The cybersecurity industry has a number it does not like to talk about. It takes organizations more than 30 days, on average, to fix a critical vulnerability. Last year it was 128 days. Attackers find the same hole in milliseconds.
Marina Segal has been staring at this gap for years. As co-founder and CEO of Tamnoon.io, she built a platform that sits on top of an organization’s cloud security stack and closes vulnerabilities autonomously. Tamnoon connects to existing detection tools, takes the thousands of findings they generate, and runs an agentic pipeline that was trained by experts executing millions of remediation then prioritizes, triages, investigates, and remediates without causing any outages or impacting production operations. . The company calls it “autonomous remediation,” and the premise is simple: detection without action is just a more expensive way to know you are exposed. On Episode 4 of The Autonomous Business Podcast, she sat down with enso’s Founder and CEO, Mickey Haslavsky to explain why billions of dollars in cybersecurity investment solved the wrong problem, and what happens when defenders finally learn to move at the speed of attackers.
The Industry Needs Group Therapy
Marina opened with a claim that had nothing to do with technology. She said the cybersecurity industry needs to start focusing on operations and outcomes.
Her reasoning: for decades, career advancement in security (and every other function) was measured by headcount. The more people reporting to you, the more senior you were. It was an ego structure disguised as an org chart.
Now agents are entering that chart. And the people who should be adopting them are pushing back, not because agents do not work, but because agents do not count as direct reports. Marina sees security leaders choosing to hire five people offshore over deploying an agent, not because it is more effective, but because it advances their career.
Her fix is structural, not motivational. Until leadership ties career progression to outcomes instead of team size, the adoption of autonomous security tools will stay slow. The psychological barrier is harder to solve than the technical one.
For decades, cybersecurity companies followed one formula: find a thing to protect, build detection around it, generate alerts, and hand the rest to humans – no focus on how to make it fully operational.
The result is what every CISO knows but rarely admits publicly: dashboards full of findings, teams buried in alerts, and critical vulnerabilities sitting open for weeks because fixing them requires three approvals, two teams, and a change management process that was designed for a slower world.
The detection side of the problem is solved. Models can now find nearly anything in your environment. The unsolved problem is operational: once you know something is broken, how fast can you actually fix it without breaking everything else?
This is the asymmetry that makes security fundamentally different from other AI applications. Attackers do not care about safety. They can break things without consequence. Defenders must fix problems without disrupting production systems. Every autonomous action carries risk. And that risk has kept the industry in a mode of finding problems rather than solving them.
The Self-Driving Car Trajectory
Marina draws a parallel that makes the problem intuitive for non-security leaders. Five years ago, she did not trust full self-driving. She had spent her career watching software fail. She did not trust developers enough to let their code drive her.
Then she sat in a car that worked. Today, 98% of her driving is autonomous.
Security operations are on the same trajectory, she argues. The industry needs to drive enough remediation “roads,” in enough scenarios, capturing structured human decisions at each step, until the models can handle the routine 90% alone. Humans remain for the 2% requiring judgment.
But unlike a self-driving car, which solves one core problem (navigating roads), security faces thousands of distinct problems. Different cloud services, different misconfigurations, different vulnerability types. Each needs its own trained model. Tamnoon broke the challenge into four layers: prioritization, triage, investigation, and remediation. Each layer has four or five steps. Each step trains its own model. The autonomous car of cybersecurity is not one car. It is a fleet, each trained for a different road.
When Agents Attack Agents
Mickey raised a scenario that sounds like science fiction but is not: a world where AI agents attack systems while other AI agents defend them, in an infinite loop with no humans in the middle.
Marina’s response was counterintuitive. She does not believe phishing will remain a human problem. If an agent manages your inbox, it can incorporate signals about how attacking agents operate. Agent-to-agent, the detection becomes instant. The phishing problem, she argued, goes away when humans stop being the ones reading emails.
What remains is the operational layer underneath. Two types of tools will define the next era of cybersecurity: sensors that detect everything (the solved problem), and orchestration systems that fix everything at speed (the unsolved problem). The companies building the second category will define the industry for the next decade.
The Culture Question for Non-Technical Leaders
Marina’s advice to business leaders outside cybersecurity is surprisingly simple. If you as a CEO never mention security, do not expect your team to care about it. The same way you model respectful culture by example, you model security awareness by asking questions consistently.
Have you thought about privacy? What happens if we get ransomed? Who has access to this data? Those questions, asked repeatedly, change behavior more effectively than any tool purchase.
And the basics still matter. Zero trust, multifactor authentication, backups. These principles are not changing because of AI. What is changing is how fast you need to respond when something gets through. Marina shared two cases from last month: two similar non-tech companies, similar in size, hit with similar incidents. One resolved it in 18 hours. The other took weeks. Same exposure, same starting point. The difference was purely operational readiness.
The Org Chart in Five Years
Marina sees mid-level management largely fading away. The org chart splits into two layers: top leadership making strategic decisions, and individual contributors who each manage teams of agents. The translation layer in between, people whose job is to convert strategy into execution, gets replaced by orchestration.
The people who thrive will not be the ones who can stay at a high level. The distance between strategy and execution is collapsing. You need to understand, at the interaction level, how your agents work. Not writing code. But understanding the details of what is happening underneath.
She compared it to how we already live: switching between apps, processing multiple conversations in parallel, scrolling between contexts. That same parallel-processing muscle will define how the best operators work. The scrolling patterns we developed on social media, it turns out, were training for the job of the future.
Mickey Haslavsky is the Founder and CEO of enso and a Forbes 30 Under 30 alumnus. He previously founded Rapid (acquired by Nokia) and hosts The Autonomous Business Podcast, in partnership with Forbes Israel.
Marina Segal is the Co-Founder and CEO of Tamnoon.io, a platform for agentic remediation in cloud security.
