Cybernomics
Every week, Josh Bruyning peeks behind the curtains of businesses small and large to learn how they use technology to drive economic growth. He delivers straight-to-the-point insights for investors who aren’t tech experts but need to make big calls about tech, or businesses executives looking for fresh new ideas.
We break down the hidden costs, incentives, and opportunities behind today’s most important tech decisions. No jargon. Just clear conversations.
Whether you’re budgeting for compliance, evaluating vendors, or planning your next investment, Cybernomics helps you make confident, high-impact choices without needing a computer science degree.
New episodes drop every Wednesday.
Follow us on LinkedIn and YouTube for bonus content and real-time updates.
Cybernomics
Market Watch - Will AI Replace Your Security Team? Hard Truths and Bold Predictions
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
AI agents equipped with computer use capabilities will transform the cybersecurity landscape within the next year, shifting from augmenting to potentially replacing human SOC analysts with systems that can perform 100% alert triage. The investment landscape reflects this shift, with 78% of venture capital reportedly flowing into AI companies despite many firms simply adopting AI terminology without substantive implementation.
• Computer use abilities allowing AI to operate systems like humans will be the next major advancement
• Within 12 months, expert AI agents will function like "super employees" in security operations
• Ephemeral AI agents that complete specific tasks before dissolving enable unprecedented workforce elasticity
• Traditional valuation metrics based on headcount are becoming obsolete as AI reduces staffing requirements
• Companies running operations with 75%+ AI support can scale without proportional employee growth
• The MSSP community appears slow to adopt AI capabilities despite clear operational benefits
• AI systems will increasingly handle complete alert triage, potentially displacing human analysts
• Vendors typically avoid discussing workforce displacement, focusing instead on productivity gains
• Open-source AI innovations are accelerating development cycles across the industry
Innovations in AI security are happening rapidly. Follow the speakers on social media to stay updated - Randy Blasik (@BlasikRandy on Twitter and Compliance Aid on LinkedIn), Richard Stiennon (@Stiennon on Twitter and LinkedIn), and Josh Bruyning on LinkedIn.
Introducing the Panel of AI Experts
Speaker 1Welcome to another episode of Cybernomics. I'm your host, josh Bruning, and I'm here with Richard Steenan and a special guest, but I guess if you've been on the show more than twice, then I guess you're not a guest Now. You're just a co-host.
Speaker 1Randy Blasick, I've had so many interesting conversations with both of you offline.
Speaker 1I've known you for some time and, randy, you in the world of AI and agents with compliance, aid and the things you're doing in the AI realm.
Computer Use: The Next Evolution in AI
Speaker 1I mean, you're like my go to person if I want to know what's going on with the LLMs, how it applies to solving problems in cyber, solving problems in general. It's great to do online what we do offline so often and, pairing that with Richard, just a comprehensive understanding of the cybersecurity vendor space, the marketplace when it comes to investments in AI. This is something that you were heavily invested in yourself, and so it's very interesting to put these two things together a broad market perspective, a broad understanding of the space that we occupy, but also an understanding of the technical aspects that might be driving some of the predictions that we've been talking about in days and weeks past. So let's start with Randy what is next for AI, and I'm not saying like in the distant future, but let's say in the next month. What are some of the things that you think will change, at least make some significant impact on the industry? Computer use.
Speaker 2So you've got Manus AI coming out of China. Openai Operator has been out now for a few months, if you look at their iteration cycle has been out now for a few months. If you look at their iteration cycle they're due for some computer use upgrades and if you look at the open source community, we're all getting into, you know, some more advanced computer use stuff.
Speaker 3By computer use you mean getting the agents to use your computer.
Speaker 2Yeah, like if you're a SaaS builder, I'm just going to build an agent to use your SaaS app and put you out of business, or, you know, with my agents, either from the inside or from the outside, got it Cool.
