Part 2: What Security Companies Must Get Right in the AI Era
In Part 1 of this series, we explored how the enterprise security buyer has become the driving force behind innovation in the AI era- reshaping how cybersecurity solutions are evaluated, adopted, and expected to deliver. In this second piece, we turn to the builders.
In our conversations with security founders over the past 12+ months, we have noticed a growing divide: those adapting to the evolving mindset of the AI-era buyer- and those still running the same playbooks. That gap is widening, and we believe it will separate the winners from those left behind.
Too often, technical cyber founders remain deeply focused on the tech, but not enough on the product/ user. In the AI era, that gap is no longer a luxury- it’s a liability. As AI reshapes how security buyers want to consume software and what they expect from security products, the modern Enterprise Security Stack must evolve to meet that shift.
So what does that stack look like? And what must today’s security companies get right- from product architecture to go-to-market, to build for this unique environment?
Let’s dive in.
New Playbooks for Building Security Companies
Founders building in this new and brave environment, need to adapt their product and GTM strategies to meet the high bar set by modern enterprise buyers. Across the market, well-informed teams are focusing on the next pillars:
- AI-First from Day One: Leading new security platforms are being architected around AI from the ground up, rather than treating it as a bolt-on. This means designing data pipelines, cloud infrastructure, and user interfaces that assume dealing with AI– generated data, continuous AI deployment, and real time feedback loops.
- Getting Agentic Security Right: To earn trust in enterprise environments, agentic security must deliver on three fronts: reliability, integration, and enterprise context-awareness. Agents should produce accurate outcomes and avoid issues like inconsistent data or hallucinations. Seamless integration with existing security workflows and infrastructure is essential to avoid adding complexity, while customization and context allow agents to adapt to the nuances of different orgs, threats, and data.
- Designing for the Modern Security User: Security teams expect a modern product experience: fast onboarding, intuitive configuration, and natural language interfaces. Think PLG principles but for top down sales as well. Interoperability and user-centric design will be as just as important as detection accuracy to win over enterprise champions.
- Fast Value Outcome-Driven Selling: Gone are the days when a security startup might have won deals after lengthy POCs coupled with promises to deliver value when fully deployed. By front-loading ROI in pilots, companies build credibility and shorten sales cycles– a vital advantage when budgets are tight (and they are ALWAYS tight, even in security). The new crop of AI era companies prioritizes lightning-fast deployment and value demonstration. A cloud security startup may provide a quick scan of a customer’s cloud and immediately surface a handful of critical misconfigurations or sensitive data exposures to prove its worth. This “land fast” approach aligns with buyers’ time-to-value expectations.
Putting our observations into a visual, we’re excited to share what we see as the New Enterprise Security Stack in the AI era.
It captures how AI is reshaping both the architecture of security platforms and the buyer expectations surrounding them.
This stack reflects the mindset we are seeing across top security founders today: AI isn’t an add-on, it’s embedded across every layer, from infrastructure to delivery and outcomes. Buyers now expect security software to match how modern teams work. For founders, this creates two major opportunities: to build new platforms from first principles, and to take market share in core categories being reshaped by AI.
And the market is paying attention. This shift is already drawing significant capital and strategic interest.
Market Momentum and Capital Behavior
AI is now influencing capital deployment. It’s not only creating new categories – such as LLM security – but also driving investment into core domains being transformed by AI like identity, cloud, and endpoint protection.
Financing data in 2024 shows the Cyber Spring in full force:
- Cybersecurity VC investments reached $13.2B globally – up 40% YoY.
- 892 deals closed, marking a 16% increase in deal count.
- Cybersecurity M&A multiples increased 33% YoY (8.8x median revenue), higher than 2021 levels.
- Record M&A activity by strategic acquirers (174 deals), pushing to solidify market positioning.
Across Vintage’s fund and direct portfolios, we observe investors moving earlier and preempting rounds based on team quality, timing, and architecture – often before revenue ramps. The fast pace of the industry is also being fueled by repeat founders that know how to go quickly through the first stages of PMF and execute with platform-level ambition.
What to Watch for at RSA 2025
RSA 2025 will reflect the current market environment: high activity, higher noise. It’s enough to look at the RSA Innovation Sandbox finalists – 8 out of 10 mention AI in their tagline.
The ability to differentiate between true AI-native value and marketing-driven narratives will be key. Here are some of the questions that will guide our conversations with founders:
- Does the product align with how modern security teams expect to work with software in the AI era?
- Are companies showing real Proof of Value outcomes in the PoC stage?
- For growth stage companies with 3–4 year-old architectures, are platforms able to classify and protect AI-generated data and detect/enforce against AI-driven attacks?
- Are companies designing for cross-functional buyers, not just the CISO, but also data, infra, and risk stakeholders involved in GenAI governance?
- Can the company clearly articulate how its platform drives measurable ROI, whether through reduced incident costs, improved analyst efficiency, or vendor consolidation?
No Rest for the Wicked…or the Cyber Teams Chasing Them
AI adoption is not yet another technological trend. It is a foundational shift in how people work, interact, and consume software. It’s only comparable to the rise of the internet some 40 years ago; not just in the scale, but in how rapidly it is reshaping enterprise environments.
Recent data show that GenAI is being adopted faster than both personal computers and the early internet. In just two years, nearly 40% of U.S. adults aged 18–64 reported using GenAI tools, with 28% already incorporating them into their day-to-day work.
In this reality, existing cybersecurity frameworks just cannot remain static. Much like the evolution from perimeter security to zero trust, it is time for a paradigm shift in how cybersecurity is designed.
The Cyber Spring is just beginning. If you’re building or backing the future of cybersecurity, we’d love to connect. At Vintage, we partner with founders, funds, and platforms shaping the next generation of security.
Get in touch with Iren Reznikov:
