The cybersecurity industry stands at a crossroads unlike any we’ve encountered before. As AI-driven threats grow increasingly sophisticated and accessible, the role of Chief Information Security Officers (CISOs) has evolved from challenging to nearly impossible. My recent conversation with Tom Mes, a seasoned cybersecurity strategist and advisor, deeply resonated with me as I reflected on my own experiences at Clarity and the critical shift toward proactive, AI-driven defenses.
Tom’s extensive background—including leadership roles at industry giants such as EMC and Juniper, and his invaluable work nurturing innovative startups—has given him a unique vantage point. His perspective is especially relevant as we both share a deep-rooted passion for Israeli innovation in cybersecurity, something we’ve seen firsthand through our parallel entrepreneurial journeys.
One of the most striking insights from our discussion centered on the rapidly decreasing cost and increasing sophistication of cyberattacks, facilitated by AI. As Tom succinctly stated, “The cost of launching an attack has dropped so dramatically due to AI that if organizations don’t respond with similar AI-driven solutions, they simply won’t stand a chance.” This observation underscores a critical transition from a passive, alert-based security posture to proactive, real-time intervention—something that organizations can no longer afford to overlook.
Reflecting further, it’s clear to me that CISOs today are faced with unprecedented pressures. The traditional security perimeter, once clearly defined and easily defensible, has virtually disappeared. Today’s attacks are micro-targeted and relentless, making the role of CISOs significantly more complex. As Tom put it, “The CISO’s job has transitioned from very difficult to nearly impossible.”
Yet, this era of complexity also presents enormous opportunities, particularly in leveraging AI for security operations. For example, Third-Party Risk Management (TPRM)—often bogged down by manual, ineffective processes—has been transformed by AI-driven automation. Tom highlighted this by noting, “Organizations waste significant resources filling out and reviewing risk questionnaires that no one thoroughly reads. AI-driven solutions can automate this entire process, dramatically increasing accuracy, efficiency, and protection.”
Similarly, AI-powered Security Operations Centers (SOCs) represent a crucial, low-hanging fruit for enhancing cybersecurity. Given the persistent challenges around hiring and retaining skilled security personnel, integrating AI to automate routine tasks can significantly amplify human capabilities, allowing CISOs and their teams to focus on strategic, high-value activities.
What’s particularly exciting, as Tom emphasized, isn’t necessarily the creation of entirely new cybersecurity technologies, but the enhancement and optimization of existing frameworks through AI. Companies like Check Point and Microsoft exemplify this approach, embedding AI-driven capabilities within established security infrastructures to provide rapid, proactive threat detection and response.
In essence, organizations that swiftly adopt AI-powered cybersecurity measures will secure a significant competitive advantage, whereas those clinging to outdated methods risk exposure and obsolescence. Tom’s insights reinforce my conviction that the future of cybersecurity hinges upon the strategic and effective integration of AI—not just as an adjunct tool, but as a foundational component of organizational security.
As we look toward this new frontier, the imperative is clear: embrace AI-driven strategies proactively, or risk being left vulnerable in an increasingly hostile cyber landscape. The role of the CISO, challenging as it is, can become more manageable—and indeed more strategic—by fully leveraging the transformative power of AI.
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.