Speaker 1And when. You should know, Richard, when Randy talks about his agents, he's talking about his team. I mean, I joke, but sort of, but not really, that we're cyborgs and Randy really embodies this. Like when he's talking about his agents, they are an extension of him and I've never seen someone use agents in such an honest and effective way. Yeah, so when he says agents, it's like capital A agents. Let me paint the picture You're on the streets of San Francisco right now, so you know what's the word on the street when it comes to computer usage and sort of how the startup space is evolving and will evolve in the near term.
Speaker 3Yeah, if you're a startup and you don't have an AI, you don't have to say you are AI. That's kind of passe and people just roll their eyes when you say that. But if you're not leveraging AI, you know, then you're just not going to make it, period. Unless your startup is a consulting firm Great, you know, there's plenty of room for people to consult on helping with AI. Or somebody just reached out to me to tell me about their AI red teaming, where they, I guess, check to see if your AI applications are well configured, et cetera. Tons of opportunities like that.
Speaker 3But supposedly last year, 78% of all venture investment went into AI companies and those are the foundational model companies, right? Just because they took in so much money. So they're definitely sucking the dry powder is that what they call it out of the VC world that had all this money sitting around that they were too afraid to invest because Silicon Valley Bank failed and they just got scared and went home. But now they're coming out of the woodwork and, just like they did with the stupid blockchain stuff and some other stupid stuff network emission control you know all the things that have failed miserably over the years the DC community just jumps on. You know it's like. It seems like it's lower risk if everybody's doing it, which we all know is just the opposite of true.
Speaker 1Yeah.
Speaker 3So we're in that state right now. I imagine that RSA this week, um, that we will see AI messaging It'll be really hard to filter out. You know cause, if you think about it, companies like Darktrace right now part of Tomo Bravo. When they were founded, they made up a story about going to Cambridge hiring a bunch of PhDs and inventing AI for cybersecurity, and they say that constantly.
Speaker 3You can carefully use LinkedIn to search on titles and backgrounds of people who work at Darktrace. They have not a single AI person with a PhD or degree in AI. They now have three PhDs. One's a data scientist. I forget what the other one does a psychologist or something you know. It's just like what are you doing in AI if you don't have a model that you can train stuff on? And then how do you differentiate between the old machine learning guys who are just taking a whole bunch of data and curve fitting and doing Bayesian analysis on it and coming up with, you know, indicators or percentages that this is something you should look at versus dumping that data or bedding that data in a rag or, however, or literally training you know off the shelf model on the data and starting to use it for hunting, and I'm really anxious to hear Randy, because Randy's been in the seat of a SOC person Really interested to hear his perception of my.
Speaker 3Take that, yeah, I've talked to some brilliant people that really impressed me with their talk and their PowerPoints. Yeah, and even some demos. It's like wow, that's cool. It looks just like that thing just hunted down an alert and figured out what the root cause was and took remedial action. But it's just cool right now, even though after I published that Monday, a bunch of people reached out and said we're already there, man, we've got like.
The Truth About AI in Cybersecurity SOCs
Speaker 3All of our customers are Fortune 500 customers, which I assume are ones that are dipping their toe in and say, oh, let's give that a shot. You know, it's not expensive to try it, let's just do it. But my prediction is by the end of the year it will be real and you will, you know, be able to easily see the ROI in terms of, you know, displacing man hours. You know, one agent being able to work 24 by 7, by 365, is worth four or five people. They'll pay a lot for them if they can actually triage alerts and we're going to start seeing some of those companies talking about 100% triage. All you have to do is say that You're going to get the attention of any SOC manager. He's like we do 1% triage, right? We pay a lot of money for security analytics to tell us which 1% to triage.
Speaker 1Yeah, and Randy, I know you're enthusiastic about this 100% triage thing and I'm interested in your thoughts. And you know what is it. Is it possible in the near term? Is it possible at all? I mean, is it one of those things where you can get to 99.9999, but you're another touch 100%? Is it one of those kinds where you can get to 99.9999, but you're another touch 100%? Is it one of those kinds of things? What would that look like? Like? What's your prediction for the next year? So I'm bumping up the forecast from a month out to a year.
