Anagram Security

New York · The Profile

The most-skipped video at work just got interesting

It is 9:14 on a Tuesday. Somewhere inside a Fortune 500 company, an employee opens an email about an overdue invoice, hovers over a link, and pauses.

That pause is the whole business. A year ago that same employee would have clicked - and somewhere a security team would have logged another failure and scheduled another hour-long training video nobody remembers. Anagram Security lives in the half-second before the click. It is a software company in New York, roughly eighteen people, that decided the problem with corporate security isn't the firewall. It's the human in front of it, and the dreary way we've tried to teach that human for twenty years.

The pitch is almost rude in its simplicity: stop treating employees like a liability and start treating them like adults who can learn. Anagram delivers security awareness training in pieces small enough to swallow - videos capped at 87 seconds, interactive puzzles, phishing simulations that adapt to how each person actually behaves. The company calls it human-driven security. Its customers call it the first training their staff didn't quietly resent.

"Humans are not dumb. We built skyscrapers, we can do space travel. We can figure out how to not click on a suspicious link in an email."

Harley Sugarman, Founder & CEO

The Problem

Twenty years of training, and people still click

Here is the uncomfortable arithmetic of enterprise security. Companies spend fortunes on tools that watch the network, encrypt the data, and lock the doors. Then a single employee opens the wrong attachment and the whole apparatus is moot. Most breaches start with a person, not a port.

The standard fix has been the annual compliance video - a long, joyless artifact people click through at 2x speed while answering email. It satisfies the auditor. It changes nothing. Sugarman, who spent his pre-founder years as an investor at Bloomberg Beta studying the future of work, heard the same thing again and again when he called security leaders.

"What surprised me was the amount of hopelessness I heard in their voices. This was an unsolvable problem for them."

Harley Sugarman, on interviewing security leaders

The industry had quietly accepted that people were the bug you couldn't patch. Anagram's entire premise is that this is wrong - and a little lazy. People learn constantly, all day, from apps engineered to teach them. The training was the failure, not the trainee. That distinction is the central tension running through everything the company builds.

The Founder's Bet

From Cipher to Enigma to Anagram

The company is, fittingly, an anagram of its own history. It launched in 2022 as Cipher, carried the legal name Enigma Analytics, and spent its early life doing something else entirely. In January 2024 it pivoted - hard - toward the non-security employee, the ordinary person who gets phished, and rearranged itself into Anagram. Three code-themed names for one startup that finally figured out what it was for.

The bet Sugarman placed was that security training should borrow nothing from security training. Instead it should steal from the products that are genuinely good at changing human behavior at scale.

"We took basically no inspiration from the existing stuff. What we really took was lessons from TikTok, and lessons from Duolingo and Khan Academy."

Harley Sugarman, TechCrunch, Feb 2025

It is a slightly heretical thing to say in a room full of compliance officers - that the answer to a serious security problem is to make the medicine taste like a phone game. But the logic holds. The apps that win the most minutes of human attention are the ones worth copying, and a 12-minute mandatory video has never won a single voluntary one.

Founder Dossier

Name: Harley Sugarman
Role: Founder & CEO
Before: Investor at Bloomberg Beta (future of work)
Self-styled: "Recovering software engineer"
Plot twist: Bloomberg Beta later became one of his investors

A Short History of Rearranging Itself

2022

Launches as CipherEnigma Analytics, Inc. begins building in New York.

Jan 2024

The PivotRefocuses on the everyday employee and rebrands as Anagram.

Feb 2025

$10M Series AMadrona leads, with General Catalyst, Bloomberg Beta, Operator Partners & Secure Octane.

2025

500,000+ usersDisney, Pfizer, Thomson Reuters and MassMutual on the roster.

The Product

Bite-sized, gamified, and faster than a coffee break

What Anagram actually ships is a platform built in small pieces. Microlearning videos, none longer than 87 seconds. Interactive puzzles it simply calls Puzzles. Smart phishing simulations that mimic real-world attacks and adapt as people improve. And role-specific paths, because a developer, a finance analyst, and an executive each get attacked in different ways and shouldn't sit through the same lesson.

