We are at a critical inflection point in cybersecurity, propelled by rapid advancements in artificial intelligence. Recently, I had the privilege to speak with Demi Ben-Ari, CTO and co-founder of Panorays, about how AI is reshaping third-party cyber risk management (TPCRM)—a topic that deeply resonates with me due to my work at Clarity. Our conversation revealed both the profound vulnerabilities and compelling opportunities AI introduces to cybersecurity.
Over the years, I’ve observed how organizations increasingly rely on third-party vendors, transitioning from closed systems to expansive digital ecosystems. As Demi pointed out, most organizations unknowingly interact with hundreds of third-party services, dramatically broadening their risk exposure. A seemingly harmless browser extension like Grammarly, for instance, can quietly capture and expose sensitive corporate data, underscoring just how complex managing third-party risks has become.
Historically, third-party cyber risk management involved cumbersome manual processes, such as filling out endless Excel questionnaires—a practice frustratingly inefficient and incapable of scaling with today’s demands. AI fundamentally changes this landscape by automating and streamlining the monitoring and assessment of third-party relationships. Demi shared how Panorays has implemented self-hosted AI models specifically designed to protect user privacy while dramatically improving operational efficiency. “Organizations today are extremely wary of third-party AI tools potentially training on their sensitive data,” he explained.
This shift towards AI isn’t merely a defensive play; it’s a proactive strategy that harnesses artificial intelligence to strengthen security postures. But it also brings about new attack vectors, with malicious actors increasingly leveraging AI for sophisticated, scalable breaches. Deepfakes and AI-driven identity manipulation, threats I have become intimately familiar with at Clarity, represent a growing danger. Demi emphasized, “It’s shockingly easy today to fake identities, creating new layers of risk previously unimaginable.”
The concept of AI Security Posture Management (AISPM) emerged prominently in our dialogue. This new paradigm focuses on securing AI tools themselves, reflecting a broader trend towards recognizing AI’s dual role as both protector and potential threat. As organizations integrate more powerful language models such as OpenAI’s GPT and Google’s Gemini into their workflows, ensuring these tools’ security becomes paramount. “The recent emergence of models like DeepSeek underscores the hidden risks,” Demi cautioned, highlighting that organizations risk unknowingly compromising their data.
Reflecting on our conversation, I see cybersecurity at a significant crossroads. AI represents both an extraordinary tool for defense and a profound risk multiplier. Demi’s insights reinforced my conviction that traditional cybersecurity perimeters are dissolving. To effectively navigate this new terrain, companies must adopt proactive AI-driven security frameworks capable of anticipating and mitigating increasingly sophisticated threats.
Looking forward, I am convinced that organizations embracing AI-driven cybersecurity solutions will position themselves as leaders in this evolving landscape. Conversely, those who hesitate risk becoming outdated, exposed to vulnerabilities that traditional methods can no longer effectively manage. AI isn’t simply a technology to deploy; it’s a foundational element of modern cybersecurity strategy.
As Demi aptly summarized, “The perimeter as we knew it is disappearing. AI is reshaping the cybersecurity battlefield. Organizations must prepare.”
In this dynamic era, it’s clear: cybersecurity strategies must evolve rapidly, integrating AI not as an add-on, but as a fundamental component of their defense. Those who adapt swiftly will secure their place at the forefront of cybersecurity innovation.
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity specializes in developing AI-driven technologies to protect organizations against advanced phishing attacks, including deepfake and AI-generated social engineering threats. Prior to founding Clarity, Matias was recognized by Forbes in both its exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
