Tonic’s CEO on Navigating the AI Revolution in Cybersecurity - From Hype to Tangible Value
From adoption trends to startup strategy, this conversation digs into real use cases, market dynamics, and what the future could look like as AI becomes a core part of the security stack. This is the full transcript - no filters, just insights 👇
Laurie: AI is exploding across industries. Have you seen AI change the cybersecurity landscape over the past year?
Sharon: Absolutely. AI has dramatically reshaped cybersecurity. On the defensive side, we’ve seen huge leaps in threat detection, code analysis, and incident response. Vulnerability management has lagged behind but is now beginning to catch up with the concept of Exposure Management. At the same time, attackers are adapting too, using AI for malware development, full attack kill chain implementation and targeting LLMs as a new attack surface. It’s a game of constant evolution on both sides. And unfortunately, they are operating much more freely and unfettered than the defenders, who are burdened by bureaucracy, budget, politics and regulation.
Laurie: What is the role that Agentic AI is playing in cybersecurity and is it really providing tangible value, or just hype?
Sharon: Agentic AI has the potential to deliver substantial gains in exposure reduction and analyst productivity, but the market is split between demonstrable value and “agent-washing” hype. It’s true that the marketing buzz is high and that many “agentic” claims are re-skinned chatbots or basic playbook automation. But if done properly, the right technology, with a compelling business case, and sufficient guard-rails, agentic AI can move security operations from reactive, ticket-driven mode to continuous risk reduction. Agentic AI is at the “early value” stage of the hype curve - not yet mainstream, but no longer speculative. At Tonic, we’re leverage agentic AI to allow security teams to discover exposures, rank them by business context, validate the exploitability and facilitate actual remediation.
Laurie: From your perspective, are CISOs adjusting their budget to accommodate this AI-driven shift?
Sharon: Definitely. Budgets are shifting to AI capabilities. More and more we're seeing increased spend on AI-powered threat detection, response automation, and advanced analytics.
Laurie: What are the biggest challenges companies face when trying to integrate AI into their cybersecurity strategies?
Sharon: Integration isn’t always smooth. One major hurdle is managing the privacy, security and regulatory risks that come with AI. LLMs require large datasets for training, which may include sensitive corporate or customer information. If not handled properly, this can lead to data leaks. Also, attackers may exploit LLMs through prompt injection, data poisoning, or adversarial attacks to extract confidential data or manipulate responses. And then there’s the reliability issue. LLMs can sometimes produce inaccurate or misleading information. Legacy systems can also be tricky to integrate with as running AI in real-time demands serious compute power. That’s why I usually suggest starting with trusted off-the-shelf AI solutions rather than building everything in-house.
Laurie: And of course there’s always skepticism around new tech. How do you get security leaders to trust an AI-powered solution?
Sharon: It comes down to clarity and proof. You need to show that your solution actually solves a real problem and delivers measurable results. Being transparent is crucial, especially when it comes to explaining how the system works, how data is handled, and how it aligns with compliance standards. If you can do that and show it doesn’t disrupt workflows, you’re in a much stronger position.
Laurie: There’s no shortage of AI-powered cybersecurity startups right now. From your experience, what strategies have worked or failed in standing out from the crowd?
Sharon: The successful ones focus on solving real pain points and clearly show ROI. They make sure their AI is explainable and easy to integrate into existing systems. Where many stumble is in overpromising what AI can do, ignoring compliance or creating tools that are too hard to deploy or operate. It’s easy to get lost in the noise, but staying grounded in real-world value makes a big difference.
Laurie: With large cybersecurity firms already integrating AI into their products, what do you see as the role of startups in this evolving ecosystem?
Sharon: Startups are absolutely essential. They bring speed and creativity to the table, diving into specific problems that bigger players often don’t have the agility to tackle. This flexibility allows us to explore innovative approaches and build specialized tools. Often, it's these startups that push the boundaries and end up being acquired or integrated into the broader ecosystem.
Laurie: And then there’s the build vs. buy dilemma. Should companies develop their own AI-based security tools, or rely on external solutions? What factors should drive that decision?
Sharon: Building your own AI tools might make sense if the company has very specific needs, serious privacy concerns, and significant available and capable resources in-house. But in most cases, it’s just not practical. Developing and maintaining custom AI systems takes a lot of time, resources and expertise. Most companies find that third-party solutions offer a quicker, more cost-effective path forward. It’s also easier to scale.
Laurie: If we fast-forward five years, how do you see AI shaping cybersecurity? What breakthroughs or risks should we be preparing for?
Sharon: In five years, I think AI will be handling a lot of the day-to-day tasks in SOCs, freeing up analysts to focus on more complex issues. Passwords might be replaced by continuous authentication and behavioral biometrics. AI will also become more predictive, stopping attacks before they even happen. But alongside this, we’ll face new risks like AI-driven attacks, biased models…It’s a double-edged sword.
Laurie: Finally, what’s one misconception about AI in cybersecurity you’d love to clear up?
Sharon: The idea that AI is going to replace security teams is just wrong. AI is a force multiplier. It enhances human decision-making; it doesn’t replace it. The focus should be on how AI can make security teams more effective, not obsolete.
AI is undoubtedly reshaping cybersecurity, and we’re just scratching the surface of what’s possible. Sharon’s insights sheds light on what’s real, what’s hype, and what’s next. Curious how AI can turbo-charge your Continuous Threat Exposure Management (CTEM)? Learn more.
Sharon has over 25 years of experience in cyber, intelligence, and operations. His journey began in Israel’s elite military intelligence units, where he served in leadership roles such as CISO and CIO of the Home Front Command, and later as COO of the Intelligence Analysis Division. After that, Sharon transitioned into the private sector, leading business development and delivery at Sygnia, a top-tier incident response and cybersecurity consulting firm. It was during this time that he identified a critical unmet need across the industry. That realization led to the founding of Tonic, which sits right at the intersection of cyber, data, and AI.
