Cybersecurity in the Time of AI and “Enough Noise”

It’s now Man versus Machine – Time for solution consolidation and fresh thinking at the CISO level, not patchworking or quick-fixes.

Security teams are at war. They're battling well-funded adversaries – from state-sponsored actors with multi-billion-dollar budgets to sophisticated cybercrime rings and black-hats-for-hire. They’re armored for battle, but many are drowning under the weight of an average of 76 security tools, each adding to the cacophony of alerts and noise.

The attackers, meanwhile, are in their prime. Armed with a new generation of AI-driven tools, bad actors are driving up the rate of successful breaches, phishing attacks, credential theft, supply chain vulnerabilities and social engineering exploits. Notably, ransomware is on the rise, with over half (52%) of attackers motivated by financial gain in 2023 (compared to 48% in 2022), according to a Mandiant report.

Every company’s security program is held together by brittle tooling, worn-out processes and fatigued security operations centers. New threats are emerging daily, and with them, new breeds of security solutions. But responding is not about having more tools.

In fact, our conversations with CISOs reveal the opposite – security leaders are saying, “enough noise.”

Modern security teams are increasingly turning toward solutions that do more with less – platforms that consolidate and automate without creating superfluous alerts. Tools that are integration-friendly and actually reduce work. In other words, nobody wants another dashboard. Too many panes of glass stacked against each other create an opaque window. In 2025, cybersecurity is about simplification, consolidation and automation.

AI is transforming the security landscape on two critical fronts: it’s both creating new avenues for attack and equipping us with advanced methods to secure familiar ones. And as we witness this shift, here’s what we’re excited about in the next generation of security solutions:

Re-Inventing Traditional Areas

Not long ago, companies were eager to prosecute well-intentioned security researchers who disclosed vulnerabilities in their apps and codebases. Over the 2010s, the dynamic flipped and companies began incentivizing broader vulnerability finding through bug bounties, CTFs and red-teams. Today, teams are drowning under an ocean of sev1 alerts, with no way to operationalize them. AI puts the operator back in control, in several areas of the modern security program.

Vulnerability management

Finding, prioritizing and patching only the vulnerabilities that actually matter has historically been a grudgingly manual process, leading many CISOs in our network to ditch VM entirely.

A new cadre of startups is emerging to automate each part of the process. Foundation models make it easier to do continuous red-teaming, strategically conducting offense against the company’s defenses in creative ways to discover and test exploits. Researchers in the BCV Labs community have authored papers illustrating ways to prompt-tune and fine-tune foundation models to act offensively.

Red-teaming can help uncover the reachable exploits from the outside-in, but what about all of the vulnerabilities that inside-out tools discover? Normalizing and integrating all of these alerts into a security data fabric has historically been a complex undertaking. Various founders are using language models to solve the security data fabric, from ingesting telemetry from security tools, to integrating it with feeds of data and intelligence from other sources, to reconciling schemas, to actioning the vulnerabilities that matter.

Security operations

Eventually, all roads lead to the SIEM. Prophet Security and others are rapidly deploying across the SOC to automate alert investigation and response, helping operations teams stay afloat. In some cases, customers have found a 90%+ reduction in their tier-1 SOC workload, enabling all analysts to become tier-3 analysts, only focusing on the investigations and alerts that actually matter. These products use the agentic nature of modern language models to structure comprehensive validation strategies and generate remediation plans instead of relying on brittle runbooks or manual intervention.

Many of the CTOs in our customer advisory networks have robust engineering processes defined with SLIs, SLOs and a centralized PaaS. Security teams generally lack this level of adherence to standard process, due in part to the unpredictable, high-intensity nature of the role. More companies are process mining on the SOC to uncover and automate novel workflows that are manual today, without having to specify a runbook a priori.

Insider risk

Identity is still the #1 source of breaches, despite most security teams having some combination of IAM, IGA and PAM. AI agents exacerbate the problem, behaving as extensions of ourselves and transacting on PII, financial data and more. Companies like Smallstep and Pomerium have made strides in securing machine-to-machine communications through PKI and certificates, as well as re-defining the network perimeter around the identity.