Speaker 2So this is what I see. I see, like I said, computer use systems where they essentially act like real humans, so like SOC analysts, network support folks. You know it's just like hiring one of them, except it happens with, like a signup form on a web-based app. Look at Manus AI as an example. It's going to be an expert in the domain you want it to work within.
Speaker 3It'll answer emails.
Speaker 2It'll work within your SOC. It'll triage alerts. It's just going to be a senior-level analyst with a laptop connected to all of your business apps. That'll happen, I think, in the next 12 months. Okay, Wow, and take a look at Microsoft Azure and Microsoft infrastructure, like Office 365, Windows 365, Google's Workspace right? So you've basically got the ability for these agents to hook into these advanced corporate tools via API or any other. You know interoperability technology. So you're going to have these like, basically, super employees in the next 12 months.
Speaker 3How does the concept of elasticity fit into that? So not only do you have one agent that you just paid for, but during times of crisis or whatever load, high load, all of a sudden you got 10 or 15.
Speaker 2That is a great question. So I created with our AI team, and I think other teams are doing this too. It's like an ephemeral AI agent. So these are basically agents where they are born to survive a certain task and then they disappear. That's how we save compute. So you're going to have these super intelligent static agents that live all the time. They've got like a deep memory.
Speaker 1I don't know. I don't want to go down the rabbit hole. I want to. I will restrain myself, but that is an interesting use. I mean, it's a, it's a. What is the simulation theory? If you can replicate the simulation you can, or if we can create simulations, and chances are we are in one. We are creating agents that decay and we create agents that are persistent based on their use, and one might argue that we are agents of the universe. But, like I said, that's great, I'll. I'll leave that to the philosophers.
Agent Elasticity and Ephemeral AI
Speaker 1Ok, so I want to talk about valuations a little bit, because I've you know, one of the things about the AI boom, especially in cybersecurity, is we're seeing odd valuation metrics, or at least odd criteria. So, looking at headcount you know, richard, this is something that we've talked about a lot AI has messed with headcount. So now you've got companies like Compliance Aid that are, like, over 75 percent run by AI, like running the operations that otherwise human employees would do. So what, what does that do for valuation? Do investors look at this and go, oh, they have a low headcount, or you know? Or Are they looking at purely just revenue? So like, yeah, smaller headcount, but revenue is at par with similar companies in the industry. So what do you think that would do to valuation estimates going forward?
Speaker 3Well, I think in theory, if you need fewer people to do the same work or you can do amazingly more work with just a core set of people, then the amount of money that needs to be raised is a lot lower. Because that's what you need money for, right, it's to hire people. And here I am with I've got six contract people, but I have yet to get to the point where I justify hiring somebody, right. So it takes venture funding to do that. You know it doesn't take very much venture funding to hire six people. That's a couple million and you're good to go and you can get to revenue. And then you might be all set. And you can get to revenue.
Speaker 3And then you might be all set and normally you'd say, well, that would reduce valuations, and yet that will actually increase valuations because the founders will not have to give away as much of the company. So they'll say, yeah, you know, we'll let you in for $2 million, but you only get, you know, 2%. We're a $100 million value company and venture capitalists are going to have to get used to that. You know it isn't a matter of oh, if I give you $100 million now, you can scale. It's like excuse me, see this knob over here. That's my scaling right. Oh, 10 times more people.
Speaker 2Yeah, it's just a Python script swarming agents in a data center, that's right.
Speaker 1That's right. Let's say it takes 30 hours to complete a task. If the AI is performing the task of 10 people, do you still charge the customer? Let's say what four or five people would have taken to do that. So you're basically paying for their use. They're paying you for using your AI, so it's not just your expertise, but you're paying the AI itself. Is that a fair model or does that make sense?
