Point Wild’s CTO Dr. Zulfikar Ramzan Discusses Online Freedom Through VPN, Intuitive AI-based Solutions, and Challenges 

Point Wild is a global leader in consumer VPN and antivirus solutions with a portfolio of brands, including Total AV, HotSpot Shield, UltraAV, Betternet, CyEx, Comparitech, and Simpluris.

In a spirited discussion, Point Wild’s Chief Technology Officer, Dr. Zulfikar Ramzan, detailed the changing digital landscape and challenges faced by VPN providers in balancing user privacy with growing regulatory demands, including regional-specific restrictions.

He discussed about his introduction to pattern predictions, which are today’s next-token prediction tasks in LLMs, reliance on N-gram models, and building a ‘small language model.’

Ramzan pioneered one of the industry’s first large-scale machine-learning systems for malware detection and served as RSA Security’s CTO leading its technological vision.

Read on to learn more about compliance and user privacy and how the military saying, “No plan survives first contact with the enemy” connects with the AI realm and more in this interview.

1. Please share about your journey to Point Wild and your passion for AI, which led you to build ‘small’ language models.

I've been deeply involved in various aspects of cybersecurity throughout my career, starting from my earliest academic experiences in machine learning and cryptography. My passion for AI and cybersecurity first intersected during my undergraduate days at Cornell.

I approached Professor Ronitt Rubinfeld about doing an undergraduate research project, and she introduced me to some fascinating problems related to pattern prediction, which fundamentally are the same as today's next-token prediction tasks in large language models.

At the time, the state-of-the-art solutions relied heavily on N-gram models -- approaches that, while powerful, faced significant scalability challenges when handling longer sequences. Ronitt pointed me toward a groundbreaking research paper proposing a much more sophisticated technique.

Unlike standard N-gram models, this algorithm adaptively tracked statistics of sequences of varying lengths, intelligently choosing when to consider longer sequences based on statistical importance. While the underlying mathematics was elegant and compelling, no one had yet attempted a practical software implementation.

My role was to translate this sophisticated mathematical concept into a working model, which I successfully achieved -- running it, at the time, on a single SPARC workstation. I somewhat humorously refer to this feat as building a "small" language model.

Through this experience, I not only recognized the immense potential of AI but also discovered remarkable intersections between machine learning and cryptography. The complexity proofs of these sequence prediction problems, intriguingly, turned out to have deep connections with cryptographic puzzles.

In hindsight, this relationship is not altogether conceptually surprising: machine learning strives to unravel complex patterns from data, and cryptography is about creating systems where those patterns remain hidden

This intersection of machine learning and cryptography propelled me to pursue a Ph.D. in cryptography at MIT, under the mentorship of Ron Rivest—the "R" in RSA. Following my Ph.D., I entered the cybersecurity industry, initially at Symantec, where I conducted advanced threat research and then pioneered one of the industry's first large-scale machine learning systems for malware detection. This project became a pivotal moment, bridging my academic knowledge with impactful, real-world cybersecurity applications.

After Symantec, I joined a series of innovative startups, including Immunet and Elastica, both of which were acquired due to their pioneering roles in endpoint and cloud security. This journey eventually brought me to RSA, a company with an iconic legacy and arguably the most recognized brand in enterprise cybersecurity.

Serving as RSA's Chief Technology Officer for nearly seven years, I had the privilege of leading the technological vision during pivotal moments, such as RSA’s transition to an independent entity after Dell’s acquisition of EMC and subsequent sale of RSA to Symphony Technology Group. During my tenure, RSA navigated profound global cybersecurity challenges, including the rapid shifts brought about by the COVID-19 pandemic.

The pandemic also crystallized my recognition that consumer cybersecurity had not evolved nearly as rapidly as enterprise solutions, despite digital interactions becoming ubiquitous. Around this critical juncture, my long-time friend Hari Ravichandran reached out regarding his new venture, Aura, which aimed to radically simplify cybersecurity for everyday users. Joining Aura first as a board member and then in an operational role focused on machine learning and AI, I eventually transitioned to lead technology at Point Wild, a company spun out from Aura.

Today at Point Wild, I find myself at the convergence of my passions—combining my longstanding commitment to cybersecurity with groundbreaking innovations in AI. The goal is straightforward yet ambitious: leverage advanced AI to create cybersecurity solutions accessible to everyone.

