barely tell where someone on the Internet was located.

At every step along the way, says Agarwal, MIT has been part of his career progress—the company’s CTO is Shuman Ghosemajumder MBA '02. Even during his seven years at Google, working on search and mobile product management, he found MIT alumni everywhere.

“I don’t think there has been a job experience, let alone a three-month period, in which the formative experiences that I had as an undergrad—between MIT Air Force ROTC, and the sort of steeping in a technology-oriented education—hasn’t been relevant. Whether it’s the people and the contacts and the network (our earliest co-collaborators at Shape are several MIT alums; several Google people . . . are also MIT alums)—it just can’t be overstated. It’s such an amazing thing. It isn’t something that has faded into the background.”

Agarwal continues to leverage the power of that network and his MIT experience in helping to solve the omnipresent challenge facing his industry.

“It’s a never-ending process of always understanding what attackers are doing today, what they can do tomorrow, and what technology is on the horizon the day after tomorrow that can create new attack models,” says Agarwal. “We have to always be predicting the evolution of defensive and offensive technology.”