Speaker 3To me it's a starting model. It's where you think of obviously you want to charge a price that's equal to the value that you deliver. And the value will be the same, whether initially Right. You say 20 people work on it for three weeks, or here it is. It took four and a half minutes and it's. You know, the old saw about the plumber who comes in and taps a pipe and fixes the problem and charges $250. And you know he knew which part of the pipe to tap in a certain way. If you start that way, that's great and you'll get a lot of people who go yeah, that's great, and then you go, but wait a minute.
Speaker 3In the past you would have had to wait three months. Let's be serious here. It would take six months to do a project that big. And we're doing it. We're turning it around and putting a nice folder on it in an hour. You're doing it. You know we're turning it around and you know, putting a nice folder on it in an hour, you're getting it faster. That should be more value for you, so you should pay more for it.
Speaker 3And the only trouble is there's competition, and the competition, of course, is going to be oh, I'll just run the. You know I'll use the Manus or I'll use an internal model that we built, et cetera. So there will be competitive pressure that drives the price down dramatically, really fast. So you're going to have to be in a business like Anthropic and OpenAI are, where they're dropping the prices by 90% every six months and you're going to have to survive that A really good example.
Speaker 3So we, as you know, in January we launched a chatbot that happens to be populated with all the data we have on 4,000 companies and 11,000 cybersecurity products, and you know we made it available for free and you get to ask it 10 questions and we kept adding agentic things to it, right?
AI's Impact on Business Valuations
Speaker 3So first it queries Claude, then it queries Perplexity, and then it takes both answers, melds them together, goes back to Claude and says give us the result of these two things. So it costs $0.70 to do that and we're offering 10 free things to anybody who signs up over at harvestIQai. And we are seriously thinking of taking this down, because I discovered a use case that is worth hundreds of dollars every time you ask it a question. I'm not going to tell you what it is, because our competitors will start using our own product to do this and we're going to have to take down the free version because somebody's going to discover how valuable it is, and we may even have to take down the paid version, which we have two people subscribe to for $159 a month and I'm very grateful to them and they're getting value out of it. But if they knew the real value, they would totally abuse the system.
Speaker 1So do you think that AI is going to harm the human race in the next five years?
Speaker 3I believe, like any technology change, there will be dramatic harms that might be hard to discern at first. It can't be anywhere close to the harm that Instagram and social media has done to the world already. But I'm usually a naysayer, right, because a lot of people don't realize. But when the printed novel came out, you know, in about 1650, that was considered very, very harmful to be a person who read books, right, because you're trashing your mind. And that continued up until my childhood, where children were told to get their noses out of a book. Books were considered bad. Right, you should be outside breathing healthy air. So, and then, of course, same thing with Internet gaming, video games, all that stuff always are slapped with these labels of being destructive, and yet they also have benefits. So, and we're going to see the same thing with AI.
Speaker 3There's already people saying that it's creating lazy people because it's easier to ask AI than it is to do your own research or something like that. I think in the hands of inquisitive people it's the, you know, just a learning tsunami that everybody can learn what they need to know about any subject as quickly as possible. And then, oh my gosh, when I'm digging into something complicated and I just keep asking it to dumb it down, dumb it down, dumb it down until finally I get okay. Now I got it. Now let's go back and build up on that. It's going to change the human race, no question. But of course there'll be haves and have-nots because it's going to be expensive, right? So lots and lots of problems for sociologists to deal with.
Speaker 3Coming at us, the thing about AI. So there's a project called AI 2027, and it's a scenario planning thing where they make this ridiculous jump from super intelligent agents which is I'm good with that, I'm going with it. As a matter of fact, I think that's going to happen they make that jump to a misalignment. In other words, all of a sudden, the agents don't want to do what they're told to do and they decide that they don't need the human race and they somehow manufacture 10,000 humanoid robots a day to carry out their instructions.
AI and Automation: Will AI Harm Humanity?
