20MinuteLeaders | The Human Zero Day

The cybersecurity landscape is rapidly evolving, driven by advancements in artificial intelligence (AI) and the growing complexity of enterprise data environments. In a recent conversation with Dan Benjamin, VP at Palo Alto Networks and co-founder of Dig Security, it became clear that securing data and AI requires moving beyond traditional perimeter-based strategies toward more dynamic, proactive approaches.Dan brings deep entrepreneurial experience. After founding multiple cybersecurity startups, his latest—Dig Security—was acquired by Palo Alto Networks within just two years, signaling rapid adoption and market validation. His background at Microsoft and current leadership role give him a sharp lens on the intersection of AI and data security.One key takeaway from our conversation: speed is critical. “The ability to scale quickly and see immediately if something works or doesn't is critical,” Dan said. This mindset powered Dig’s growth to nearly 80 employees in two years, fueled by focus and strategic clarity.A major theme was the rise of Data Security Posture Management (DSPM). As Dan shared, when Dig launched, “more than 50% of enterprise data had already moved to the cloud,” rendering legacy security tools ineffective. DSPM answers urgent questions like: What data do we have? Who can access it? Is it protected? As companies adopt multi-cloud infrastructures, DSPM becomes essential.This transformation has also been accelerated by market awareness—fueled by VC investments and competing startups. “Data security wasn’t even a top-ten concern for CISOs initially. Within a year, it was top three,” Dan noted. It’s a reminder of how fast industry priorities can shift.And now, AI is redefining those priorities again. Dan emphasized how AI introduces both opportunity and risk. Boards are pushing for rapid AI integration, while CISOs scramble to secure it. “AI security must begin with visibility—knowing what models you’re running, what data was used, and ensuring proper compliance and access controls.”At Palo Alto Networks, around half of all data security discussions now center on AI, reflecting its growing urgency. AI isn’t just creating new threats—it’s forcing a rethink of cybersecurity strategies.But AI isn’t just a risk—it’s also part of the solution. Dan predicts that in the next five years, AI will autonomously handle many cybersecurity decisions. Already, AI tools are handling initial threat triage in SOCs, easing analyst workloads and improving response times.This aligns with what we’re seeing at Clarity, where AI-driven tools are helping counter advanced threats, from deepfakes to social engineering attacks. The shift from reactive alerts to proactive AI-powered defense is already underway.My biggest takeaway: enterprises must integrate DSPM and AI security now—not later. The threat landscape is evolving weekly. Those who delay will fall behind, while those who adapt quickly will build unmatched resilience.As Dan put it, “Entrepreneurs have limited patience—we must see rapid progress.” That sense of urgency is exactly what today’s cybersecurity leaders need to stay ahead in an AI-powered world.

15 Mai 34min

Cybersecurity is once again at a critical crossroads—this time, driven by the explosive growth of AI technologies. During a recent visit to Descope’s Palo Alto office, I sat down with CEO Slavik Markovich, a veteran in the cybersecurity space whose past ventures, Demisto (acquired by Palo Alto Networks) and Sentrigo (acquired by McAfee), shaped much of the modern security landscape. Our conversation centered around how AI is radically reshaping digital identity.Slavik and his team—collaborators for nearly three decades—launched Descope with a bold mission: eliminate passwords altogether. “Passwords are the worst of both worlds,” he noted, “hard for humans to remember and easy for computers to crack.” As AI supercharges phishing and other attack vectors, traditional passwords only grow more inadequate.Instead, Slavik advocates for passkeys—phishing-resistant, cryptographic keys stored locally and authenticated via biometrics, without ever exposing the biometric data. It's a fundamentally more secure and seamless approach to authentication.Descope’s innovation doesn’t stop there. As AI evolves into “agentic” form—digital agents acting on behalf of users—the company is tackling a new security frontier. These agents don’t fit neatly into existing models of user authentication or machine-to-machine trust. “The industry is shifting toward agentic AI,” Slavik explained, “and that’s expanding the scale and complexity of identity management.”One surprisingly common challenge they’re solving is the "confused agent problem," where digital agents unintentionally act with higher privileges than intended. Descope positions itself as the intermediary—managing progressive authorization, mediating between users, agents, and applications, and ensuring secure, compliant interactions.For CISOs and enterprise leaders, this shift presents both urgency and opportunity. AI is no longer an emerging edge case—it’s embedded in tools and workflows across organizations. Security teams must act swiftly to secure agent-driven interactions and identity touchpoints or risk falling behind.At Clarity, where I focus on AI-powered threats like deepfakes and next-gen phishing, I see firsthand how vital identity management has become. It’s no longer just a login issue—it’s the first and most critical line of defense. Security solutions must be both robust and frictionless, balancing user experience with airtight protection.Slavik also shared a personal insight that stood out to me: “We prioritize having fun. We’ve built multiple companies together because we genuinely enjoy the journey.” That mindset resonates. The best cybersecurity innovations come from passionate teams that love solving hard problems, not just building defenses.The identity revolution is already underway. Organizations that embrace passwordless, agent-aware authentication now will dramatically improve both their security and user experience. Those that delay will face rising vulnerabilities and growing user frustration.Our industry isn’t just evolving—it’s undergoing a full-scale transformation. Proactively embracing agentic AI, passkeys, and adaptive identity strategies is not just smart—it’s essential. Those who lead will define the future of digital trust. Those who don’t may find themselves struggling to catch up in a threat landscape redefined by AI.