The most quietly clever exercise has employees write their own phishing emails. It is the security equivalent of learning to pick a lock to understand the burglar - nothing teaches you to spot the trick faster than building it yourself. There's a developer track for secure coding, an AI layer that delivers nudges in the flow of work, and NIST-aligned analytics so the security team can finally measure whether any of it landed.

"Make security training sharper, smarter, and more effective - transforming a team's human liabilities into a superhuman defense."

Anagram Security, company mission

Security Awareness Training - frequent, bite-sized microlearning instead of one dreaded day a year.
Smart Phishing Simulations - adaptive, automated campaigns modeled on live threats.
Role-Based & Developer Training - separate paths for engineers, finance, and execs.
Behavior Analytics - NIST-aligned reporting that turns clicks into measurable culture.

The Proof

The number that closes the room

Pitches are cheap. Anagram's case rests on one figure that does the persuading for it: across customers, phishing failure rates fell from roughly 20% to about 6%. One in five employees clicking the bad link became closer to one in seventeen. For a company with thousands of staff, that gap is the difference between a normal quarter and a headline.

Phishing Failure Rate

Share of employees who fall for a simulated attack

~20%

Beforeindustry baseline

~6%

With Anagramafter training

Lower is better. The orange bar is the email you forward to legal. The teal one is the email you delete.

$10M

Series A

500K+

Global Users

87s

Longest Video

~18

Team Size

Trusted by

DisneyPfizerThomson ReutersMassMutual

Madrona's team notes Anagram landed names like these partly through cold outbound - the same channel most of us mark as spam.

Behind those logos sit investors who bet early. The February 2025 Series A was led by Madrona, with General Catalyst, Bloomberg Beta, Operator Partners, and Secure Octane along for the round. Ten million dollars to prove that the cheapest security upgrade in the building is a workforce that pays attention.

The Mission

Security as a habit, not a checkbox

Anagram's larger argument is cultural. Compliance training treats security as an event - something that happens once a year and then is over. Anagram treats it as a behavior, embedded in the ordinary rhythm of work, reinforced in seconds rather than hours. The goal isn't a passing grade on a quiz. It's the half-second pause before the click becomes automatic.

"Security awareness isn't just a checkbox. It's a solvable problem."

Harley Sugarman (paraphrased)

The timing is not an accident. Generative AI has made phishing cheaper, faster, and far more convincing - the clumsy typo-ridden scam is giving way to flawless, personalized bait. If attackers get smarter automatically, the only durable defense is humans who get smarter too. Anagram framed its Series A around exactly this: transforming human security in the AI era.

Why It Matters Tomorrow

Back to that Tuesday morning

Return to 9:14, the overdue-invoice email, the cursor hovering over the link. The difference Anagram is selling is not a new firewall or a smarter filter. It's that the person behind the cursor has done this before - in a puzzle, in a simulation, in an 87-second video they actually finished - and recognizes the shape of the trick. They don't click. They report it. The breach that would have made Monday's news never happens, which means nobody ever hears about it, which is the strange fate of all good security: its biggest wins are invisible.

That is the bet, eighteen people and ten million dollars deep. Not that humans are perfect, but that they're trainable - if you respect them enough to make the lesson worth their time. The annual video is on its way out. Something shorter, sharper, and a little more fun is taking its place. And somewhere, a folder marked in red gets stopped at the checkpoint.

▦

Watch & Listen

The founder, in his own words

▶

Harley Sugarman on Category Visionaries

YouTube · Founder Interview

▶

See the Platform & Demo

anagramsecurity.com · Product

The Footnotes

Four things that amuse us

87 seconds. The longest training video on the platform - shorter than most people's patience for a compliance email.
Write your own phish. Employees craft fake attacks to learn the tricks from the inside.
An anagram of itself. Cipher, then Enigma Analytics, now Anagram - a lot of code-named identities for one company.
Full circle. Sugarman invested at Bloomberg Beta before Bloomberg Beta invested in him.

Sources & Links

Website ↗ LinkedIn ↗ Founder LinkedIn ↗ TechCrunch ↗ Series A News ↗ Madrona ↗ AlleyWatch ↗ Frontlines Podcast ↗