We are at a critical turning point in data security, driven primarily by artificial intelligence (AI). My recent conversation with Jonathan Roizin, CEO of Flow Security—now part of CrowdStrike—has reinforced my belief that the cybersecurity industry urgently needs to reconsider its strategies for protecting data in this rapidly evolving digital landscape.
Roizin has spent more than 15 years tackling cyber threats, both as a leader within elite Israeli cybersecurity organizations—including Unit 8200 and Sygnia—and as a founder at the forefront of innovation. His approach to data security, which prioritizes “data in motion,” underscores a reality we can no longer ignore: data no longer sits still. It flows dynamically across cloud services, SaaS platforms, and APIs, and this fluidity fundamentally changes how we must think about protecting it.
The stakes are high. According to IBM’s 2023 Cost of a Data Breach report, the average cost of a single breach reached $4.45 million, marking an all-time high. The complexity of data management is accelerating: organizations today use an average of over 130 SaaS applications, a figure that has surged by nearly 18% annually over the past three years (Okta Business at Work Report, 2023). Yet, most companies still approach data security with outdated models that treat information as static and manageable within clear perimeters.
Roizin highlighted a significant shift away from traditional Data Leakage Prevention (DLP) methods, which were primarily designed to lock down endpoints and internal networks. As he succinctly put it, “The boundaries have been broken.” With organizations migrating to public cloud environments—like AWS, Google Cloud, and Microsoft Azure—the idea of a defensible perimeter around data is increasingly obsolete. In fact, according to Gartner, by 2025, 85% of organizations will operate primarily in cloud-based environments, making traditional perimeter-focused data security approaches even less effective.
The rise of AI further complicates this scenario. AI-powered productivity tools are flooding workplaces, from sophisticated coding assistants to real-time note-takers in meetings. Roizin described scenarios in which employees inadvertently shared sensitive data through unmonitored AI tools, dramatically increasing organizational vulnerability. A recent Team8 report validates this concern, showing AI-driven phishing attacks have increased by more than 2,000%, with nearly half leveraging GPT technology to generate authentic, persuasive communications.
However, Roizin also presented a compelling vision of AI as a double-edged sword—not only magnifying threats but providing powerful means to counteract them. Flow Security’s technology, for example, employs AI-driven automation to classify and monitor sensitive data flows continuously, providing real-time visibility and prevention that static or rule-based systems simply cannot match. It’s an approach I deeply believe organizations must adopt swiftly.
But this evolution requires a deeper philosophical shift: organizations must accept that security can no longer rely on passive visibility. Instead, cybersecurity must transition to proactive, real-time interventions powered by artificial intelligence. Roizin and I share a common perspective here: Security teams should not merely alert organizations to potential risks—rather, they must actively prevent data breaches before they occur.
I strongly believe that the future of cybersecurity will depend on our ability to harness AI to understand complex contexts and intervene intelligently, dramatically reducing the false positives that plague today’s overloaded security operations teams. In my own work at Clarity, addressing identity fraud through advanced AI techniques, I’ve seen firsthand how targeted, real-time interventions can protect organizations more effectively than reactive measures.
The conversation with Jonathan Roizin confirmed my thesis: the cybersecurity industry is entering a new era defined by fluidity, interconnectedness, and rapid technological change. Organizations must rethink their security frameworks, replacing outdated perimeter models with dynamic, AI-driven defenses that adapt to data’s constant motion.
Those who fail to embrace this new paradigm risk becoming overwhelmed by complexity and vulnerability. But for organizations ready to act decisively, AI presents an unprecedented opportunity to achieve genuinely resilient and adaptive cybersecurity.
Michael Matias is CEO and co-founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms Bessemer Venture Partners and Walden Catalyst. Clarity specializes in developing AI-driven technologies that protect organizations against sophisticated phishing attacks, including deepfakes and AI-generated social engineering threats. Before founding Clarity, Matias studied Computer Science (specializing in AI) at Stanford University and led cybersecurity teams for several years in the IDF’s elite intelligence unit, 8200. Forbes Israel recognized Matias at a young age, selecting him for the exclusive 18Under18 list in 2013, and three years later he was named to Forbes 30Under30. Matias authored the book “Age is Only an Int” and hosts the podcast “20MinuteLeaders.”
