Rethinking Security in an Increasingly AI-Driven World

AI and cybersecurity are top strategic priorities for companies at every scale — from the teams using the tools to increase efficiency all the way up to board leaders who are investing in AI capabilities. 

At our second annual VantaCon, Andrew Reed of Sequoia Capital moderated a panel session — featuring Sarah Guo, Founder and Managing Partner of Conviction, and Anu Hariharan, Founder and Managing Partner of Avra — on how investors are thinking about security in our increasingly AI-driven world.

‍

Below we’ve summarized some of the top insights from this session. 

‍

Shifting from Understanding AI to Executing with It

The AI boom began in late 2022 as companies and consumers reacted to the launch of ChatGPT. At this time, companies were reactive in their approach to using AI as they were still figuring out what they could do with it. Conviction’s Guo says we’re now in the planning, execution and experimentation phase: “This year was a year of capability building for boards and teams — understanding if we have the agility and understand the risk.”

‍

To meet this new wave of technology, businesses had to expand to execute appropriately. This requires specialized technical teams, machine learning operations teams and large data sets. Guo says that business leaders have quickly adjusted their operations to meet the needs of AI implementation. “I've never seen so many technical and business leaders embrace a change as aggressively,” Guo says. “You see a lot of CEOs, management teams and founders say, ‘We're going to try to become an AI-first company.’ That hasn't happened in the last decade with a change I've seen.” 

‍

Protecting from AI attacks — with AI 

“If defenders do not use these new machine learning capabilities, attackers certainly will. And they are,” Guo says. As AI capabilities advance, attackers can get into your systems more intelligently. However, AI also provides organizations with advanced protections against attacks. 

Avra’s Hariharan says that it’s not just about how soon an organization can resolve an issue; they need to prevent them from happening in the first place. “If you are a large public company servicing 200 to 300 million users and you have one of these attacks or you have a data breach,” Hariharan says, “that's millions of dollars of revenue lost. Even if you had a six-hour outage, that's unacceptable.” 

She says businesses today need to stress-test their systems and be proactive about mitigating security issues: “It's become more real-time and dynamic. It can't be done once a quarter. That's why you're seeing a portion of the audit meetings being dedicated to cybersecurity.” 

And this is more than just a short-term priority. Hariharan spoke about a recent conversation with a CISO about promising investment areas. The CISO told her that as time goes on, security will only get more important. “Cybersecurity is only going to get more complex over 30 years,” Hariharan says — seeing this as a lasting investment area as technology gets more complex and hackers get smarter with AI.  

‍

Driving More Efficient Security Is a Priority  

“Fifteen years ago, automation was about efficiency, and today AI is making automation intelligent,” Hariharan says as a former automation engineer. Among AI and cybersecurity, efficiency is a top priority for boards today. And, thanks to recent AI advancements, cybersecurity is becoming more efficient and intelligent. 

Guo shares that efficiency is an important priority for CISOs. They want their security team to be on the offensive and look for ways to improve their organization. “I've never seen security people be so open to things like compliance testing and operations automation,” Guo says. “The board understands the efficiency of doing the same thing better and faster.” 

“The promise of most new technology is that you can do things you couldn't do before,” Guo says. And while there is inherent risk when bringing on any new technology, she adds, automation and AI are already making our world more secure. “There are a lot of things that make us more secure that are driven by automation and AI already,” Guo says. “Vanta is an obvious one.”  

‍

Incoming Infrastructure Changes Following AI Wave

Moderator Andrew Reed, of Sequoia Capital, shares that infrastructure changes happen in decade-long cycles and that we’ll start to see larger changes as a result of this AI wave. “With the potential new vectors introduced by AI, the nature of trust on the Internet is going to be disrupted very quickly,” Reed says. He adds that it will be important for companies to ensure they can trust all the vendors they rely on and that businesses will need to prove trust to their customers, as well. And as the importance of trust increases, organizations will need to make sure they’re capable of handling change in what Reed calls a “very fast-moving trust environment.”

Hariharan compares the transformation that will follow AI to the shift that came after the iPhone, which changed the way people interact with technology and access services: “To me, it feels like every product that we have used is fundamentally going to be redesigned, rethought of and changed.”

This guest blog is part of a Channel Futures sponsorship.