← Back to Library

AI doesn’t make it much easier to build security startups

By Ross Haleliuk · Venture in Security · · 14 min read

Deep Dives

Explore related topics with these Wikipedia articles, rewritten for enjoyable reading:

  • Technology adoption life cycle 12 min read

    The article discusses slow adoption curves in security and how AI doesn't accelerate enterprise sales cycles. Understanding the technology adoption life cycle (innovators, early adopters, early majority, etc.) provides crucial context for why B2B security products face inherently slow market penetration regardless of development speed improvements.

  • Enterprise software 9 min read

    The article contrasts consumer software development with enterprise security sales, arguing that faster feature shipping doesn't translate to faster growth due to procurement complexity. Understanding the unique characteristics of enterprise software sales cycles, evaluation processes, and buying committees illuminates why security startups face these specific challenges.

  • Proof of concept 15 min read

    The article argues that AI prototyping tools help create demos but don't validate real demand because 'real validation in B2B only really comes when someone is writing a check.' Understanding the formal concept of proof of concept versus prototype versus minimum viable product clarifies the distinction the author is making about demand validation.

There are many discussions about how AI is changing the way the cybersecurity industry operates, and I am certainly the last person to argue with this thought. At the same time, I have developed the perspective that for startups, it doesn’t change the game as much as many assume it does. Before I lose you completely, let me explain.

For this conversation to make sense, I think we need to separate two lines of thought: what AI enables for customers, and what AI solves for startups. These are two very different conversations, and while I want to focus the article on the latter, it won’t fully make sense if I don’t briefly address the former.

This issue is brought to you by… Harmonic Security.

Early Access Open: MCP Gateway with Intelligent Data Controls

Agentic AI is moving fast and most teams have no visibility into what’s actually happening.

Harmonic’s MCP Gateway changes that.

It’s a lightweight, developer-friendly gateway that gives security teams visibility into MCP usage and the ability to set real controls, blocking risky clients or data flows before something slips through.

We’re opening early access to a limited number of forward-leaning security teams. Request early access for your team here:

For customers, AI is transforming how security is done

Over the past year, it has become clear to me that AI is already transforming how security is done. Now, this is not because LLMs are perfect at detection, or that AI has no gaps (they aren’t, and it does). A much more important reason why I am bullish on the opportunities this wave of AI unlocks is simple. Well over 90% (and some people would even say 95-97%) of security teams’ day-to-day is not some advanced incident response or dealing with nation-states. Most of the security teams’ work has nothing to do with chasing advanced adversaries. Much more than that, it’s boring, mundane stuff like:

  • Updating reports and dashboards for leadership

  • Collecting screenshots and evidence for audits

  • Responding to repetitive access and compliance requests

  • Reconciling data across tools and systems

  • Investigating low-priority alerts that never amount to much

  • Documenting findings and closing out endless tickets

I previously wrote a dedicated deep dive about this if you are interested in reading more: Most of the security teams’ work has nothing to do with chasing advanced adversaries.

The main point here is that all this manual stuff is ...

Read full article on Venture in Security →

This excerpt is provided for preview purposes. Full article content is available on the original publication.