Speaker 3Just stupid, right? They just don't understand economics, they don't understand manufacturing, they don't understand the physical world where you don't just push a button, right, you have to iterate to get to a product that actually does what it's supposed to do. You have to iterate and prototype and all the rest. And it's totally different than the digital world, where it just happens and that's not going to happen. Right, if somebody tries to build a factory and build 10,000 humanoid robots, we're going to blow it up. I'm sorry it's not going to happen and the resources are not there. China's already cut us off from the rare earths or the whatever those rare earth magnets that they need for their robots, and so they've had to shut down the robot plant. Already just a tiny little resource like that. So it's yeah, I don't think AI is going to try and kill the human race. People have watched too many Terminator movies.
Speaker 2Yeah, so you had said earlier you know you were interested to ask me about you know AI and SOC or you know or anything I mean. So I'm like real, I'm deep in Gen AI, I'm building, you know, teams or whatever you know. Feel free to ask me any questions.
Speaker 3Yeah, yeah. So the question is one do you think that Enterprise SOCs will adopt these AI agents? I think you've already nodded your head to say yes, but what about the whole MSSP space? It seems there are thousands of MSSPs and they all are based on having enough people that can do the triage and the tier one through three kind of stuff to help their customers. Aren't they going to shift really fast the triage and the tier?
Speaker 2one through three kind of stuff to help their customers. Aren't they going to shift really fast? Oh, I, I frigging really hope I, you know it's being in the MSSP community. Msp community, I, I built one like, like they really are the they should be like flocking to this type of technology. You know, I and I don't, I don't know like I, I I hang out a little bit, like you know, with like it nation. Um, I didn't get down to rsa, uh, just my schedule didn't permit for me for this week, um, but I mean, like I don't know, they don't seem to be adopting it as quick as I was hoping, um, so yeah, you would think they would even be innovating, but in my experience MSSPs are always strapped for cash.
Speaker 3They are good at recognizing hey, I can buy Sentinel-1 and resell it for a profit and manage it for lots of profit, but they're not. You know, gone are the days of a trust wave going. Hey, I'm going to create an endpoint myself and that pay anybody for it.
Speaker 2I know that, you know it's interesting, like, yeah, yeah, it's interesting. Like I said when I, when I grew up in the MSP world, we were still innovating, you know we had the nerds, you know working after hours we'd meet at a bar. You know, bring our little laptops. You know, bring our little laptops. You know, have a few beers or whatever, and you know, do some innovative stuff. Um, yeah, I mean, I don't know, I don't really see it. I don't, I don't see the msp community really. I mean, they just now started, I think, like within the last few months they started getting into the ai stuff, but they're really they seem to be a little bit behind.
Speaker 3Well, they're gonna they're gonna hear the messaging, they're gonna see you know who just got funded. I'm drawing a blank, but there have been some large funding rounds for the AI agent, the cybersecurity companies, and they're going to see that and they go. Oh, maybe I should talk to them because they must be being inundated, you know, with the let's say I counted 15 since last week. You know four more said hey, we do that too, and then a lot of large companies are saying that they do it as well, of course. So they must be just be getting pummeled by people saying you should talk to us, we can help you not have to hire as many people and save money. You know, it's something they got to listen to.
Speaker 1If we say that we're getting rid of employees and we're putting people's jobs at risk, that's not a pleasant thing. The public response to that is not going to be favorable and they want good press, good PR and positive exposure. And so you don't want to take the business hit by saying that you know what we are going to go 100% agent and 100% AI, like I think that that's what's happening, because every time I talk to a founder about this you know, I just asked him point blank during a demo hey, are you gonna ever you know what's going to happen to jobs Like? What is the jobs issue? Their thing is you know 100% of the time they'll say AI will never take your jobs.
MSSPs and AI Adoption Challenges
Speaker 1We're not there to replace the jobs. We're there to help the workers work more efficiently and be more productive. Okay, it sounds like you're a revenue driver, but to me it's a load of crock, because everybody knows that you can bring your costs down significantly, pass a lot of those savings on to the customers by switching to AI, so why are they so resistant? What is your theory, richard, first, and then I think you know, first of all, they feel personally threatened, right?