We’re equally as excited about the potential to secure agent authentication, manage just-in-time access for developers and offer trust to companies that are on the fence about adopting agentic workflow systems. A new identity stack will emerge to support this area.

Supply chain & cloud security

The more interesting AI products that emerge, the more that third-party and supply-chain risk increase. We’ve found, in our work with Viso Trust, that security teams are increasingly frustrated about not being able to manage or administer the AI tools that employees are keen to use. Viso Trust uses language models to automate third party risk assessments and management, reducing vendor onboarding times by orders of magnitude.

Onboarding new vendors faster helps business teams move faster, but security teams must rely on the ProdSec and supply chain security programs at each of those vendors. The software supply-chain is becoming more abstruse – code-gen makes it easier for everyone to ship code, including bad actors trying to corrupt popular open-source projects. Companies like Stacklok, Qwiet and others make it possible to build systems that are secure-by-default, with automated scanning and code-patching done automatically. As the percentage of open-source projects continues to rise across the enterprise, Stacklok is among the solutions that not only helps teams maintain security, but organizations understand what code can be trusted.

And when something suspicious does happen, CSPMs and CNAPPs are able to flag potential events and identify entry paths with great fidelity, but also with great noise. Companies like Sysdig have launched AI assistants that help analysts process the alerts, misconfigurations and warnings that are rife in most cloud environments and get to a secure state.

More Surface Areas, More Problems

Vishing and smishing

Every security team knows: their program is only as strong as their weakest employee on their worst day. Attackers know this, too. They have been using off-the-shelf voice cloning techniques to generate phishing, social engineering and voice fraud attacks.

We see the same levels of consumer fraud and insider risk with smishing over SMS and iMessage. We’ve not yet seen a scalable solution that detects when speech or text is likely to be generated with malicious intent and protects employees from these attacks. There are likely ways to integrate these types of products with VoIP products like Zoom as well as company-monitored messaging services.

Ransomware

The average ransom payment is $1.8M, according to Crowdstrike, but the business impact is much higher (estimated at $10-15M) given loss of essential data, operational downtime and damage to reputation.

Ransomware has become a growing threat in recent years due to its ability to evade traditional malware detection methods. It has evolved from being a hacker’s side hustle, to enterprise-level targeted big game hunting operations conducted by sophisticated cybercriminals and nation state actors. Not only is a ransomware attack costly, but it is widespread.

According to the Office of the Director of National Intelligence, ransomware attacks rose 51% between October 2022 and September 2023. Further, there are 4,000 attacks daily, per the U.S. Department of Justice.

BCV portco, Halcyon, has a singular focus on combating ransomware. They have built a multi-layered prevention engine that integrates with existing security measures to identify and block both known and unknown ransomware strains before they can execute. In the event of an attack, the platform captures encryption keys and facilitates automated decryption, enabling rapid data recovery without the need to pay a ransom.

And they arrived in the market at a good time. Ransomware is ‘more brutal’ than ever in 2024, despite increasing police and government crackdowns.

AI Security

The most critical part of the software supply chain today is arguably the intelligence that companies are baking into their products and operations en masse. Foundation models are easily manipulated, prompt-hijacked and misused by employees filling the context window with PII and company secrets. In addition, these new products can often be a source of new vulnerabilities, with most AI startups (with the exception of large labs) lacking any security personnel at all until they reach scale. Companies like Straiker have rapidly diffused through the enterprise to help security teams understand, govern, manage and protect AI use at their companies.

Cybersecurity in the AI Era Requires Process and Product overhauls

Just as technology makes building software products easier, it also lowers the barrier to entry for attackers to use once-sophisticated techniques at scale against an unsuspecting workforce. And as threat environments expand with attacks generated by traditional and new threat actors from nations to hackers to AI, it’s crucial for CISOs and security teams to keep in mind that process, not just product, is key. Fixing your processes opens up the potential for breakthroughs in security.

At BCV, we’re excited to partner with security entrepreneurs to re-invent traditionally hard problems and face the challenges of tomorrow. If you’re thinking about these areas at the earliest stages, reach out to rgarg@baincapital.com. If you’re scaling a company in one of these areas, reach out to sojha@baincapital.com.