A few of us @slow have become increasingly convinced that the first major victims of AI will be the cybersecurity oligarchs (Palo Alto Networks, Crowdstrike, Zscaler, etc).
The deck with our fuller take is here. Shoutout to Rob Bair, Ed Sim, Nicole Perlroth, and Kevin Mahaffey for helping push the thinking here (to be clear, I am not saying they all agreed 😉)…
People are very confidently talking about their ability to adapt to an AI-native threat environment. This sounds reasonable: attacks are more automated, so let's make our defenses more automated too. Add intelligence. Add agents. Go faster. It sounds right but feels like continuity, not innovation.
The security stack we rely on was designed for a very different world. Humans had intent and machines executed instructions. The gap between each was legible. Identities could be mapped. Access patterns were knowable and predictable. Abnormal behavior could stand out of the noise. Firewalls, identity systems, zero-trust architecture, endpoint protection—all of them operate on assumptions of how actors behave, what risk looks like, and where the boundaries are.
Autonomous systems seem to break all of these assumptions all at once.
Behavior is now generated dynamically, adapts in real time, and often looks statistically normal. The unit of risk is no longer a packet or credential, it's a system going after an objective across time and layers.
So far, it seems like we're treating this like an acceleration problem. Smarter models on existing stacks, faster correlation, automated responses. Run on the same primitives, the same assumptions but do it at machine speed. I can't imagine that's the answer.
Incumbents are optimized to extend their platforms, not abandon the core premise. Crowdstrike will build better agents, Okta will add ML to identity. Not sure either will ask whether it's even right to start from 'endpoint' or 'identity'.
I have no idea what the right solution looks like. But I think it'll involve rethinking the core premises around identity, trust, and containment- not accelerating the current thinking.
The real opportunity isn't upgrading the stack - it's questioning what still makes sense at all.
ALSO I'm in NYC next week - if anyone out there wants to hang, let me know!