Ian Patterson’s AI powered information security company, Plurilock (PLUR.V) does business with military, intelligence, government, academic, and corporate institutions, but when he shows up to a Burrard Street cafe to chat with this reporter for an hour, he doesn’t hop out of a black SUV with tinted windows, and there aren’t black-suited bodyguards surrounding him.

In the nerdy words of Douglas Adams, “He’s just this guy, you know?”

Patterson is one of my favourite pubco CEOs, if I’m honest. When he shows up, he doesn’t drown me in his pitch, doesn’t try to act too cool or too rich or needlessly alpha, he’s not looking to ‘big up’ himself. He says, simply, “So you’ve seen what we’re doing.. what could we do better?”

The journalist is normally not the one you’d ask this question of, because the worst of my species might see that as weakness. You’re the CEO, after all, shouldn’t you know everything? Aren’t you a master of the universe? Don’t you drink champagne out of the skulls of endangered species?

But Patterson has one mission in life, and it’s to build his company properly, and if I have some sort of insight that he’s missed, he wants to know.

Looking for opinions and insight from others around you is actually the right way to do things. No man has total knowledge and awareness of the world, and when your head is in company business all day, every day, it’s easy to get disconnected from what people see from the outside. So I tell him.

“You’ve bought too many things,” I say, “And all the market is seeing is, Plurilock hasn’t broke even yet. They’re not giving you credit for raising revenue that’s then spent on growth.”

He concurs. “I can see that. But we bought some nice things,” he reasons.

That’s true. Patterson has taken a single piece of tech IP in the infosec arena and acquired complimentary pieces that allow him to sell an entire suite of tools to potential clients, and those acquisitions have come with existing customers, and reach deep into  government, military, and intelligence sectors in ways that would’ve taken years to achieve organically.

“Everything we bought is legacy enterprise, companies with long track records and established markets,” he says. “But yeah, it’s hard to be transparent with the market when you’re in our business.”

For a new technology company to get behind the curtain into government work is not easy. You’ve got to prove to them that you are who you say you are, that you’re squeaky clean, that you can be trusted to be nosing around in their networks, and that you’re going to be around for a while. Building a better mousetrap can take months, but getting it into the hands of the military and government, that can take years.

And sometimes, even after all that work to open the door, nobody wants to buy what you’re selling, because it would mean unplugging from something else they’ve been using without major malfunction for some time. To get in, you need to go above and beyond. You need to be so much better than existing contracts, that it’s worth breaking them.

Once you’re in, however, you’re REALLY in. If a government institution allows you into their computer systems, getting you out isn’t easy. You’ve got to either really screw up, or someone has to have built something that is far superior, cheaper, and/or run by a Senator’s brother.

“Government contracts get paid on time, every time,” says Patterson. “They’re not monthly recurring revenue per se, at least not on the balance sheet, because you can’t have an endless contract in government – they have to be re-approved every year – but you have to be doing something very wrong to not get that annual approval.”

IF I TOLD YOU, I’D HAVE TO KILL YOU..

Patterson had just put out news on yet another new contract being signed when we talked, but who the contract was with was a mystery, as it often is in this line of work. Pubcos will seek approval from clients to name them in news releases but, in information security, that sort of knowledge isn’t to be thrown around willy nilly.

The first step in breaking a Fortune 500 company’s security, after all, is figuring out who is providing that security.

“Just between us girls,” I ask Patterson, “Who’s your new client?”

I know he won’t answer, but how he declines to do so is what I’m really looking for. Some CEOs will say, “It rhymes with Schmicrosoft,” while others will say, “let’s just say it’s a large online portal for automobiles that are for sale”.. But Patterson isn’t playing my game. He shrugs and says, “If I told you – if I even told you what broad area the client is involved in – I’d be charged with treason.”

Which is good enough for me to be confident his invoice will be paid on time.

While Patterson can’t divulge the deep detail of each of his contracts, he announces a LOT of them. Here’s a sample of his most recent newsflow.

And that’s just the last six weeks.

Plurilock has a slide on its investor deck called ‘600+ customers and partners’ that lists NASA, the US Air Force, US Navy, US Army, US Marine Corp, and the Department of Defense (Special Operations Command, DISA, White House Services, Joint Chiefs of Staff, Northern Command, Transportation Command), so I’m going to assume that’s the sort of rarefied air Plurilock is doing business in.

