Skip to main content
Back to storyroom
AI

They Sold to Twitter, Built a Billion-Dollar Company, and Now They Are Solving AI's Scariest Problem.

They Sold to Twitter, Built a Billion-Dollar Company, and Now They Are Solving AI's Scariest Problem. - Prime World Media Business Story

This is the story of Brian Long and Andrew Jones, two serial founders who went from mobile advertising to SMS marketing to their most urgent business to date: Adaptive Security, an AI security company that defends enterprises from deep fakes, voice cloning, and the most potent wave of social engineering that the world has ever faced.

The Founder Who Always Started With a Problem

There's only one thing that stuck with Brian Long growing up: every single problem he found was an opportunity for him to build a business around it. From building websites for local businesses to brewing the sodas he would want to sell as a child, to running through startup concepts that rarely made it off the ground, the ideas never ceased coming. The primary business concern in Brian's life has always remained on that front.

At the University of Pennsylvania, Brian did not know where to head after graduation. He then consulted a well-established businessman about the career he should pursue upon graduation. The answer he got was not at all what most Ivy League students were doing. Learn the real workings of a business from the consumer's perspective, Brian was told. Figure out what people would be willing to pay for and why.

Brian did exactly that. He worked in sales at CNET for 4 years, where he worked with key advertisers. After that, he went to Pontiflex, a mobile retargeting company, where he helped mobile products scale and a new ad format take root over thousands of apps. In 2012, Brian's experience in sales and product was sufficient to found his own startup, TapCommerce. The mobile retargeting company that Brian hired Andrew Jones to be the Head of Product for was sold to Twitter for about $100 million 2 years later.

Brian was in his early 30s.

After spending 2 years as a Senior Director at Twitter, Brian left; he says he didn't leave because Twitter was bad; rather, he says, "I wanted to get back to where I could build new things," according to an interview he gave to Crain's New York.

Andrew Jones: The Product Mind Behind Two Companies

As a student of both IS and Finance, Andrew had the duality of having the skills to understand not only the system but also the business. As an early employee at TapCommerce, he was Head of Product and responsible for turning Brian's market knowledge into a product brands wanted to buy.

When Twitter bought TapCommerce, Andrew followed inside, serving as Senior Programme Manager. Like Brian, he discovered a larger company environment that was safe and well-funded but not a place for a thinker whose primary focus was problem-solving, not managing functions.

The two founders, by now, had realised something profound: their working dynamic was not born of consensus, but of complementarity; Brian saw the market, and Andrew saw the product. Together, they possessed a picture neither could have imagined alone.

When Brian began thinking about his next company, Andrew was the first one to get the call.

The Pivot That Became Attentive

Their first experiment post-Twitter, Franklin, was to help enterprises communicate with their deskless workforces. They would build demos, pitch to and test with customers, and then closely analyse the results. To their surprise, the most popular version wasn't the workforce communication tool but the consumer version: directly texting with customers from a brand.

Brian knew from his experience inside Twitter that customers really wanted messages from brands they cared about. Texting reached absolutely everyone instantly, on the device they carried with them at all times. It was illegal to send a text message to someone without their opt-in, so everyone receiving text messages from a brand was already their most engaged audience. Friction was a feature.

They shifted direction and launched Attentive in 2016. Attentive is now one of the fastest-growing software companies in US history. Attentive has raised >$800M from investors such as Sequoia, Coatue, and Tiger Global, reaching a $7B valuation by 2021. The company has over $500M ARR by 2025, and works with over 8,000 brands while sending >10B messages annually. Brian left as CEO of Attentive in 2023 to be replaced by Amit Jhawar. Shortly after that, Andrew left as CPO. They both have active relationships with the company on the board and as shareholders. Combined, they have started and sold 2 companies, usually before the first company even runs its course.

The New Problem: AI Is Being Weaponised Against People

Brian and Andrew started Adaptive Security in 2024. The problem this time was not about commerce or marketing. It was about survival.

