Project Kavach is building AI agents that detect phishing attempts, halt ransomware before it spreads, and close vulnerabilities from prioritisation through to verified remediation.
The 2025 Verizon Data Breach Investigations Report analysed over 22,000 real-world security incidents. Every design decision at Project Kavach traces back to what that data says.
The 2025 Verizon DBIR, which analysed 22,052 incidents across 139 countries, found ransomware in 44 percent of all confirmed breaches, up from 23 percent in 2024. Critically, 88 percent of ransomware incidents targeted small and mid-sized organisations. Ransom groups no longer discriminate by size; they scale demands proportionally to revenue. The operational damage, recovery time, and reputational cost far exceed the ransom figure itself.
Verizon DBIR 2025IBM X-Force 2025 recorded an 84 percent year-over-year surge in phishing emails carrying infostealer malware, with early 2025 data suggesting a 180 percent increase against 2023 baselines. Attackers now use AI to generate contextually convincing lures at scale. The median time from email open to credential submission is under 60 seconds, faster than any human review process can operate.
IBM X-Force Threat Intelligence Index 2025Vulnerability exploitation as an initial access vector rose 34 percent year over year in the 2025 DBIR, now accounting for one in five breaches. For critical edge device vulnerabilities, the median time between public disclosure and active mass exploitation was zero days. IBM X-Force found that 60 percent of the top CVEs discussed on dark web forums had weaponised exploit code within two weeks of disclosure.
Verizon DBIR 2025Project Kavach is building three purpose-built AI agents. Each has deep, focused capability in one domain. Together they form a coordinated defence layer across phishing, ransomware, and vulnerability management.
Lens analyses every inbound message using natural language understanding, sender behaviour modelling, link graph analysis, and attachment inspection calibrated to your organisation's communication patterns. It identifies phishing, business email compromise, AI-crafted impersonation, and credential harvesting attempts before any user interacts with the content.
Brace monitors process behaviour, file system activity, memory access patterns, and lateral movement signals continuously. The moment ransomware behavioural indicators appear — mass file modification, shadow copy deletion, abnormal privilege escalation — Brace isolates the affected system and stops propagation across the network in seconds.
Seal works downstream of your existing scan tools. It ingests raw vulnerability findings and applies intelligence to them: ranking every finding by real-world exploitability, active threat actor usage, and business impact. It then drives the full remediation lifecycle — from prioritised action plan through to verified closure.
Each Project Kavach AI agent operates on the same four-phase loop, aligned with the NIST incident response lifecycle and grounded in MITRE ATT&CK adversary behaviour mapping.
Project Kavach integrates with the security tooling you already operate. The AI agent layer sits above your existing infrastructure, consuming and correlating telemetry without requiring a replacement cycle.
Agents correlate signals across multiple sources simultaneously. A single event that appears benign in isolation becomes significant when placed in context with other activity. That correlation runs continuously at machine speed.
High-confidence findings trigger autonomous action: quarantining messages, isolating endpoints, initiating patch workflows. Ambiguous findings are escalated with the full investigation assembled — no analyst starts from scratch.
Every resolved finding is confirmed closed, not just actioned. Each case feeds back into the agent model of your environment, improving precision and reducing false positives continuously.
When phishing clicks happen in under 60 seconds and ransomware encrypts thousands of files per minute, response time is not a preference. Every architectural choice is measured against time to action first.
Threat models are derived from the Verizon DBIR, IBM X-Force, MITRE ATT&CK, and CISA Known Exploited Vulnerabilities. We build on what has been observed and documented, not hypothesised.
Alert fatigue is a documented cause of security programme failure. The goal is not more visibility — it is fewer, higher-confidence findings that analysts can act on without hesitation.
Automation handles speed and scale. Human judgement handles consequence. On Seal's patch actions and Brace's isolation decisions, a human approves anything with irreversible business impact.
Lens, Brace, and Seal are designed to work independently and as a coordinated system. A phishing-delivered ransomware attack that exploits an unpatched vulnerability is covered end to end.
Each AI agent ingests live threat intelligence and learns from your specific environment. Detection does not stay static as attackers adapt — it improves with every resolved incident.
All figures are drawn from primary research published by Verizon, IBM, and independent market research firms. Each is linked directly to its source document.
Project Kavach is actively building AI agents for cyber defence. If you want to follow what we are building or explore a conversation, we would like to hear from you.
Get in touchProject Kavach takes its name from the Sanskrit word for armour not a barrier you hide behind, but protection that moves with you. That distinction shapes how we are building every AI agent in the platform.
The 2025 Verizon Data Breach Investigations Report analysed over 22,000 real-world incidents and found ransomware in 44 percent of breaches, vulnerability exploitation growing 34 percent year over year, and phishing still the dominant delivery mechanism for both. The IBM X-Force 2025 Threat Intelligence Index found that attackers now deploy infostealer malware via phishing at 84 percent higher weekly volumes than the prior year. These are not incremental shifts. The threat has fundamentally changed in speed and sophistication.
We are building Project Kavach because the gap between how quickly attacks move and how quickly defences respond cannot be closed by human-only processes. Lens, Brace, and Seal are each built for one of the three most consequential and well-documented attack categories, with the depth and specificity that a general-purpose platform cannot achieve.
Every design decision traces back to published research. Every AI agent action will be logged, explainable, and auditable. We build on what is observed, not assumed.
Threat models are derived from the Verizon DBIR, IBM X-Force, MITRE ATT&CK, and CISA guidance. We do not build on intuition when data is available.
Every action an AI agent takes will be logged, traceable, and explainable. Security tools must earn trust. We will not build systems that cannot account for their decisions.
Three AI agents built with real depth are more valuable than ten shallow features. Project Kavach is narrow by intention and rigorous within that focus.
Automation handles speed and scale. Human analysts handle consequence and context. On the actions that matter most, a human confirms before execution.
"To close the speed gap between how fast attackers move and how fast defenders can respond — by building AI agents that are precise, autonomous, and always on."
Project Kavach is building AI agents for cyber defence. If you want to follow our progress, explore a collaboration, or talk about where this space is heading, we would like to hear from you.
Project Kavach is actively building three AI agents. Lens for phishing, Brace for ransomware, and Seal for vulnerability management. We are always open to speaking with researchers, security professionals, and anyone serious about the future of cyber defence.
Project Kavach is actively building its AI agents. If you are a researcher, security professional, or potential collaborator, send a message and we will get back to you.
Send us a message
We respond to every message personally.We will be in touch soon.