I knew this RSA Security Conference would be 🔥 with the “call to arms” post that JPMorgan CISO Pat Opet released on Friday before the event. The post, an open letter to third-party suppliers (covered in What’s 🔥 #443 last week) urged SaaS vendors to reprioritize security equal to or above launching new products. In other words, stopping shipping cool AI features repeatedly without secure by design principles as a first class citizen in your product release cycle. As George Kurtz from Crowdstrike said at a dinner I attended, “AI is the democratization of destruction” - more holes than ever with more hackers than ever with expert level skills = a recipe for disaster!

Pat’s post was certainly the talk of the week along with Palo Alto Networks’ acquisition of Protect AI, a boldstart portfolio company. Here’s a clip from CNBC - “Palo Alto Networks CEO Nikesh Arora on how market's 'mad rush' into AI led to a major acquisition.”

I’ve got to admit—knowing the acquisition press release was set to drop at 5:15am PT didn’t make for the best night’s sleep 🤣. But it was worth every minute. I’m beyond thrilled to have co-led the initial round at Inception and to support Protect AI’s incredible journey as a board member.

More importantly, I wanted to share the story behind the company—not just to celebrate the win, but to highlight some of the key moves Ian, D, and Badar made that future founders can learn from. Here’s a 12 part 🧵 on the story, some of which I’ll clip below.

Some fun commentary from my friend Sheel in his post.

Funnily enough, I was asked 2 months before RSA to speak on a panel on Securing AI at JPMorgan’s Annual Security Event - the timing couldn’t have been any better.

One question that was asked on the panel was how a startup in today’s environment can stand out and win in AI security?

Here are my thoughts:

First, I wish I had a crystal ball and really knew, but I don’t.

All that we believe today can be upended in 3, 6, or 12 months. No matter what we believe to be true now, may not be true tomorrow because of how fast AI and technology is moving. Securing AI was an afterthought when we first started collaborating with Ian Swanson in late Novemeber 2021 and now you can’t have AI in the enterprise without AI Security.

Think about it - MCP came out in November, yeah it’s cool, but rife with security holes. It started as interesting, an open source project by Anthropic, and now, in the last 2 months steamrolled into a standard with competitor OpenAI and others like Google and Microsoft supporting it. Where there are users and new infra, there are new vulnerabilities.

Same with agents - will A2A take off? IMO, a whole new infrastruture will have to be built in a world where machines generate over 90% of the traffic versus humans. We’ll need firewalls to block scrapers from stealing content to only good guys in and bad machines out, agentic security like authentication and authorization to provide proper credentials and access with temporal policies, and we’ll need a whole lot more which we can’t even envision now.

The change is so rapid that the only constant is change.

How do we operate in this world?

I truly believe in “creative destruction” - to be a founder or investor you need to be an optimist. Great teams will always trump and outbuild and outexecute incumbents. The problem is that every investment a venture investor makes falls under that paramater and only a select few reach escape velocity or build something so special and so ahead of the market that an incumbent will just need to have that team and product to be part of it.

One other caveat is that security now is everywhere - secure by design has to be part of any platform. Now the cybersecurity market has expanded - Google Cloud playing catch up with the Wiz, what will AWS do? My perspective is that security is more than just security vendors - every platform where builders coalesce have to have some default security.

As Guru Chalal from Lightspeed siad, their job is to offer good enough while cybersecurity vendors can offer the enterprise grade version. Sure, small businesses will be fine with free and good enough but the largest of enterprises won’t.

Case in point, Hugging Face is the platform for all open source models. When there are users and models, there are tons of vulnerabilities. Hugging Face, of course, offers their own version of model scanning called Pickle. It’s solid but they partnered with Protect AI, a portfolio co, to do more as you can see below (more here).

Perfect example of good enough and best of breed.

Another example is Meta and Llama - it just released a whole suite of open source AI security products as part of RSA - see below and it’s pretty comprehensive! Perhaps a vendor can commercialize all of this open source software and 10x it for enterprises?

So founders, there will be new attack vectors and buyers will buy best of breed but…the big question is how many best of breed vendors are features versus products? None of us know but that’s the game we are all playing. To that end, besides conceiving of Protect AI 1 year before the ChatGPT moment, the other amazing thing that the founders did was expand into a platform from a point solution early in it’s lifecycle.

I’m not suggesting everyone follow this playbook, but the point is, they learned from customers and the market quite quickly that if one vendor could do more than offer one feature, large customers would be willing to purchase more software. This is also why Nikesh and Palo Alto Networks ended up buying Protect AI as it could quickly accelerate its roadmap and also bring 100 people over to lead the market.

To hammer 🔨 that point one more time, great teams always will outexecute others and build amazing companies.

As always, 🙏🏼 for reading and please share with your friends and colleagues!

Scaling Startups

#💯 cannibalize product every 6-12 months, let’s say 6 as speed now is insane

#as I like to say about venture, Go Big, Go Niche and Specialize or Go Home

#current pre-money valuations for startups from Peter Walker Carta

#❤️ winning

#

Enterprise Tech

#besides RSA this was the biggest news of the week - MCP remote, executing from the cloud not just your laptop - opens up a whole new world of tools that AI can use

#agents buying for you courtesy of Visa

#great listen…reimagining work

#😲

#hot takes from RSA from my colleague Ron Miller, former enterprise reporter for TechCrunch, on FastForward - read and subscribe here! This is a really great issue!

Permissions challenges

For starters, when you have agents operating autonomously, there are going to be huge identity and authorization problems. That’s because unlike traditional software, which typically operates with static and isolated access rights, AI agents could dynamically delegate tasks to other agents. The question becomes, how do you track and control these permissions as agents interact and move around an organization.

Phil Venables, who until recently served as CISO for Google Cloud, addressed this issue during a panel discussion this week. He pointed out that while agent-based systems offer efficiency, their ability to delegate tasks introduces a number of possible cascading risks.

“So an agent will have an identity and have a set of permissions that are granted to it by the person or thing that's driving that agent,” he said. “But then, unlike other privileged protocols, that agent is then going to have to have the ability to delegate to another agent, which may still delegate to another agent because these are networks.” Venables admitted that everyone is still trying to figure out how to make this work in a secure way.

#a recap of our annual Sunday Night CISO event with the CISOs of Cloudflare, Elastic, and former CISO Atlassian - cohosted with friends at IVP and Acrew Capital

CISOs clearly need help when it comes to providing AI security, and they may look to vendors, especially startups with innovative ideas. But they are wary of hype and overreach. “If you reach out basically saying that your product can fix all of our problems and do everything that we need to do – that turns me off," Andress said.

It’s hard for CISOs to know if tools work the way they are being pitched. Sathiamurthy says he looks to peers for help. “If I'm looking for anything, I'm talking to a CISO who is already either using it or knows about it because their input is most valuable,” he said.

#30% of Microsoft and Google code generated by AI!

# but according to Snyk, a portfolio co, it has 30-40% error rates 🤯

#must read…

#2 million developers on Supabase - insane execution

#

Markets

#🤔

#prep for it?