Along with Anthropic and Google DeepMind that are secretly building cybersecurity products to carve out their piece of the $213 billion enterprise security budget.
I analyzed publicly available data to understand their cybersecurity business strategies so you can adjust yours.
- OpenAI is launching a new business unit to productize internal cybersecurity tools and projects like "Aardvark." They’re hiring full-stack, frontend, and data engineers, likely focusing on an autonomous agent that finds and patches software vulnerabilities.
- Anthropic has recruited a former SentinelOne PurpleAI product executive to lead cybersecurity products. They are likely doubling down on a strategy to become the workplace standard by developing a security assistant. A job listing also suggests a primary focus on Digital Forensics & Incident Response (DFIR), with autonomous AppSec capabilities, likely to follow.
- Google DeepMind is building CodeMender, an autonomous agent that discovers and patches vulnerabilities. They are also hiring researchers and engineers to advance Gemini’s secure code capabilities using post-training techniques. This signals an intent to add an AppSec component to Google’s vast cybersecurity portfolio, which already includes Google Security Operations, Mandiant (part of Google Cloud), and the recently acquired Wiz.
- xAI hasn’t shown cybersecurity interest yet; they’re busy building X Money.
My thoughts:
- Frontier labs are redefining application security and transforming "secure by default" from a purchased tool into a standard feature. They’re making software vulnerability detection and remediation autonomous, effectively wiping out SAST tools as we know them from the security stack over time.
- They are also changing the business model by moving from selling licenses to selling compute and creating huge adoption incentives. A hefty SAST line item ($XX * XXX developers) evaporates from a thin security budget and dissolves into a magnitude-larger compute budget.
- Finally, they are targeting headcount budgets. Autonomous security agents won’t replace experienced AppSec engineers in the near term. Instead, autonomous SOCs will make an impact on Tier-1/2 analyst headcount soon.
Happy Friday!