Deepfakes have moved from the lab to real-world deployment. Generative AI enabled a threat actor to mimic the CEO's voice from a 30-second audio clip and instruct the finance director to wire money. It allowed an incoming video call from a friend and former colleague, an AI construct, who asked the target to reveal their password. No longer was this purely hypothetical. It was happening, in volume, to actual companies.

The statistics were stark. Social engineering attacks – targeting humans, not computers – were responsible for more than 95 percent of successful breaches. Deepfake attacks increased 17x between 2023 and 2024, reaching 100k+ in the United States alone. By 2025, more than 50 percent of all conversations between customers and AdaptiveSecurity referenced attacks Adaptive had experienced.

The incumbent security awareness market had been designed around the threats it was designed to prevent- email phishing, which was already being superseded. The old security awareness solutions consisted of passive video modules that tested employees 6 months after a threat, for a threat that had become a voice message from their own manager.

Brian and Andrew identified the same pattern as in every other market they'd entered: a real, acute problem, a deficient existing solution, and a market that had not yet woken up.

Building Adaptive Security: The Third Company

Adaptive Security went public in January 2025. By the following months, it had garnered 500+ enterprise clients, including PayPal, Xerox, Bose, Figma, Ramp, Vimeo, the NHL and the PGA.

The platform was built from scratch to address how an AI-driven social engineer was actually conducting an attack. Instead of showing employees a video about phishing and then testing six months later whether they recalled it, Adaptive presented employees with simulated real-world attacks, mimicking an actual attacker using the same AI tools.

Simulated deepfake calls, fake videos, and personalised phishing emails, tailored to job role, communication patterns, and knowledge of colleagues, are sent to every employee. This automatically updates an employee's risk profile and sends targeted training, tailored specifically to that employee's vulnerabilities. Adaptive learns each time an employee falls for a simulated attack and uses that knowledge to adapt the next one.

"The subject of cyber-security is now focused on humans instead of infrastructure", according to Brian (press, Sept 2025). "As AI is an invisible, ubiquitously installed infrastructure of our work, lives, purchases and thought processes, so too is it enabling deceptive attacks".

Andrew built the Adaptive Security experience in a style he'd employed at every company before: make something very powerful seem very simple to use. A security awareness solution that a full security team must deploy and manage is accessible only to companies with a dedicated team. A solution that an HR director or office manager can successfully deploy and use is accessible to all. And it was that latter group that was the market.

The Funding Story: OpenAI's Only Cybersecurity Bet

In April 2025, Adaptive Security raised $43 million in Series A rounds, jointly led by the OpenAI Startup Fund and Andreessen Horowitz. It was the first time the OpenAI Startup Fund had invested in a cybersecurity company, and, until its September 2025 follow-on investment round that raised Adaptive's Series A to $55 million, it was its only such investment. "It felt very symbolic," said the Adaptive Security CEO. OpenAI's technology was, in the most literal sense, the problem Adaptive Security was trying to solve: generative AI had produced the deepfakes and voice clones that Adaptive Security trained its employees to spot. OpenAI's decision to invest in the company trying to build defences against them was a bet not only on capital but also on responsibility. Adaptive Security raised $81M Series B in December of 2025, led by Bain Capital Ventures, an investor in both TapCommerce and Attentive. The round also included participation from The OpenAI Startup Fund, Andreessen Horowitz, Capital One Ventures, Citi Ventures, NVentures (Nvidia's venture arm), and Abstract Ventures. All told, the three rounds raised $146.5 million over 1 year. Scott Friend at Bain Capital Ventures, who sits on Adaptive's board, first backed Brian Long and Andrew, what feels like ages ago, when the pair were building, scaling, and exiting their company TapCommerce; he has since funded Attentive since its early stages and has watched it become one of the nation's fastest-growing software companies. He had 12 years' experience watching these two founders attack a problem, and he was ready to give them a third swing when Brian called about Adaptive Security.