From implementing sophisticated adaptive models in my undergraduate days to steering RSA’s global technological vision, every step of my journey has reinforced my belief in the transformative power of AI.

2. Based on your experience in helping create the industry’s first large-scale machine learning-based anti-malware solution, what are your observations about the potential of similar projects and their capability to improve security and VPN in the future?

I strongly believe AI and its subdiscipline, machine learning, hold immense potential to transform cybersecurity broadly, including areas like VPN security and threat detection. Fundamentally, cybersecurity challenges often boil down to determining whether observed behaviors or events are malicious or benign -- a classification task that is the bailiwick machine learning techniques.

However, turning theoretical potential into practical reality is far from trivial. There’s a military saying: "No plan survives first contact with the enemy." The same applies to AI. No machine learning model survives unscathed in the face of real-world data and adversarial dynamics. Attackers constantly evolve their techniques, and the digital landscape changes rapidly, often in ways that aren't easy to predict.

Successfully deploying machine learning for security hinges on a robust data pipeline. Data is truly the lifeblood of machine learning, and the quality and freshness of this data directly determine the effectiveness of the solution. Additionally, it’s critical to recognize and anticipate pitfalls inherent in real-world deployments -- issues like data drift, adversarial attacks on the models themselves, or subtle biases in training data.

The key to realizing the full potential of machine learning in cybersecurity lies in designing strong guardrails and implementing comprehensive visibility into model performance. Organizations that thoughtfully integrate these elements into their security strategy can dramatically enhance their detection and response capabilities -- particularly important for cybersecurity like VPN and Anti-Virus where we need to be both highly accurate and extremely quick. 

3. Could you provide details about Point Wild’s acquisitions, and how each new brand of VPN enhanced the company’s overall portfolio?

At Point Wild, our mission is to become the global leader in trusted online security brands. Each acquisition we’ve made has been driven by two core objectives: acquiring best-of-breed technologies and significantly expanding our customer reach. Rather than simply growing for growth’s sake, our approach has always been highly strategic, ensuring that each new brand we integrate enhances our overall offering -- across the entire portfolio.

For instance, some of our acquisitions have allowed us to incorporate advanced VPN capabilities, such as improved speed, reliability, or innovative privacy-enhancing technologies that resonate strongly with our customers.

Others have given us access to new customer segments or geographies, creating valuable synergies across product categories. Our goal has consistently been not just to expand our portfolio but to genuinely elevate the quality and breadth of security we offer users.

This strategy distinctly sets us apart from legacy incumbents who have scaled back their investments in innovation. At Point Wild, we firmly believe the digital security space is ripe for disruption, and each acquisition positions us closer to realizing our vision of providing the most trusted, innovative, and comprehensive security solutions available.

4. Regarding increased internet surveillance, could you share statistical data that Point Wild has analyzed and how the company has been able to tackle it with the help of its technologies?

At Point Wild, we continually analyze broad trends in internet surveillance and privacy threats, recognizing that the digital landscape has become increasingly intrusive. While we don’t publicly share detailed internal statistics, our research consistently shows rising consumer concern regarding online privacy and surveillance -- especially as digital interactions have surged post-pandemic.

In response, we've developed and integrated advanced privacy-focused technologies into our products, ensuring our customers’ digital footprints remain private, even in an environment of escalating surveillance. Our broader portfolio similarly emphasizes user empowerment, allowing individuals to reclaim control over their personal data and online identities.

Ultimately, our commitment is to equip users with effective tools to counterbalance the growing surveillance trends, preserving their online freedom, privacy, and security.

5. Could you recommend a combination of security products or tools that could be used along with a VPN for a safer online experience especially while accessing more critical platforms?

While a VPN is foundational for maintaining privacy and security online, particularly when accessing critical platforms, it's most effective when complemented by a combination of additional security tools.

First, robust anti-virus and anti-malware solutions are essential. They detect and neutralize threats that could compromise your system, safeguarding you from malicious software that might bypass other defenses.

Second, a robust password manager is incredibly important. We live in an era where we can easily have hundreds of online accounts. Having good password hygiene across these accounts is essential.

That entails picking strong passwords that have enough complexity that cannot easily be gleaned through brute-force attacks. Moreover, these passwords should generally be unique so that a compromise of one password does not lead to a multiple accounts becoming breached. Password managers make it much easier to manage many unique complex passwords across accounts. 

