Part 1: The Rise of the AI-Era Security Buyer
Welcome to the Cyber Spring.
We’ve crossed a critical inflection point in cybersecurity. AI is not just another tool in the enterprise stack; it’s driving the most profound shift in the cybersecurity space since the emergence of the internet. It’s fundamentally changing how threats are launched, how defenses are built, and how security is evaluated and bought.
I’ve spent the past decade in cybersecurity, gaining a front-row view of how cyber has become both a global growth engine and a foundational layer of enterprise infrastructure. From early-stage venture to corporate development, and roles at both a public cyber company and a networking giant with a multibillion-dollar cyber business, one thing has always remained clear in my mind: cybersecurity evolves fast- and so should the people building it.
Now at Vintage, I have the privilege of seeing the entire tech industry from a new (and super exciting) vantage point, informed by three strategies: backing top-tier funds, investing in breakout companies, and actively acquiring secondaries in the winners. This is also fueled by our Value+ arm, bringing the voice of the customer to the funds and companies we back. This unique perspective offers us a data-rich view of how the best are building- and which strategies are breaking down.
Zooming in on the cybersecurity industry, a pattern is taking shape: we’re in a ‘Cyber Spring’.
In the ever-shifting triangle of attacker, defender, and security buyer, there’s usually one side in motion that drives change in the others. But now, AI is forcing all three to move at once; attackers are scaling with GenAI, security buyers are setting a new bar for what software must deliver, and defenders are re-architecting core layers to keep up.
This Cyber Spring isn’t just incremental change- it’s a full-system reset powered by AI. And at the heart of it lies a surprising shift: the transformation of the security buyer, long viewed as the most reactive player in the triangle.
This blog, the first in a two-part series, explores how the role of the security buyer is evolving into the most important driver of innovation in the AI era. In Part 2, we’ll shift focus to the builders- what the new Enterprise Security Stack should look like, and what security companies need to get right to meet the expectations of today’s buyers.
The New Catalyst in Cybersecurity: The Buyer
Historically, innovation in cyber has focused on either the attacker or the defender. And while AI’s role in powering threats and automating defenses has been widely covered, the market dynamics we are seeing today are fundamentally new.
As threat actors evolve and GenAI adoption accelerates across the enterprise, security buyers are emerging as a key force of change. In an environment where every product is promising ‘AI,’ buyers have become the ones forcing clarity. They’re no longer just evaluating tools- they are actively defining what good looks like and reshaping how security software must be built in the AI era.
And the top teams building, as well as the funds backing them- are taking note.
Let’s dive in.
Why Security Buyers Are Leading the AI Charge in the Enterprise
There are three threat related realities that are top of mind today for security professionals:
- External Threat: GenAI fueled attacks are accelerating. In 2024, 87% of organizations reported experiencing AI driven cyber attacks. Malware development is also on the rise; for instance, a new concept in malware are AI worms – capable of self-replicating, they can quickly spread across networks and devices, utilizing AI techniques to evade detection and adapt to security measures. The threat surface is evolving at a pace not seen before, with AI enabling faster, cheaper, and harder to detect threats.
- Internal Threat: GenAI adoption is introducing risk. Enterprises are racing to integrate AI across the business: 78% of organizations plan to increase AI spend in 2025. And as with every tech adoption wave, security risk follows. Employees may input sensitive data into public AI chatbots, risking data leakage (87% of companies worry employees will expose confidential data to GenAI platforms). Proprietary large language models (LLMs) can be susceptible to prompt injection attacks that manipulate model outputs, or to training data poisoning by adversaries. Gartner predicts that by 2027, 40% of all data breaches tied to AI will stem from misuse of generative AI by insiders or vulnerable AI workflows.