14 Mai 26min

At nine, Roey Eliyahu was already coding. By 11, he was freelancing. His path from an IDF cybersecurity unit to founding Salt Security reflects a deep understanding of how microservices and GenAI transformed APIs from simple gateways to complex security risks. He shares why discovery, governance, and protection are now essential pillars for any enterprise navigating rapid innovation—and how early insights shaped a category-defining solution.#20MinuteLeaders #APISecurity #CybersecurityLeadership #EnterpriseTech

12 Mai 20min

By Michael Matias, CEO of Clarity and Forbes 30 Under 30 alumCybersecurity is at a turning point, driven by AI’s rapid rise. In a recent conversation with Matan Derman, CEO of Apex, we explored why integrating AI into organizations is inevitable—and why traditional security strategies must evolve to meet AI-specific threats.Derman, with a background in elite Israeli cyber units and Stanford Business School, alongside co-founder Tomer Even, quickly recognized how accessible AI tools like ChatGPT and GitHub Copilot were revolutionizing productivity while exposing new vulnerabilities. “Organizations were banning AI tools out of fear—legal, compliance, privacy, and data leakage concerns were overwhelming,” Derman shared.At Clarity, I’ve seen firsthand how AI-generated cyberattacks are escalating. Team8 reports AI-driven phishing attacks have surged over 2,000% recently. Static, reactive security models are no match for these dynamic threats.Apex’s solution? Use AI to secure AI. "We evolved from being a security company focused on AI to becoming a security company for AI, leveraging AI extensively," Derman explained. Traditional defenses can’t handle novel attack methods like prompt injection and jailbreak attacks, which trick AI models into revealing sensitive data—even through creative methods like Morse code.Organizations now face a clear choice: adopt proactive, AI-powered security or risk falling behind. As AI lowers the barrier for attackers, real-time, AI-driven defenses have become essential.Derman stressed that for AI’s true potential to be realized, it must be widely adopted across entire workforces—not just by tech experts. Yet, broader use also expands the risk landscape. Companies must urgently adopt AI-native security platforms to harness AI’s benefits safely.The cybersecurity industry is at a crossroads. AI-driven solutions are no longer optional—they’re today’s standard. As Derman put it: “Our goal was identifying critical problems unique to AI use and creating foundational security layers for future AI adoption.”The time to act is now. The future won’t wait.