What the Hard Parts Looked Like

In his 2023 book Problem Hunting, Brian has written extensively about how hard the first stage of building any company is. The title itself is probably the most accurate representation of his career anyone could come up with. All companies Brian built went through the same initial stage: identify a real-world problem, determine whether people care enough to pay for a solution to that problem, and build the minimum possible solution that solves the problem before it's time to scale.

Credibility was a difficult problem at Adaptive. A founder whom security buyers knew primarily as a MarTech marketer would never have them automatically assume the product itself was as sophisticated as its story and brand. The simulated attacks, the real-time risk scores and the AI that adjusted its detection for each user were the proof. Not the pitch deck.

The scale from 0 to 500 enterprise customers in less than 12 months solved the credibility problem. Customers who signed up continued their subscription. The deepfake simulation attacks companies run on their employees immediately show them how real a threat this is and how effective the training is at reducing that risk.

"Over the past year, we have witnessed AI impersonations move from experimental to everyday," said Brian at their Series B announcement. "We have a real-time need to give organisations transparency within a world that is moving at an incredibly fast rate. That world is under attack in real time. It is our responsibility to move at least that fast."

Where Adaptive Security Stands in 2026

Adaptive Security now has more than 150 employees in New York, growing in just one calendar year from its founding to serious enterprise scale. Customers come from the financial services, technology, healthcare, and entertainment sectors, with some of their top public references being PayPal, Xerox and Figma.

The product is advancing in sync with the threat it's built to fend off. As deepfakes become cheaper and more widely available, so too do the simulations that Adaptive runs against its customers, more advanced to mimic them. The AI that calculates employees' risk scores and customises training is continually updated with new attack vectors from live attack data.

Brian Long is the CEO, and Andrew Jones is the CPO. They believe this same division of responsibilities that allowed TapCommerce and Attentive to work is the most important one they've built at this company.

The threat they solve isn't going anywhere. Every step forward for the good of legitimate users of generative AI also benefits deceivers. The gap between what AI can fake and what a human without any training can differentiate expands further each year. Adaptive Security bridges this gap, one simulation per employee at a time.

What Their Story Teaches Every Founder

Brian Long and Andrew Jones have launched three companies together in the past 15 years. The constant across those three businesses isn't the market, or the tech, or the business model. It's the methodology.

Find a real problem. Build the minimal viable version of a solution. Measure if people care. Listen to the signal. Scale if it works.

TapCommerce saw a real problem with mobile retargeting. Attentive sees one with direct-to-consumer brand communication. Adaptive Security sees one with human-layer cybersecurity. Those domains are different. But the fundamental belief that solving a real problem at an appropriate cost is worthwhile never wavers.

The co-founder relationship is another lesson in itself. Brian and Andrew have built three successful businesses together without significant falling-out, power struggles, or public disagreements. That resilience is based on a well-defined division of labour: Brian covers the market. At the same time, Andrew leads the product, and they have faith in each other's ability to be correct without overstepping.

Most co-founder relationships barely last through one company. They've lasted through three.

Final Thought: The Most Important Problem They Have Ever Worked On

In several interviews, Brian Long has said that Adaptive Security is tackling the single most important problem he has faced in his entire career. Given that he spent years building a platform that handled $20 billion in customer revenue and raised close to a billion dollars in venture capital, this is quite a statement.

What makes cybersecurity, rather than commerce, the most important area is the potential for harm. While a poorly performing SMS campaign means a business is not making money, a director who wired $2 million of his company's cash to a fraudster after thinking they were speaking to the CEO can devastate a business. The hacking of a hospital's network, using social engineering, can kill patients.

The threat posed by deepfakes is not that it is coming; it is here. It is here, and it is happening every single day in organisations that haven't trained their employees to look out for it. Brian and Andrew are creating the training platform that this new world demands.

They have built it before. They are excellent at it.