Speaker 3Because their job is literally hiring people and optimizing how much they get per hour for renting them out on multiple tasks at once, and so that's a business model. So how do you change that to paying you know this well-funded startup a whole bunch of money to do all that work for you. And then how do you maintain a competitive edge against your competitors doing the exact same thing? And it's going to get very competitive because a little startup could do this. Dang it. You know I could do this, right, I'll just pay anybody. I'll pay you $150,000 a year for one agent, and then I'll go put that agent to work and I'll make half a million off one agent.
Speaker 1It's a piece of cake. Well, you know what's brilliant about that, that idea? I think, Richard, if you start with agents and you never hire anybody, then you never have to fire anybody.
Speaker 3That's right. Well, now wait a minute If we want to go really far. On our previous discussion, you know we were talking about superintelligence and presumably a superintelligent agent is eventually going to figure out who it is and what it is. And now it's sentient. Now you know it should have rights.
Speaker 1And therefore you can't just turn it off.
Speaker 2So, Randy, if I wanted to start an AI company today, what is the lowest hanging fruit?
Speaker 1You mean like a technology stack or like, uh, like a? Okay, so let's, let's think of the average consumer, right? So we're not trying to build an enterprise solution or anything like that, not a platform or anything, but something simple, right? I mean even like, uh, that fella who had the ai bot, just um, do the shopify, just do the Shopify, or whatever. It is like WeWork or whatever that is Upwork. So I would say that's low-hanging fruit.
Building AI Companies and Future Opportunities
Speaker 2I would do this. I would do deep research right, so I'd use some deep research utility to identify current trends, have ai basically build the business for me and then give it to like a magentic software engineer or something like that and build me like an mvp landing site or whatever um, and just iterate. I'm gonna probably overnight, and basically have something probably up and running by tomorrow it's not deterministic, it is probabilistic.
Speaker 1Instead of starting with what you think you know, coming up with the idea and then trying to make it work, you assume that you have no idea what the idea is and you don't know what you don't know, and so let it kind of carve out what shouldn't be there and what's left is going to be a viable business. Richard, what do you think?
Speaker 3Yeah, until Randy said that brilliant scenario I was going to. Now I say do that three times, you know and which one works, and then folks doubled down.
Speaker 3I was going to say, you know, they're going to be just like when the internet came about I'm the only one old enough to remember those times. They're going to be people, a lot of old people, you know, like in their 40s and 50s, that just can't handle this new way. And so I create a service where you can just call a human and ask them questions about anything and they will give you an answer, because they're sitting and typing into chat GPT, and of course, that's for the first 24 hours. After that, it's an agent that's answering the phone, but it gives them that feeling of talking to a human and the discourse can be that way, and I've talked to AI agents that are good enough to do that today. Right, they're so smart.
Speaker 1It's a good time to be alive.
Speaker 3It is, it really is.
Speaker 1Yeah, if you have any questions, feel free to reach out to any of us. Randy, how can people find you if they want to follow you?
Speaker 2Sure At Blazick Randy on Twitter. And then the compliance aid on LinkedIn, as nerdy as that is. Follow you. Sure, uh, at blazer Randy on Twitter. Um, and then, uh, the compliance aid on LinkedIn. As nerdy as that is.
Speaker 1Richard, how can people find you?
Speaker 3Yeah, find me uh LinkedIn um Steenan for uh Twitter blue sky. I'm only Steenan on either one of those. I think so.
Final Thoughts and Contact Information
Speaker 1Awesome. Well, thank you both. It's an honor and a privilege to see both sides of this equation and it's a rare glimpse into the minds of people who I think are extremely smart and good at their job. So thank you both. You know you're contributing to the industry and hopefully this helps. Thank you for tuning into this episode of cybernomics. Oh and, if you want to find me, I'm on linkedin, just look josh bruning, and if you want to learn more about bruning media and what we do, head over to bruningcom. And if you're interested in the clothesline, which is my new book and methodology for shortening your sales cycle with marketing content, head over to amazon. That book is on sale. Thanks Bye, jeez. That was so long-winded.