MagicMirror Security says it’s found a way to protect companies’ sensitive information in the rush toward more artificial intelligence, and it’s gotten a vote of confidence from industry leaders like CrowdStrike to bolster that claim.
MagicMirror says its secret sauce is keeping the data local on the user’s browser.
“MagicMirror is an on-device data security platform that classifies and protects data locally—fast, private and flexible,” Chief Executive and founder Daphna Wegner told the Business Journal on March 17.
“It has the potential to become a multi-billion-dollar opportunity.”
The chairman of the board of the Irvine-based company is Sean Crafts, who in 2008 helped start Mavenlink, a professional services software company where he was chief growth officer, helping the firm to nearly $100 million in annual sales.
MagicMirror, which began last October, is already getting noticed. On Feb. 24, it was one of 36 companies picked to participate in the second annual AWS (Amazon Web Services) and CrowdStrike Cybersecurity Startup Accelerator in collaboration with the NVIDIA Inception program for startups.
Irvine-based MagicMirror says it’s trying to help companies as AI becomes more prevalent in the workplace. In Orange County, about 55% of job postings for tech roles and 45% for non-tech jobs required AI skills, according to a report last year by the CEO Leadership Alliance.
While the use of artificial intelligence is skyrocketing, security measures haven’t been keeping up. MagicMirror says other AI security practices usually react after the data has been compromised while it can help companies by blocking employees from using AI tools that might cause a breach of sensitive information.
MagicMirror says it prevents risks before they start through real-time monitoring, classification and controls to protect enterprise data and ensure compliance.
It touts a “lightweight small language model (SLM)” that runs locally, keeping data private, compliant, and secure—without slowing down users.
Wegner says her company’s product lets employees choose which GenAI tool they need for a specific task. It allows the use of generative AI tools while ensuring sensitive data never leaves the device, so it never reaches GenAI tools.
“If you’re using DeepSeek, ChatGPT, Gemini, or any other GenAI tool, you deserve security that keeps data in your hands,” the company says.
With the rise of edge computing, stricter privacy regulations, and increasing AI-driven threats, the demand for real-time, lightweight data protection is soaring, according to Wegner.
Employee-Friendly AI
Crafts is also the founder of Irvine-based BLDG, a company creation studio that includes MagicMirror. (see story this page).
He says the MagicMirror system is “employee-friendly.” More than 50% of MagicMirror’s early customers are headquartered in Orange County, including law firms, software companies and local banks.
“We are giving secure access to GenAI to make the organizations more productive and more competitive in the marketplace,” Crafts told the Business Journal in January.
He said the company had about 15 employees as of earlier this month and growing.
Investors are family offices and individuals. So far, it’s raised about $2 million with a goal of raising $10 million this year, Crafts says, while institutional investors are planning to join.
MagicMirror, CrowdStrike
The AWS/Crowdstrike/NVIDIA program will provide MagicMirror with mentorship, technical expertise, funding and go-to-market opportunities to accelerate innovation for cybersecurity’s next market-defining disruptors.
The program powers the next generation of artificial intelligence (AI) and cloud security startups across the U.S., Israel and Europe.
By joining this accelerator, Magic Mirror and the others selected gain access to AWS & CrowdStrike cybersecurity experts and collaboration with industry leaders.
“The AWS & CrowdStrike Cybersecurity Accelerator will culminate with a final winner announcement, but for now, we’re focused on continuing to develop enterprise-grade AI security that moves at the speed of AI itself,” MagicMirror says.
MagicMirror will have a chance to present at the prestigious RSA conference in San Francisco, starting at the end of April.
Big AI trends for ‘de-identification,’
Fake Attacks by the ‘Red Teamers’
MagicMirror’s webpage features blog posts about two little known trends emerging in artificial intelligence. Here is a quick synopsis:
As artificial intelligence systems become increasingly integrated, particularly large language models (LLMs) like OpenAI’s GPT-4 and Microsoft’s Copilot, their vulnerabilities become more apparent. These systems manage everything from personal conversations to critical business data, making them prime targets for cyberattacks.
One of the most effective methods to safeguard AI systems is “red teaming,” which refers to the process of actively probing and attacking an AI model to find its weaknesses. The practice, which originated in military exercises, has been widely adopted in cybersecurity.
Red teaming involves deploying adversarial tactics to identify vulnerabilities in how AI models behave, process data and respond to various inputs.
One of the most common red teaming techniques involves crafting adversarial inputs designed to trick the AI into producing undesirable or harmful outputs. For example, a red team might attempt to manipulate a large language model by feeding it prompts that cause the AI to violate its safety rules.
AI models are never static—they evolve over time with new training data and updates. Red teaming provides a feedback loop for developers to understand how well their systems hold up under various conditions.
Companies and organizations share huge amounts of data, often believing it’s safe because they’ve “anonymized” it.
Researcher Latanya Sweeney from Carnegie Mellon University, proved how easy it is to re-identify people. Sweeney’s research showed that 87% of the U.S. population could be uniquely identified using just three fields available U.S. Census data: ZIP code, gender and date of birth.
It’s common practice for health data to be “de-identified” before being shared for research or other purposes. Typically, this means removing direct identifiers like names or social security numbers. But what if your ZIP code, gender and birth date are still in there?
Sweeney bought a voter registration list for just $20 that contained names, addresses and birth dates. When she cross-referenced it with a supposedly “anonymous” health dataset that had only ZIP, gender and birth date, it became simple to identify people and connect sensitive medical records to real names.
—Peter J. Brennan
Crafts’ Goal: 50 Tech Startups in 20 Years
Sean Crafts, who is well known in Orange County tech circles, co-founded professional services software company Mavenlink in Irvine in 2008, where he started as chief growth officer.
“As a co-founder of Mavenlink, I participated in every aspect of the business, helping it grow from $0 to nearly $100M per year in revenue,” Crafts wrote on his LinkedIn page.
“Building a great company is hard, really hard. It requires domain and industry expertise, uncommon talent, great execution, thoughtful prioritization and the right timing.”
The company has since merged with Kimble Applications and been renamed Kantata. Ray Grainger, another co-founder of Mavenlink who became its CEO, won a Business Journal Innovator of the Year Award in 2019.
Crafts in 2023 started BLDG Labs, a creation studio with a goal of starting three to five organizations a year.
Crafts’ BLDG group also includes Outset, a predictive revenue planning tool, and HLX, a technology consulting team, in addition to Magic Mirror Security.
Crafts is also a board member at Octane, a Newport Beach accelerator well known among Orange County entrepreneurs.
Daphna Wegner, the founder of MagicMirror, last year served as chief innovation officer at BLDG.
After spending almost two years as a technology analyst for Merrill Lynch, Wegner since 2008 has been involved in a variety of tech companies, such as head of software engineering at Beagle Services Inc., a home water monitoring system, and founder and CEO of runmeetly.com, a meeting management platform. She holds a bachelor’s in computer science and engineering and a master’s in computer graphics and game technology, both from the University of Pennsylvania.
—Kevin Costelloe
