Exclusive: How Cybersecurity startup Blackveil is targetting AI-driven threats
After 20 years in the IT trenches, Adam Burns had seen enough.
Burns, the founder of New Zealand-based cybersecurity startup Blackveil, spent much of his career working for managed service providers – firms tasked with overseeing the IT infrastructure of other businesses. And time and again, he says, he witnessed companies fall victim to the same avoidable cyberattacks.
"Each time, I saw the same things going wrong," he said. "The industry was missing something critical."
Blackveil was his answer: a company with a mission to protect the "forgotten child of cybersecurity" by focusing on overlooked but essential components of digital defence.
The turning point came last year, after Burns responded to his twelfth cyberattack incident in short succession. Frustrated by the pattern, he decided to act. "I built a little application, a Python crawler, and stuck it on the internet," he explained. "It ran on the .co.nz TLD for six weeks and confirmed that over 50% of Kiwi businesses had critical gaps in their cybersecurity."
The data, drawn from public domain records, validated Burns' suspicion that weak digital hygiene – like unprotected DNS records – was leaving companies wide open to attack.
From there, Blackveil's reach grew beyond New Zealand. The team expanded their scanning to include Australian businesses and even global Fortune 500 companies. The result? Even the biggest players weren't immune.
"These aren't always advanced attacks," Burns said. "It's usually someone forgetting to change a default password, turn on multi-factor authentication, or tidy up an email record."
But the landscape is rapidly evolving, and the rise of AI-powered cyberattacks, particularly tools like Xanthorox, is escalating the threat. Burns described Xanthorox as "ChatGPT for hackers" – a platform capable of generating malware, conducting reconnaissance, and launching tailored phishing campaigns.
"You don't need technical knowledge anymore," he said. "You just talk to it in plain language. If something doesn't work, it evolves and tries something else. It's terrifying."
To counter this, Blackveil developed its own AI assistant: Buck. While it doesn't yet fix vulnerabilities directly, it acts as an intelligent guide for businesses, simplifying complex security insights into accessible language.
"You log in, scan your domain, and Buck breaks it down for you," Burns said. "You don't have to be a technical guru to understand what's wrong."
For now, Buck exists as a standalone agent, but future versions will be fully integrated into Blackveil's platform.
"Our goal is to make cybersecurity accessible," Burns explained. "We're lifting the veil – hence the name Blackveil – on a space that's been out of reach for many businesses."
The company's flagship product, Blackvault, is a domain security platform that focuses on prevention rather than reaction.
Traditional cybersecurity tools often work in a reactive way, alerting users after something has already gone wrong. Blackvault flips that model by proactively securing digital entry points – what Burns calls "shutting the front door."
According to Blackveil's internal data, aligning three critical DNS records – SPF, DKIM, and DMARC – can reduce phishing, spoofing and spam threats by up to 87%. The company promises deployment within two to four weeks for most businesses.
"For a small to medium-sized business, the return on investment is huge," Burns said. "This is one of the most cost-effective ways to secure your business."
Despite its focus on the ANZ region, Blackveil operates globally, and the remote-first company has seen growing demand abroad. Headquartered in Tauranga, the business can support international clients without needing to be onsite, although on-the-ground assistance is available in the Bay of Plenty.
Burns himself relocated from Auckland a few years ago for a slower pace of life, but remains deeply connected to the broader tech world. In addition to Blackveil, he developed KiwiCost, a side project offering real-time cost comparisons for people living in or moving to New Zealand.
"That one was just me scratching an itch," he said. "But it also helped me practice and refine the design direction for Blackveil."
His approach is anything but traditional. "Most IT companies are run by old guys in blue suits," he joked. "I wanted to bring something different – vibrant, creative and approachable."
That includes how the company communicates. On LinkedIn, Burns shares cybersecurity insights with a dose of humour and sarcasm. One of his recent posts – about seemingly mundane email security protocols – went viral, drawing over 100,000 impressions.
"People are clearly looking for plain-English guidance," he said. "And they appreciate a bit of personality."
Asked what advice he'd give businesses unsure how to prepare for the evolving threat landscape, Burns had three clear steps: train your staff, get the basics right, and monitor your systems.
"Every staff member is a risk if they don't know how to spot bad actors," he said. "Their inbox is their digital passport. If you train them properly and secure your fundamentals, 90% of attacks become impossible."
He added: "And after that, monitor everything – because DNS records can be altered by mistake, or worse."
For those in crisis, Blackveil also offers an emergency helpline – 0508 HACKED – designed to provide immediate assistance to compromised businesses.
"That line goes straight to my mobile," Burns said. "It's about being there when people need us most."
Blackvault is still evolving, with plans to become what Burns calls "the Swiss Army knife of domain security."
But his goal remains clear: "We want to make strong cybersecurity achievable for everyone," he said. "Because it's not just big companies under threat anymore – it's all of us."