6 Mai 42min

By Michael Matias, CEO of Clarity and Forbes 30 Under 30 alumCybersecurity is at a turning point, driven by artificial intelligence (AI). My conversation with Jonathan Roizin, CEO of Flow Security—now part of CrowdStrike—reinforced the urgent need for organizations to rethink data protection strategies in an era of dynamic, fluid information exchange.The Shifting Nature of Data SecurityRoizin, a veteran of elite Israeli cybersecurity organizations, has spent over 15 years tackling cyber threats. His focus on "data in motion" highlights a critical reality: data no longer sits in static environments. It moves continuously across cloud services, SaaS platforms, and APIs, fundamentally altering security needs.The stakes are enormous. IBM’s 2023 Cost of a Data Breach report revealed that the average breach now costs $4.45 million. Meanwhile, organizations use over 130 SaaS applications, a number increasing nearly 18% annually. Yet, many still rely on outdated security models that assume clear perimeters around data.The Decline of Traditional DefensesRoizin emphasized the need to move beyond legacy Data Leakage Prevention (DLP) strategies, which were designed for endpoint security and internal networks. “The boundaries have been broken,” he explained. As organizations migrate to cloud environments like AWS, Google Cloud, and Microsoft Azure, perimeter-based security models are becoming ineffective. Gartner predicts that by 2025, 85% of businesses will operate primarily in the cloud.AI as a Threat and a Defense MechanismThe rise of AI compounds security challenges. AI-powered tools—such as coding assistants and automated meeting note-takers—introduce new vulnerabilities. Employees often share sensitive information through unmonitored AI platforms, inadvertently exposing critical data. A Team8 report found AI-driven phishing attacks have surged by more than 2,000%, with nearly half using GPT-generated communications.Yet, AI also strengthens cybersecurity. Flow Security leverages AI-driven automation to classify and monitor sensitive data in real time, providing dynamic protection that traditional security models cannot achieve.The Urgent Need for Proactive AI IntegrationThe future of cybersecurity demands a philosophical shift—security cannot rely on passive visibility. Instead, AI-driven real-time interventions must become the norm. Roizin and I share a conviction: cybersecurity teams should not simply identify risks but actively prevent breaches before they occur.My work at Clarity reinforces this belief. AI-driven techniques can protect organizations far more effectively than reactive security models. Intelligent automation minimizes false positives, allowing security teams to focus on genuine threats rather than being overwhelmed by noise.Looking AheadThis conversation reaffirmed my thesis: cybersecurity must evolve alongside rapidly shifting technological landscapes. Static security frameworks no longer suffice. Organizations must integrate AI-driven defense mechanisms that adapt to the continuous movement of data—or risk falling behind.Those who embrace this paradigm will unlock unprecedented security resilience. Those who delay may find themselves vulnerable to increasingly sophisticated cyber threats.

5 Mai 36min

Artificial intelligence (AI) is reshaping cybersecurity—not just for digital threats but also for critical physical infrastructure like railways. My conversation with Miki Shifman, Co-Founder and CTO of Cylus, underscored the urgent need to extend cybersecurity beyond traditional digital domains to protect transportation systems.Railway Cybersecurity: A Growing ConcernShifman, a cybersecurity expert and Israeli intelligence veteran, co-founded Cylus in 2017 to address vulnerabilities in railway systems. Historically, rail safety focused on mechanical redundancy and human oversight. But modern trains—autonomous, high-speed, and digitally connected—face unprecedented cyber risks. As Shifman put it, “The boundaries have been broken.”Recent incidents highlight the severity. London’s railway shutdown last September exposed the economic and societal disruptions cyberattacks can cause. A similar event in New York’s subway system would ripple far beyond transportation, affecting healthcare and public safety.Emerging Threats and AI’s RoleRailway cyber threats fall into two categories: availability threats that halt train operations and safety threats that could lead to collisions or derailments. Many railway systems lack adequate encryption and authentication, making vulnerabilities deeply embedded. AI accelerates these risks—lowering the expertise needed to execute sophisticated attacks. Tools like ChatGPT enable less-experienced hackers to gain insights into specialized rail protocols, expanding the pool of potential attackers.Regulatory Response and AI-Powered DefenseWith railways classified as critical infrastructure, regulatory bodies in the EU and U.S. are mandating stronger cybersecurity measures by 2025. However, these solutions must integrate carefully to avoid interfering with operational safety.AI also strengthens defenses. Cylus uses AI to enhance threat detection, real-time monitoring, and anomaly detection while reducing false positives. AI boosts productivity across railway cybersecurity, from rapid prototyping to regulatory compliance automation. “AI helps turn compliance from a burden into an asset,” Shifman noted.The Future of Railway CybersecurityRail cybersecurity lags behind other critical infrastructure sectors, but AI provides an opportunity to leap forward. Organizations embracing AI-driven security will gain unprecedented protection—while those slow to adapt remain vulnerable to increasingly sophisticated threats.When asked about AI’s future in rail security, Shifman admitted, “We’re still evolving our understanding. But ignoring AI simply isn’t an option. This technology changes the landscape weekly.” That mindset—alert, adaptable, and proactive—is exactly what the railway industry needs today.

5 Mai 27min

Artificial intelligence (AI) is no longer a mere enhancement in cybersecurity—it’s essential. My conversation with Dr. Dorit Dor, Chief Technology Officer at Check Point Software Technologies, reinforced AI’s transformative role in defending against cyber threats. As a pioneer in Israel’s cybersecurity sector, Dorit has been shaping security strategies for nearly three decades.AI’s Expanding Role in CybersecurityFrom Check Point’s early days to its global prominence, Dorit has emphasized the need to shift from reactive threat detection to proactive prevention. “AI empowers attackers to scale their operations dramatically,” she explained. Today, targeted cyberattacks occur at mass scale, making real-time defense a necessity.The Challenge of AI-Driven ThreatsOrganizations now face AI-generated threats daily, including deepfakes and hyper-targeted phishing campaigns. Dorit stressed the urgency of stopping attacks as they happen, not just detecting them afterward. The conversation highlighted a growing vulnerability: supply chain security. Cybercriminals increasingly exploit weak links within supply chains, underscoring the importance of securing every aspect of an organization’s ecosystem. “Supply chain attacks have significantly increased,” she warned, calling for rigorous internal security among providers.AI and the Future of Cybersecurity OperationsBeyond threat prevention, AI is reshaping cybersecurity roles. “The human factor will increasingly shift from direct intervention to supervising AI agents executing defensive tasks,” Dorit noted. Traditional manual security processes are giving way to AI-driven systems, requiring cybersecurity teams to act as strategic managers rather than hands-on defenders.The Urgency to AdaptCybersecurity must evolve at the pace of emerging threats. AI-driven attackers pose a growing risk, and organizations failing to integrate AI into their security frameworks will struggle to keep up. Dorit’s perspective aligns with my own experiences at Clarity, where AI-driven cybersecurity is not a luxury—it’s a necessity. As she put it, “Organizations today need solutions that can respond automatically and intelligently. We must empower our defenses to act decisively when under attack.”Looking AheadAI stands at a crossroads: both a threat multiplier and a defensive enabler. Organizations must act swiftly to integrate AI into their cybersecurity strategies, ensuring they stay ahead of increasingly sophisticated threats. Dorit’s insights serve as both a warning and a roadmap—those that embrace AI will not just survive but thrive in the evolving digital landscape.

5 Mai 52min

Cybersecurity is at a turning point, largely driven by rapid advancements in artificial intelligence (AI). My recent conversation with Barak Schoster—a renowned cybersecurity expert and entrepreneur—highlighted AI’s profound impact on the field. Schoster, who founded Bridgecrew (now part of Palo Alto Networks), has extensive experience in advanced threat protection and innovative security solutions.AI’s Role in CybersecuritySchoster put it simply: “The boundaries have been broken.” Traditional security methods, such as endpoint protection and perimeter-based defenses, are no longer enough in an era dominated by cloud computing and fast-moving data. By 2025, Gartner predicts that 85% of enterprises will primarily operate in cloud environments, demanding proactive and adaptive security models.Emerging ChallengesOrganizations are increasingly using cloud platforms and SaaS applications, introducing new risks. AI-driven productivity tools, while boosting efficiency, also heighten vulnerabilities—through unintended data leaks and unsecured exchanges. Employees frequently use tools outside corporate oversight, raising serious security concerns. Schoster noted that open-source adoption accelerates software distribution but requires strategic monetization. “We moved from single-player mode, where developers benefited individually, to multiplayer mode, which brought real enterprise value,” he explained.AI’s Double-Edged ImpactAI both expands the attack surface and enhances defense capabilities. Schoster pointed out that deepfakes and automated phishing campaigns have significantly lowered the cost and complexity for cybercriminals. However, AI-powered security tools can automate complex tasks, improving efficiency and resilience.The urgency is clear: AI-driven phishing attacks have increased by over 2,000% in the past year alone, according to Team8. This escalation highlights the need for real-time security interventions. Bridgecrew leveraged AI for instant monitoring and security enforcement, shifting cybersecurity from reactive threat detection to proactive prevention.The Future of CybersecurityThis transformation reflects a larger industry shift. AI can dramatically reduce vulnerabilities, minimize false positives, and enhance productivity by automating critical security tasks—allowing experts to focus on strategic objectives. Schoster predicts that static defenses and perimeter-based models will soon be obsolete. “Execution, speed, and adaptability have become more important than traditional moats like IP or patents,” he asserted.Organizations must embrace AI-powered security strategies or risk being replaced by more agile competitors. As Schoster warned, “Those that fail to adapt quickly enough will inevitably be replaced by innovative, AI-driven newcomers.” The future of cybersecurity depends on agility, automation, and a forward-thinking approach.

5 Mai 43min