It also mentions, US Treasury, US Department of Commerce, US Department of Justice, US Department of Agriculture, US Department of Transportation, US Department of Energy, US Department of Interior, US Department of State, US Department of Labor, Federal Trade Commission, US Department of Homeland Security, and the Office of Executive of the President. It includes the Department of Water Resources, Department of Justice, and half of the government offices in the state of California.

So, I dunno, maybe it’s one of those. Maybe it’s ‘Schmicrosoft.’

THE NEWLY ACQUIRED

Of the companies Plurilock can name are the ones it has acquired, and that’s quite the list. It includes:

• Aurora IT, which focuses on Commercial, healthcare, California state, and federal government clients. That purchase cost US$1.5m to add $28m in annual revenue.
• Integra Networks, which is Canadian and focuses on commercial and government contracts up north. That cost under US$1m to get around $4m in revenues annually.
• Atrion, which is based in, and focuses on, east coast mid-market and enterprise clients. That cost US$3.7m to add $14m in annual revenues.

If you don’t want to do the math, I will.

They spent US$6.2m to get those three acquisitions over the line, and got $46m in annual revenues in doing so.

Atrion has been around for 37 years, so it’s got nice thick roots. It provides procurement, integrations, managed services, instructional training, and domain and dark web monitoring to client companies. Integra has a similar lifespan, having served Canadian government computing needs such as cyber security, infrastructure, and cloud computing for over 35 years. Aurora IT has been around over 20 years and adds security assessments and enterprise healthcare to the mix.

So Aurora isn’t picking up vaporware deals meant to spur a stock price spike, these are real companies in the real world with decades behind them and deep penetration in enterprise, government, health, and military.

You see what I mean now when I say Patterson could be forgiven for showing up alongside aides wearing sunglasses while talking into their watches. Patterson sits at the helm of a large and growing company that does business with people you’re not allowed to hear about, fending off attacks you hopefully never learn about, from people you don’t want to meet.

If Ian Patterson wanted to, he could run a ‘pen test’ on me and have my Netflix account password by end of day. I know this because, between sips of his latte, he offers.

I don’t need third party folks knowing how many episodes of Love Island I’ve watched, thanks Ian.

One thing I do point out to Patterson in that opening conversation – the “what could we do better” – is on the topic of Artificial Intelligence.

THE AI THING

You guys are nuts for AI right now, and I get why. After all, in researching this story I asked ChatGPT v4.0 to go through Plurilock’s investor deck and break down the top ten selling points. It did a pretty good job, which is why most of my researching has moved from my assistant to a bot in the last few months.

Come on now, you’ve got to admit that’s not bad. But ChatGPT isn’t the start and end of AI tools. It’s just this generation’s AOL, that makes a complex tool easy for normies to understand.

Midjourney creates a lot of the art we use to illustrate our stories. Otter AI transcribes my interviews as I’m doing them. We’re even experimenting with having AI go through mining reports to flush out the salient points. And that’s just what’s happening in our office.

AI is legit, but it’s also not new. I’ve been messing with AI writing bots since 2012, when certain large newspaper companies began using them to write financial articles, summaries from municipal meetings, and post-game sports articles. For the most part, companies claiming to use AI are actually using ‘if/then’ scripts. the sort of thing you’ll find on an e-commerce site pretending to be a customer service operator when you’re looking at shoes, or vomiting out 600 articles by Zaks Financial titled “Why ticker XYZ is up 5% today..”

Real AI learns. And that learning part is where it gets valuable. Input your data, have it interpreted, find more data to add to that interpretation, then add context, then spit out your results… then repeat it all again tomorrow with yesterday’s results as your starting point.. THAT is real AI.

And at the heart of Plurilock’s IT security tech is actual for realsies AI.

Here’s Patterson explaining how it works.

Plurilock’s AI watches you, Bob, while you’re at work selling mortgages at the bank, and it notices pretty quickly that you, like me, hit the letter S a lot when you mean to hit A. It sees you using double spacing because you learned to type when typewriters were a thing. It sees that you keep misspelling ‘accommodation.’ It knows you always have your calendar open and Plenty of Fish is going in the background and you’re watching Blue Jays box scores in the corner of your screen and when Eileen from accounting emails you, you dip out to catch her at the water cooler for fifteen minutes.

And it learns. Over time, it gets to know you, your style, your habits, your timing, so when you’re away from your keyboard with Eileen talking about Love is Blind season three, it notices that someone else has quietly sat down at your computer and begun going through your files.

That’s when Plurilock notifies IT, and security, and your boss, and then they all catch that bastard Kenneth who has been after Eileen for MONTHS trying to be sneaky with your login.