- The Existing cyber stack needs a re-evaluation. GenAI is changing the way core domains in security need to be built. Looking at recent cybersecurity companies our top funds are backing, we already see teams (many of whom are still in stealth mode) building AI ready/ native technologies across core domains. In SecOps, AI accelerates threat detection and response by automating triage, surfacing anomalies, and powering copilots that boost analyst (both Tier 1 and Tier 2) productivity. In cloud, AI maps complex interdependencies, prioritizes misconfigurations, and secures sensitive data. Identity platforms are being re–architected to manage not just users but AI identities, while countering sophisticated phishing and impersonation attacks fueled by GenAI. On endpoints, AI is powering a new wave of autonomous endpoint management, where lightweight agents detect, remediate, and adapt locally in real time, reducing reliance on cloud-based decision making (i.e., from EDR powered platforms to next gen EPP). AI is essentially forcing a re-think of every layer of the cybersecurity stack.
Given this reality, CISOs are now having to manage across three fronts:
- Defending against AI threats that existing tools across core domains are not compatible with
- Securing new surfaces across models, agents, and prompts, while mitigating data leakage risks
- Supporting their organization’s broader adoption of GenAI
But security teams aren’t just defending against AI, they’re embracing it themselves.
As the first line of defense managing the rising risks of AI, security teams are also becoming early adopters of the very technology they’re tasked with securing. Similar to the Internet revolution, they are both consumers of GenAI and the ones securing it. Recent industry surveys show that over 90% of security teams are now using generative AI in some capacity, even as two-thirds admit they don’t yet fully grasp its implications. This early adoption is yielding remarkable results: 44% of organizations report AI powered security initiatives delivering ROI above expectations, a higher success rate than any other GenAI use case across the enterprise.
Putting it into a visual, these are the forces reshaping the security buyer in the AI era:
The AI-Era Security Buyer: Redefining What Good Looks Like
Driven by AI adoption and by escalating AI powered threats, enterprise security buyers are shifting their expectations for security products and vendors:
- AI-Native Functionality: Security buyers now expect solutions that leverage AI by design (not as a retrofitted add–on). For example, Microsoft’s Security Copilot uses a GPT-4 model to help analysts investigate incidents and respond. Other Agentic solutions can automate Identity Access Management flows, a long time painful area for security teams.
- Modern User Experience: Teams seek a modern, intuitive “GenAI-native” user experience. This includes natural language interfaces (like chat-based query of security data) and assistive AI “copilots.” In fact, 36% of organizations have already integrated AI-enabled cybersecurity workflows – the highest integration of GenAI in any business function. Tools that can intelligently automate analysis, detect subtle anomalies, or even generate proactive defenses, all while delivering a consumer software-like experience, are in demand.
- Faster Time-to-Value: Patience for long deployments has waned. Buyers now expect rapid proof-of-value – clear results within days or weeks of onboarding. This reflects the breakneck speed of AI-era threats and the need for tools that can immediately augment stretched security teams. Vendors are expected to deliver quick wins (e.g. finding misconfigurations or stopping new phishing scams soon after installation).
- Operational Efficiency: With budgets under scrutiny, CISOs prioritize automation and agentic AI to do more with less. The SOC is one of the first security work areas to benefit from this. Solutions that demonstrably reduce manual workload – whether by auto-triaging alerts, handling routine incidents, or hunting threats autonomously – are favored. In 2024, 91% of security teams using GenAI said it was to boost efficiency in their SecOps processes.
Security buyers are now emerging as a proactive force within cybersecurity- redefining what security software needs to do, how it’s evaluated, and how fast it must deliver value. This shift is already influencing how vendors build, and how capital is being deployed. Vendors that fail to understand today’s security buyer- won’t just lose deals. They’ll miss the market opportunity entirely.
Up Next: Building for the AI- Era
In Part 2, we’ll explore what this new buyer mindset means for founders and the platforms they build: what today’s security stack must look like, and how leading teams are rethinking everything from architecture and UX to GTM to meet the expectations of the AI-era buyer. And as RSA days are upon us, we will also share the questions shaping our conversations with founders this year.
Read Part 2.
Get in touch with Iren Reznikov:
