Ep120: Tommy Barav | Founder and CEO of Supertools

In the age of AI agents, cybersecurity is shifting from focusing on identity to addressing agency. Autonomous agents, which act and reason like humans but operate at machine speed, are being created on the fly. Traditional identity management tools—like user directories and group policies—are ill-equipped to handle these ephemeral, unpredictable entities that can take action and disappear before a human can even react.CyberArk’s SVP and Head of AI, Data & Research, Avihay Nathan, describes this as an unprecedented challenge. His team is tackling it with a three-part framework:Secure from AI: Defending against new AI-driven threats.Secure with AI: Using AI to augment human defenders and reduce alert fatigue.Secure of AI: Protecting organizations from the AI systems they themselves are deploying.Many companies are overwhelmed by the rapid adoption of agents without understanding what data or systems these agents can access. This creates a trust crisis, and they are now looking to security vendors for solutions.CyberArk is mapping out a new agent lifecycle, from discovery (how many agents spun up?) to observability, access control, behavior monitoring, and governance. The key insight is that securing these agents requires understanding their context: what data they touch, what tasks they perform, and why they act in a certain way. An agent's behavior is often "zero-shot," meaning it can act without a history, so context is the only way to anchor and secure its actions.To build this new vision, CyberArk underwent its own transformation, shifting from a traditional company to an AI-native startup mindset. This involved creating a centralized AI and data group with full ownership and educating the entire organization on the importance of data.Avihay believes the proliferation of agents will continue as companies prioritize productivity. The new security promise is not just to block threats, but to enable innovation—helping organizations adopt these powerful new technologies both confidently and safely.

3 Sep 37min

By Michael Matias, CEO of Clarity and Forbes 30 Under 30 alumFor decades, cybersecurity vendors have armed defenders with dashboards filled with red alerts. But they rarely delivered solutions. As Tsion (TJ) Gonen put it in our recent conversation: “97% of tools just showed you a red screen that said, basically, ‘you suck.’” No remediation. No action. Just fatigue.That paradigm is ending—and AI is the catalyst.Gonen, a veteran cybersecurity leader and founder of Protego Labs (acquired by Check Point), has spent three decades watching the industry wrestle with inefficiency. Today, he sees a profound shift. “Security teams don’t want more tools,” he told me. “They want outcomes. They want closed loops.”This point echoes what Dorit Dor, CTO of Check Point, told me: AI isn’t just another layer of detection. It must act—autonomously and in real-time. At Clarity, we see this daily as we intercept deepfakes and AI-generated phishing attacks that move too fast for human intervention.But before the shift to AI, Gonen argues, the security industry was already in trouble. Too much noise. Not enough signal. “Cybersecurity reached a tipping point even before AI,” he said. “People began to question if the whole model was working.”AI, he believes, doesn’t just enhance existing tools—it reshapes the game. From reducing product development costs to enabling automated response, AI democratizes defense the same way it democratized attack. “The ability to close loops automatically is what makes AI transformational,” he said.It’s a point that also came up in my conversation with Shahar Peled of Terra Security. Shahar talked about replacing manual pentesting with agentic AI. Gonen’s vision is broader: don’t just find issues—resolve them, immediately and autonomously.Yet many founders, he warns, still fall into the same trap: mistaking incremental tech improvements for true breakthroughs. “Real differentiation isn’t just in the tech,” Gonen said. “It’s in how well you integrate into operational workflows.”This distinction—between technology and execution—reminds me of what Tsion (TJ) shares with leaders like Tom Mes: the CISO’s job has become impossibly complex. What they need now isn’t another blinking dashboard. It’s simplicity. Precision. And trust.Looking ahead, Gonen doesn’t expect a flood of brand-new threat categories. Instead, he sees opportunity in rethinking how we solve familiar ones. “You don’t have to invent new problems to build great companies,” he said. “You just have to solve the old ones better—with AI.”The future, he believes, belongs to startups that deliver true operational integration and seamless user experience—not flashy tech for its own sake. His call to entrepreneurs: don’t bolt AI onto your platform. Build with it from day one.My biggest takeaway? The next generation of cybersecurity leaders won’t be judged by how many alerts they generate. They’ll be judged by how many threats they prevent—automatically.We’ve reached a breaking point. Organizations that embrace AI as a core strategy—not just a feature—will define the next era of cybersecurity.About Michael Matias:Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.

3 Sep 46min

Shirin Anlen traces her path from interactive storytelling to safeguarding human‑rights evidence at WITNESS. She explains how today’s scale, personalization, and ease of manipulation fuel “reality apathy,” empowering leaders to dismiss inconvenient truths as “AI.” Beyond any single tool, she argues for equitable standards, privacy‑aware provenance, usable detection, and media literacy that fits real newsroom and fact‑checking workflows—especially outside well‑resourced markets. The episode challenges tech and policy teams to treat trust as infrastructure and to involve the global majority in designing it.

1 Sep 21min

With decades in cybersecurity, Benjamin Corll has seen threat landscapes evolve from simple antivirus battles to AI-driven social engineering. For Corll, every breach traces back to people—both as the strongest defense and the weakest link. In this conversation, he unpacks the persistence of ransomware and business email compromise, the rise of AI-assisted fraud, and why criminals increasingly “log in” instead of “hack in.” He explains why defense in depth must integrate technology with human training, process checkpoints, and zero trust principles. Most importantly, Corll shares how to make awareness programs relevant, engaging, and role-specific—turning employees into active sensors who strengthen security culture from within.

27 Aug 32min

From disappearing people in videos in the late 1990s to shaping AI and vision systems at Intel, Tal Hassner, Chief Scientist for Computer Vision, has watched synthetic media evolve from lab curiosities to global challenges. In this conversation, he dismantles the idea that “is it fake?” is the central question for security. Instead, he lays out a three-pillar approach—provenance, attribution, and integrity—that can outlast the arms race between deepfake creators and detectors. Drawing on decades of research and product experience, Hassner explains why harmful content remains harmful regardless of its origin, and why enterprises must shift from chasing fakes to building trust into their systems from the ground up.

21 Aug 41min

From phishing tests to AI-driven impersonation scams, Joshua Scarpino has seen firsthand how the human element remains the most critical factor in cybersecurity. Drawing on his experience across organizations from NIST to Trust Engine, he explains why technology alone can’t safeguard an enterprise. Instead, effective defense comes from a culture where security is personal—linked to daily habits and values employees carry beyond the workplace. With threats evolving faster than traditional training can adapt, Scarpino shares how bite-sized, relevant, and personalized awareness programs not only reduce risk but transform how teams think, act, and protect.

14 Aug 16min

How do you protect an organization when every link in the chain can—and will—fail? Ira Winkler, NSA veteran and author of You Can Stop Stupid, unpacks why human error isn’t the root of security breaches—it’s the visible tip of deeper systemic gaps. From smashing the myth of awareness-as-strategy to advocating for consequence-driven behavior change, Ira brings sharp wit and decades of hands-on insight. His stories span black-bag hacks, social engineering triumphs, and boardroom-level shifts needed to reimagine how we address human vulnerabilities in a world of zero days.

13 Aug 34min

What happens when your “meatspace” identity can no longer keep up with your digital life? Daniel Flowe, Head of Digital Identity at the London Stock Exchange Group, takes us inside the tectonic shift reshaping how we verify who we are online. From the flaws of content-based systems to the promise—and risks—of government-issued e-IDs, he unpacks what equitable, secure, and scalable identity should look like in an AI-infused world. With insights drawn from India, Africa, and beyond, Daniel reveals why the West is lagging—and what we must do to catch up.

9 Aug 18min