ONGOING TRUSTLESS SECURITY

I get scam attempts all day long. My junk mail folder is filled with spam, my phone is used more to convince me to ‘press 2 for Chinese’ than it is to take an actual business call, there’s a panhandler downstairs who’s apparently been ‘dying of cancer’ for four years now, and every second company I do business with wants to tie me into a ‘subscription’ that I’ll inevitably forget about until I get a $1200 annual renewal (what’s up, Adobe).

I trust nobody, and nobody should trust me. So how is it that every online account we have is accessed with a one time login, that bestows upon us complete trust that we are who we say we are?

In a traditional setting, once you’ve entered your login and password, it’s assumed you’re at your desk being trustworthy until such a time as you go home. Plurilock assumes no trust at all, from minute to minute, and monitors your situation constantly using its AI-driven invisible, continuous, multifactor authentication tech.

No, it’s not going to sound the alarm if you spell ‘Albuquerque’ wrong or check the showtimes for Cocaine Bear, but if you did that and a few other things that gave the game away, like opened a bunch of documents and moved them to a thumb drive using the wrong mouse hand, someone is going to come down from the seventh floor and say hi.

Of course, we all have those rare accounts where security is over the top, to the point where we can barely do business. Two-factor verification and a text message and a security question about what your first car was and then guess how many images have traffic lights in them. PROVE THAT YOU ARE HUMAN!

The key isn’t to obstruct you from doing business, it’s to check on you repeatedly while also staying out of your damn way.

This tech doesn’t just work, it works better as you go because ACTUAL AI.

Not the fakey AI, no if/then scripts pretending to be AI, and not chatbots or apps designed to make you fall for an anime girl.

REAL AI.

THE CHART

When looking over a stock chart, I like to compare the last year with the chart of an already massive comparable. My reasoning is, I want multiples. If the biggest guy in the sector can give them to me, that’s great, because the big guy is pretty much de-risked.

But it the little guy can match them, or beat them, that’s interesting because a $15b beast needs a LOT of good news to get me a double, while a $14m smallcap only needs a few strong hands buying in on the back of strong sentiment to get that double happening.

Here’s Palantir (PLTR.NYSE), said $15b juggernaut, over the last year.

I’d call that a wash. Not terrible in a down market, but not great.

Here’s Plurilock.

Little bit down, but trending up towards the end. Not terrible, not rock star.

But Plurilock’s market cap is just $10m, on revenues that we talked about earlier in the US$48m range – just from their acquisitions.

Can that revenue scale? You betcha.

From the company year-end note:

In a nutshell:

• Grow your business in its core vertical
• Buy a competing business that has market penetration and history
• Sell the core product to that new acquisition target’s customers, and vice versa
• Go get another acquisition
• Rinse. Repeat.

This would be a fine business plan to be pitching as a start up, and would likely bring a valuation based on its potential of something close to the $10m Plurilock is worth now.

But buying PLUR stock today gets you a matured and growing core company, the acquisitions, the revenue of the whole group, and the ability to cross-sell to all customers across the board.

Plus, you get the capital savings by being able to run departments from all those businesses from one base of operations.

THE DOWNSIDE

Every company has risk, and for mine the risk at Plurilock is in its debt, which isn’t terrifying by any measure – a few million bucks in debentures and line of credit – but is something they pay 10% interest on and will, eventually, need to be dealt with. No rush, and I’ve certainly got not problem with a company using debt to grow when share prices aren’t at their peak, but I’d be reticent to not talk about it when my audience has been built on the back of integrity.

I consider that debt to be low risk and, if I’m honest, the price of growth. I imagine if Plurilock stock broke over $0.25, they might go get some doughbucks and pay that debt down, but there’s plenty of time and opportunity to do so and no screaming need to prioritize it.

WHAT I’D LIKE TO SEE 

A quarter of no acquisitions, some corporate streamlining, and a nice clean set of financials that show close to break even or better. Give the punters a chance to do some basic head math and see that the market cap is well under-valued.

If Plurilock does that, for mine, it’s the go signal for the market that they’ve been waiting for.

In talking to the CEO, I get the idea he’s down with that idea.

“There are a lot of tasty targets out there,” he says, “and the price for many of them has dropped a lot. But the deal would have to be transformational going forward.”

No big-upping. No preening. No alpha. Ian Patterson is building a legit long term business, and if you can’t get behind that you’re just playing roulette and pretending its investing.

— CHRIS PARRY

FULL DISCLOSURE: Plurilock is an Equity Guru marketintg client