People who know me, knows how I like to put forward my point using analogy from some nice books I have read over the years. And today, its not different where I try to explain why AI is reshaping the entire Security offering by using analogy from "Who moved my cheese" — a beautiful book that resonates perfectly well with the kind of change we are seeing unfold in the last few months.

AI is all over the news, with projects like MOAK, Project Glasswing and some of the others trending on Linkedin. The limelight nonetheless has been stolen by Mythos and it is causing shivers in the world of security vendors. Security stocks have taken a hit and they continue their downward journey. My guess is they are not returning to their previous level anytime soon.

People who have invested in these stocks are no morons. They invested when they saw the opportunity and knew where the market was headed. And now they are cashing out, probably because of the same reason. They know where the market is headed. And its not good news for many vendors — for the cheese has moved and this time the maze is not as simple as it used to be when a new 4 letter acronym arrived and vendors simply changed their marketing strategy. The shift this time is significant. And it is causing ripples throughout the security vendor landscape.

The Mice and Little People of the security maze

We all can at least agree that the cheese has shifted. If you don't agree with me, this is a good time to stop reading the rest of the article. But just like in the book, there will always be Sniff & Scurry and then there will be Hem & Haw. My personal opinion is that most of the big Security vendors like Palo Alto, Crowdstrike, Cisco, Microsoft etc are definitely Sniff & Scurry. They know that the cheese has moved and they are already adapting their strategy. Partnering with Anthropic clearly gives them a head start that would lead to long term gains for them. I believe Google is also in the same league and so are some of the other established vendors. Many other vendors will soon follow.

Where are Security buyers in all this

When I say the cheese has moved, what I really mean to say is that the value proposition for Security vendors has shifted. In order to understand this shift we have to look at how these vendors came into being in the first place.

Last decade was the golden era for security vendors. A lot of VC money poured into security as the society really took a giant leap towards a digital first world. This was an opportunity seen by many and quite a few security companies went public and became unicorns (at least on paper). A lot of point solutions flooded the market. These point solutions marketed themselves as the best in breed and thus demanded premium. Vendors paid premium, believing that they will strengthen their Security posture and will keep the bad guys away. As many of them have realised in the last few years, that was the wrong assumption and a really bad strategy.

Multiple security tools caused unnecessary tool sprawl, the security team became even more burdened, juggling their tasks between multiple tools and consoles. And to top it, these tools did not talk to each other. Does this sound familiar? More than 30 security buyers I have spoken to in the last couple of months share the same sentiment.

AI, coupled with broken promises from security vendors has shifted that game significantly. What used to be a product until last year, has suddenly been reduced to a feature set. What used to be a full Premium Product has become a commodity feature in the grand scheme of things. Security buyers have become smart, based mostly on their experience in the last decade, where they know that point solutions are more pain than gain. That is also the reason MSSPs became the go to choice for many enterprises since MSSPs hide the underlying tool complexity and work on the outcomes.

Platformization will be the only moat long term

AI has reduced the time to prototype an idea from months to minutes. Every Monday I open my Linkedin, there are at least 10 posts showcasing the weekend vibe coded solution — from Threat Intel Platforms to Detection Engineering workflows to a replacement of Monday to a ticketing system.

AI companies will cannibalise a large portion of the security market. The first to be cannibalised will be the point solution vendors, and we have already started seeing this unfurl. The trend will continue. Some of what used to cost 100K last year, can now be delivered in less than 10K. Many service oriented offerings can (or will soon be) automated by Claude or other similar LLMs.

Platformisation will be the moat for the coming 5-10 years. Security buyers can now build their own point solution over the weekend. What they cant easily do are three things:

1. They cant build a production ready solution as it takes more than just vibe coding. Building an ASM that scans 20 subdomains vs 20000 subdomains requires a very different mindset. And while we can ask Claude to build a scalable solution, no one will understand when it fails silently.

2. They cant build a connected data flow since the knowledge resides across multiple teams with differing priorities. This leads to vibe coded point solutions running on a laptop.

3. They cant yet build an end to end optimised workflow and a knowledge graph of their entire security landscape across SecOps, ITOps and GRC. This requires knowledge, right mindset, capable teams and a will to do. These things become scarce as the organisation grows. In addition they definitely can't operationalise AI Agents at scale to make sense from this data and reduce the burden on their team.

This is where the future is headed: An AI enabled Security Fabric sitting across the entire security program, working mostly autonomously, end to end.

Organisations who will move towards consolidating multiple use cases in a single unified platform will be better positioned to build an AI led security strategy within their organisation. And this requires a top-down approach — from Strategic to Operational — rather than bottom up where a person or team vibe codes a solution over the weekend and tries to pitch it as the next best thing.

Conclusion

Value of Security solutions have shifted. There is no denying this fact. But it has also opened multiple opportunities both for vendors and organisations. Organisations realise that they need to strategically think about AI enabled security and this needs to be a roadmap rather than a point in time exercise. Vendors have also realised that point solutions will die in the next two years and AI enabled platforms that consolidate multiple use cases for an organisation are the only way forward. More for less will be the mantra for the coming two years.