Third, identity theft protection services provide critical support in a landscape where data breaches are increasingly common. Even with excellent personal cybersecurity practices, breaches involving third-party services can expose your sensitive data. ID theft protection actively monitors for unauthorized use of your personal information and provides timely alerts, allowing you to take rapid corrective action.

Beyond these measures, I'd recommend considering multi-factor authentication (MFA) wherever possible, especially for accessing sensitive platforms. MFA adds an extra verification step, significantly reducing the chance of unauthorized account access.

In this vein, I would recommend MFA that leverages an authenticator app or device rather than SMS-based authentication. SMS-based authentication is susceptible to SIM-swapping attacks. To be clear, SMS-based multi-factor authentication is still preferable to no MFA, but authenticator app or device-based authentication is preferable to SMS-based MFA. 

6. What challenges do VPN providers face, like blocking piracy sites and regulations, and how do they respond to them?

VPN providers face an increasingly complex landscape of challenges related to content regulations, piracy concerns, and privacy compliance across multiple jurisdictions. One prominent challenge is balancing user privacy -- which is fundamentally why people use VPNs -- with growing regulatory demands, such as requests to block access to content under particular circumstances, such as regional-specific restrictions.

Regulations can differ significantly across countries and change rapidly, which makes compliance particularly challenging.

At Point Wild, and across the industry more broadly, the approach to these challenges revolves around proactive engagement and transparency. Companies must continuously monitor legal developments and adapt accordingly, ensuring compliance without compromising core user trust or privacy commitments.

Blocking piracy sites, for instance, may be legally mandated in some jurisdictions, yet the technical implementation must be handled delicately to preserve user privacy, which is foundational to VPN technology.

Effective VPN providers respond by clearly communicating their policies, investing in advanced technologies that allow precise compliance without unnecessary data collection, and being engaged in ongoing dialogue with regulators and advocacy groups.

Ultimately, navigating these issues successfully comes down to transparency, careful adherence to evolving laws, and never compromising on the promise of privacy and security that defines the VPN industry.

7. Are there any developments in the pipeline in terms of extra security or tech upgrades that Wild Point is planning to work on?

At Point Wild, we're continually innovating and enhancing our technology to stay ahead of emerging security threats. For confidentiality reasons, I can't get into specifics, but we do have a number of very exciting developments in our pipeline, especially focused on leveraging advanced machine learning and AI to make our security products smarter, faster, and more resilient.

We’re also actively exploring improvements, including through the use of AI, to give users more intuitive visibility, insight, and control over their security and privacy settings. All of that notwithstanding, our goal remains to anticipate and proactively address the evolving threat landscape, delivering security solutions that aren’t just effective today but robust enough to protect our users against tomorrow's challenges.

8. Based on your observation, what is your prediction about the future landscape of the VPN industry?

As noted above, the VPN industry is evolving quickly, driven by growing privacy awareness, increasing global surveillance trends, and a more geographically dispersed workforce. Based on what we're seeing today, we are focused on three specific shifts. 

First, we see tremendous opportunity for VPN to leverage techniques from AI and Machine Learning, specifically in being able to provide additional value-added services on top of secure tunneling.

For example, AI can be used to proactively identify and block malicious websites and malware, including advanced versions of these threats. Users now expect that security and privacy solutions solve multiple problems rather than being point solutions. 

Second, as the relevance of VPNs, particularly as it relates to privacy, becomes germane to more users, we see usability and simplicity becoming paramount. Historically, VPNs were designed for the advanced user, but are being increasingly adopted by the average user. Therefore, providing clean, intuitive, low-friction experiences becomes particularly important. 

Finally, we see trust and transparency becoming increasingly important from a differentiation perspective. Consumers care, more than ever, about privacy. They want to understand what is happening with their data, including how it is being collected and controlled. The providers most focused on this aspect will be the ones driving the industry. Ultimately, users only adopt technologies they feel are sufficiently trustworthy. 

9. Is there a message of caution that you would like to give VPN users?

First, security is not a monolith but a mosaic. VPNs address one important issue in the context of security, namely around data confidentiality and user privacy. However, they leave many other stones unturned. Beyond the use of VPNs, good hygiene today involves effective password management, endpoint threat protection through anti-virus technologies, and multifactor authentication, among other things. 

Second, not all VPNs are created equal. Focus on using trustworthy providers who have the right track record. All too often, we see VPN providers rely on marginally relevant vanity metrics to bolster up their image, hoping that the average user won't notice.