This is #1 of the Founder Chronicles series, where co-founders Joel and Simeon share the Protos Labs story from their perspective. A departure from our usual technical content, Joel shares how Protos Labs' work has evolved over the years.

----------------------

When we first set out

We knew our vision was clear and singular: to help organizations manage their cyber risks in a data-driven way that aligned to real-world attacker behaviour. What we did not realize was how much our path would meander in adapting to real-world needs. This journey has been one of learning, resilience, and pioneering. One where we as a team has worked hard to ensure that the boundaries of how cyber risk is understood and managed are tested, all while figuring out how to stay the course. Here's how it's unfolded so far. 

Phase 1: Vulnerability Prioritization 

Our very first product was co-built with the Cybersecurity Agency of Singapore (CSA) and a large enterprise clientto tackle Vulnerability Prioritization. This was a forward-looking problem at that time, something Gartner would later categorise under the Continuous Threat Exposure Management. Being the first early-stage startup to win CSA’s National Call for Innovation with this first iteration, we were proud of what we built.

As we went to market, however, we faced the critical truth: Vulnerability Management was already a crowded space, and customers would need to budget for both a vulnerability scanning tool and our prioritization add-on. Even the educational institute, despite being our early collaborator, passed on fully adopting our solution. This hard but valuable lesson impressed upon us that even if we demonstrated product value, market dynamics and budget realities cannot be ignored.

Phase 2: Expanding into Risk Quantification (the Threat Informed way)

Around this time, an opportunity arose with a government agency in Singapore, who eventually became a pivotal customer. Their needs were not the same as the educational institute — instead, they wanted support for governance, risk, and compliance (GRC), specifically cyber risk assessments. This was a very different space: what financial services would call a “Line 2” solution, compared to the operational “Line 1” focus that the education client had sought.

To meet this need, we built an entire GRC module from the ground up and tried to stack it with our vulnerability prioritization capabilities. We decided to eschew from the standard risk models and turned to cyber risk quantification (CRQ) methodologies. We dug deep into CRQ and weren't satisfied with the then approaches relying heavily on non-cyber historical loss data. Ultimately, we developed our own threat-informed approach that drew more from real-time cyber data such as vulnerabilities and cyber threat intelligence. This was not only key in enhancing the accuracy of calculated exposures and losses but also in earning us one of Singapore's fast-tracked cyber patents, proving that we could pioneer approaches to risk that the market had not yet seen.  

Naturally, we began gaining traction in the cyber insurance sector, opening doors with underwriters, brokers, and MGAs as cyber risk quantification plays a critical role in pricing premiums. Our success here brought us to the prestigious Lloyd’s of London Lab Programme as the first participating Singaporean company — an accolade we value deeply, from an industry we continue to serve today. 

Where Threat-Informed meets Agentic AI 

The attention our CRQ model garnered led us to another turning point. Interested in our cyber risk work, we were approached by a defense and intelligence agency. As they studied our model, they pointed out that our threat-informed methodology was perhaps our key differentiator: combining CTI with vulnerability data to provide sharper insights than a run-of-the-mill risk tool. Seeing this as an opportunity to continue building on Simeon's and my own CTI experience, this engagement grew into a partnership. Our first project with them focused on core CTI operations (the parts that made our risk methodology special). Over time, our synergies deepened.

All this unfolded as we observed two distinct marker shifts:

• The tech winter, which challenged companies to deliver capital efficiency as opposed to growth at all costs.
• The advent of Agentic AI, which opened an entirely new frontier in business.

Against this backdrop, the agency challenged us to go further: to take the same rigor we had applied in risk quantification and apply it to AI-driven CTI. This became the genesis of our current progress. We've spent a year of building in stealth an AI agent for CTI and now it's finally ready to be shared. 

The Common Thread - The "Threat Informed" Approach + Pushing Frontiers

Looking back, while we've had our fair share of “pivots”, it was never a change of direction, but an evolution built on prior learnings. We've in fact doubled-down on our original vision of supporting organizations manage their cyber risks with a data-driven, threat-informed approach. 

What began as a project in vulnerability management has today grown into an Agentic AI company for Cyber Threat Management. True to our name, Protos (“first” in Greek), we remain committed to pushing the frontiers of what’s possible and having many more “firsts”.

‍