Cybersecurity is at an inflection point, fueled dramatically by rapid advancements in artificial intelligence (AI) and a fundamental shift in cloud infrastructure. My recent conversation with Ian, co-founder and CEO of a pioneering early-stage AI cloud security startup, reinforced a critical insight: visibility alone is no longer sufficient—organizations must now leverage AI to proactively remediate security threats.
Ian’s extensive background uniquely positions him as an authority in the cybersecurity field. His experience spans roles from hacker and penetration tester to CISO at a large international public company, and now, entrepreneur. Ian’s depth of understanding was clear when he explained, “As a CISO, you’re responsible beyond technology—it’s about enabling your organization strategically and managing risk effectively. Security should enable business, not hinder it.”
His insights echoed my belief that cybersecurity leaders today face increasingly challenging roles due to the growing complexity and sophistication of threats. Traditional security tools, though valuable, typically offer visibility into vulnerabilities but fall short in providing actionable solutions. This gap—what Ian refers to as the difference between visibility and “actionable ability”—poses significant risks.
Ian vividly captured this pain point, stating, “Security teams today see the vulnerabilities clearly, thanks to great visibility tools like Wiz or Orca. Yet, they remain powerless to implement actual solutions directly.” This bottleneck emerges because security teams typically pass recommendations to overloaded DevOps or infrastructure teams, creating delays and leaving systems exposed.
From my perspective, this issue underscores a broader need: cybersecurity must evolve from passive reporting to proactive and automated remediation strategies. Ian’s startup addresses precisely this challenge by leveraging Infrastructure-as-Code (IaC) integrated with AI, transforming visibility directly into automated, actionable remediation. “We are essentially embedding an AI security engineer directly into development workflows,” Ian explained. “This approach significantly reduces the workload for developers and dramatically accelerates remediation.”
One key insight Ian shared resonated strongly with me: the necessity of embedding security processes “shift left” into the earliest stages of development workflows. “Embedding security directly into IDE plugins ensures vulnerabilities are addressed proactively,” he emphasized. This proactive integration effectively prevents security issues from ever entering repositories, significantly reducing costly rework and streamlining compliance.
Reflecting on Ian’s insights, it’s clear to me that cybersecurity’s future lies not merely in detecting threats, but actively preventing and resolving them through AI-driven automation. Traditional security measures alone are becoming obsolete in a world where AI-driven threats rapidly evolve and exploit any delay or oversight.
Ian also emphasized the concept of “Agentic AI,” a deterministic approach to AI application in cybersecurity that contrasts significantly with generative AI. As he explained, “In cybersecurity, accuracy isn’t optional—it’s critical. Our AI solutions are deterministic, ensuring that recommendations are precise and tailored specifically to each infrastructure context.” This approach minimizes risk, reduces the burden on developers, and ensures compliance proactively rather than reactively.
In conclusion, my discussion with Ian reinforced the urgent necessity of integrating proactive AI solutions into cloud security frameworks. Organizations that rapidly adopt these advanced AI-driven security measures will not only mitigate risks but also enable developers and security teams to collaborate more effectively, shifting from a reactive security posture to a proactive, resilient one. Organizations hesitant to embrace these AI-driven methods will find themselves increasingly vulnerable, exposed to threats evolving faster than traditional defenses can adapt.
The time for proactive, AI-driven security is now—waiting is no longer an option.
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
