Offensive Cybersecurity is shifting from a point-in-time assessmentcheckbox to continuous. That’s the core message I took from my conversation with Shahar Peled, CEO of Terra Security, who’s leading a quiet revolution in offensive security with AI agents at the center.
“We’re not talking automation anymore—we’re talking autonomy,” he told me. Shahar’s background spans shift-left security, Application Security, Data and businessred teaming, and years of real-world penetration testing. But what makes Terra unique is this: they’re not building dashboards. They’re building AI agents that test—and exploit—vulnerabilities just like real ethical hackersattackers would.
This mindset is part of a broader movement I’ve heard echoed by leaders like Tsion Gonen and Daniel Krivilevich: cybersecurity must move from passive scanning to proactive simulation. Terra is putting that philosophy into action.
According to Shahar, 70–80% of penetration testing today can already be handled by agentic AI. These systems don’t just scan—they chain together multi-step exploits, simulate business impact, and surface real risks, not theoretical ones.
That shift—from finding a CVE to proving how it can compromise customer data—is massive. It’s what transforms vulnerability management from “check the box” to “protect the business.” And it’s the kind of evolution that modern CISOs—like Tom Mes told me—are desperate for.
Another fascinating angle is culture. At Terra, Shahar doesn’t hire based on pedigree—he hires for AI fluency (‘Born in AI”). “Every team member operates like four,” he said. This is the reality of AI-native security startups: agility isn’t a feature. It’s the product.
Shahar’s vision of continuous, autonomous offensive security pairs naturally with what we’re doing at Clarity. While we focus on stopping AI-powered phishing and deepfakes before they reach employees, Terra is ensuring organizations find and fix weaknesses before attackers do. Both approaches hinge on the same principle: real-time, agent-driven defense.
As the threat landscape becomes more dynamic and less predictable, static, point-in-time testing no longer cuts it. Terra’s approach—persistent, autonomous, business-aware attack simulation—is the kind of foundation security programs will be built on in the AI era.
“We don’t want to just find issues—we want to understand their impact,” Shahar said. That single sentence captures the future of cybersecurity. It’s not about noise. It’s about signal. It’s not about more alerts. It’s about fewer surprises.
The shift from automated to autonomous isn’t optional anymore. It’s where cybersecurity is going. And thanks to leaders like Shahar, it’s already here.
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
