At what pace and to what extent will AI agents be deployed? #AI
While there is already initial success in certain (pretty trivial) categories, such as customer support and certain sales-centric workflows (and a few other ones), will AI agents be able to conquer more territory within other workflows in fortune 2000 companies already this year, including more infrastructure-heavy ones (e.g. in devops, cyber, data engineering and others)?
Will 2025 finally be the year where the cyber stack gets shrunk instead of expanded? #CYBER It’s been over a decade that security teams have been (rightfully) complaining about the evergrowing cyber stack. More infrastructure and threat verticals necessitate new product categories. There are more than a few startups trying to provide consolidation with innovative approaches, on top of the large security vendors and their bundles - will they manage to finally move the needle?
Is the typical LLM going to remain a horizontal jack of all trades, master of none? #AI Is the advancement vector for large models always going to be horizontal, everyday tasks for consumers and basic enterprise workflows or will they manage to penetrate into complex, highly regulated, vertical workflows?
Could AI agents finally be the answer to the age old question of how do you dethrone the system-of-records of the world? #AI CRMs, ERPs, EMRs and others - and their respective incumbents - have been almost undisruptable since the late 00’s, with the SaaS wave being the last to make a dent in these categories. With AI agents’ ability to automate input & output data workflows - could we finally have a substantial penetration use case to disrupt these data-heavy, ultra-sticky systems?
Is everything LLM-security-related becoming a real category or is it a subset of existing product verticals? #CYBER While governance is certainly going to be a heavy-duty task with everything LLM-related, is there a case for a new public company to emerge out of the LLM security wave of startups (emphasizing security, not governance)? Or is the superset of data, network and other existing security categories still protecting the periphery of LLMs in a sufficient way, so that only early adopters will require a specific LLM security product in the next couple of years?
Are the existing data governance and security platforms suitable for the next generation of data-centric AI-heavy applications that organizations are going to adopt in the next couple of years? #DATA #CYBER The data infrastructure landscape has continuously been changing in the past decade and the security stack has chased it throughout, with DSPM and other clusters focusing on these emerging cloud data lake/houses. But now that data is not only leveraged for BI, but increasingly for AI-centric workflows - will the meaning of what it is to secure and govern data change?
Is the adoption of GenAI capabilities by threat actors going to be incredibly swift in 2025 or is it a gradual process for the next 5 years? #AI #CYBER GenAI-centric phishing and deepfake-centric vishing are only the tip of the iceberg in terms of how GenAI can be leveraged by threat actors, and it is only a question of when, not if, that these will change the threat landscape meaningfully. So how rapidly is it going to be and is there enough interest and motivation for threat actors to adopt it in a creative and comprehensive way?
With how prevalent and harmful ransomware attacks have been in the past few years, are security teams going to adopt new ways of preparing themselves? #CYBER Ransomware attacks are inevitable. So many fortune 2000 companies out of the financial and healthcare sectors (among others) have been hit by them in the past few years. We have certainly not exhausted the means in which we can become more proactive in how we protect and manage our data before, during and after a breach. How effective will security teams in 2025 be in taking a more proactive approach in preparation for the next wave of ransomware attacks?
Are organizations going to deal with customer data leaks differently? #CYBER The post-breach reaction from many organizations has been quite lackluster to the recent wave of leaks, which in turn causes an amplified negative effect to these leaks/breaches. Will organizations become more mature and transparent in how they deal with these leaks, both in light of recent new regulation but also to avoid PR nightmares?
Will startups find a way to better handle the tough RnD buyer? #DEVTOOLS The old build vs. buy dilemma for the RnD buyer is realer than ever. In combination with a significant hesitance toward expanding budgets for devtools, it makes it a difficult g2m for startups wanting to reach their Series A criteria rapidly. There are still startups that manage to pull it off, but more often than not, they are slow burners which take a few years to gather meaningful momentum. Are new dynamics going to be introduced in 2025 that change this equation?
Will more organizations double down on integrating their unstructured data into their existing BI workflows? How mature will this integration be by the end of 2025? #DATA It is now pretty obvious that the most meaningful untapped goldmine of data that can actually move the business needle is the unstructured data hiding in plain sight in organizations’ emails, PDFs, IoT logs, call transcripts and whatnot. While we see single departments leverage these sources in a siloed fashion, organizations are now adopting more company-wide strategies to leverage their unstructured data in a more comprehensive way, as AI is so unstructured-hungry. But how quickly will we see this taking place?
Will more cyber startups target remediations rather than posture? And is it possible to create a horizontal remediation-centric startup rather than a vertical one? #CYBER Apropos question #3 and the ever expanding cyber stack, security teams are naturally asking for more remediation/automation centric solutions in 2025. But many previous attempts have been quite vertical (e.g. appsec-centric), so that the ROI was limited for their adoption. It is a significant technical and operational challenge to introduce a more horizontal approach to tackling these remediation challenges - will startups manage to pull it off soon?
Will we finally manage to meaningfully disrupt cyber categories that are begging for a change, such as TPRM, SIEM and others? Or are they too complex for early stage teams to navigate in? #CYBER There are categories that will forever remain as a top-of-the-list pain without a mature enough ROI equation for the buy-side to actually solve. Is TPRM one of those? While there were several startups tackling this category in the past few years with some success, the domain remains hard to crack, as are many other problems that involve coordinating a network of organizations instead of just one simple buyer/adopter.
Will we see more Cyber startups trying to disrupt product categories that are on-prem heavy? #CYBER Many CISOs will tell you that the vast majority of their infrastructure is still on-prem and startups are far too quick to focus on cloud-based infrastructure and apps (understandably, by the way). Is the fact that on-prem environments are not on a growth trajectory, but are still gigantic in absolute market terms, enough to justify startups tackling them?