[web_stories title=”true” excerpt=”false” author=”false” date=”false” archive_link=”true” archive_link_label=”” circle_size=”150″ sharp_corners=”false” image_alignment=”left” number_of_columns=”1″ number_of_stories=”5″ order=”DESC” orderby=”post_title” view=”circles” /]

“One of the key things to understand about cybersecurity is that it’s a mind game,” Ami Luttwak, chief technologist at cybersecurity firm Wiz Chief , told TechCrunch on a recent episode of Equity.

“If there’s a new technology wave coming, there are new opportunities for [attackers] to start using it.”

 As the digital landscape evolves, the shadows of cyber threats grow ever darker. Ami Luttwak, the chief technologist at Wiz, paints a vivid picture of how AI is not just a tool but a double-edged sword that transforms the security battlefield. With each passing week, he witnesses the relentless rise of sophisticated attacks targeting even the most secure enterprise environments, emphasizing that the journey towards AI adoption is fraught with peril. Luttwak’s insights reveal a crucial urgency for enterprises to embrace AI not only as a means of innovation but as a vital shield against an increasingly complex threat landscape.

“And if you look at the [attack] flow, AI was embedded at every step,” Luttwak said. “This revolution is faster than any revolution we’ve seen in the past. It means that we as an industry need to move faster.”

Luttwak pointed to another major supply chain attack, dubbed “s1ingularity,” in August on Nx, a popular build system for JavaScript developers. Attackers managed to unleash malware into the system, which then detected the presence of AI developer tools like Claude and Gemini and hijacked them to autonomously scan the system for valuable data.  The attack compromised thousands of developer tokens and keys, giving attackers access to private GitHub repositories.

Luttwak says that despite the threats, this has been an exciting time to be a leader in cybersecurity. Wiz, founded in 2020, was originally focused on helping organizations identify and address misconfigurations, vulnerabilities, and other security risks across cloud environments.

Over the last year, Wiz Chief has expanded its capabilities to keep up with the speed of AI-related attacks — and to use AI for its own products.

Last September, Wiz launched Wiz Code that focuses on securing the software development lifecycle by identifying and mitigating security issues early in the development process, so companies can be “secure by design.” In April, Wiz launched Wiz Defend, which offers runtime protection by detecting and responding to active threats within cloud environments.

Luttwak said that it’s vital for Wiz to fully understand the applications of their customers if the startup is going to help with what he calls “horizontal security.”

“We need to understand why you’re building it … so I can build the security tool that no one has ever had before, the security tool that understands you,” he said.

‘From day one, you need to have a CISO’

The democratization of AI tools has resulted in a flood of new startups promising to solve enterprise pain points. But Luttwak says enterprises shouldn’t just send all of their company, employee, and customer data to “every small SaaS company that has five employees just because they say, ‘Give me all your data, and I will give you amazing AI insights.’”

Of course, those startups need that data if their offering is going to have any value. Luttwak says that means it’s incumbent upon them to make sure they’re operating like a secure organization from the start.

“From day one, you need to think about security and compliance,” he said. “From day one, you need to have a CISO (chief information security officer). Even if you have five people.”

Before writing a single line of code, startups should think like a highly secure organization, he said. They need to consider enterprise security features, audit logs, authentication, access to production, development practices, security ownership, and single sign-on. Planning this way from the start means you won’t have to overhaul processes later and incur what Luttwak calls “security debt.” And if you aim to sell to enterprises, you’ll already be prepared to protect their data.

“We were SOC2 compliant [a compliance framework] before we had code,” he said. “And I can tell you a secret. Getting SOC2 compliance for five employees is much easier than for 500 employees.”

The next most important step for startups is to think about architecture, he said.

“If you’re an AI startup that wants to focus on enterprise from day one, you have to think about an architecture that allows the data of the customer to stay … in the customer environment.”

For cybersecurity startups looking to step into the field in the age of AI, Luttwak says now’s the time. Everything from phishing protection and email security to malware and endpoint protection is fertile ground for innovation ‚ both for attackers and defenders. The same is true for startups that could help with workflow and automation tools to do “vibe security,” since many security teams still don’t know how to use AI to defend against AI.

“The game is open,” Luttwak said. “If every area of security now has new attacks, then it means we have to rethink every part of security.”