The 5 key traits Menlo Ventures looks for in AI-first cybersecurity startups

The evolving landscape of cybersecurity investment: The rise of AI-generated cyber attacks and AI-powered security tools has prompted a significant shift in the criteria for investing in cybersecurity startups.

• Menlo Ventures, a prominent venture capital firm, has updated its cybersecurity investment checklist to reflect the new AI-driven era in cybersecurity.
• This update comes three years after their initial checklist, which was created in response to pandemic-driven challenges and the subsequent surge in the cybersecurity market.

Key investment criteria for AI-first security companies: Menlo Ventures has outlined five critical factors they now look for when evaluating potential cybersecurity investments.

1. Cloud-native and AI-native architecture:
   • Companies must be built from the ground up with AI at their core, not just retrofitting AI onto existing systems.
   • This approach allows for better handling of vast amounts of unstructured data and enables more precise prediction, prevention, and remediation of attacks.
   • Abnormal Security is cited as an example, leveraging advanced AI behavioral models for email security.
2. Founding teams with strong security and AI expertise:
   • The ideal founding team combines deep cybersecurity experience with cutting-edge AI knowledge.
   • This dual expertise is crucial for developing solutions that understand complex security challenges and can fully harness AI’s potential.
   • Key capabilities include scaling with large data volumes, working with current and future foundational models, efficient resource utilization, and prioritizing explainable AI.
3. Leveraging AI agents for Software-as-a-Service:

• • AI agents are seen as a solution to the growing cybersecurity talent shortage, estimated at four million professionals globally.
  • These agents can automate end-to-end tasks and human workflows, potentially addressing a $4.6 trillion opportunity.
  • Focus areas include SOC automation and AI-driven attack and penetration testing.

4. Innovative approaches to data and identity security:
   • Data Security: As AI systems process vast amounts of sensitive data, there’s a need for specialized, AI-first tools for granular governance and management at scale.
   • Identity Security: The growing surface area of machine identities (Non-Human Identities) requires new solutions, as demonstrated by recent high-profile attacks.
5. User-friendly products:
   • Emphasis is placed on tools that are “dead simple” to use, prioritizing user experience and transparency.
   • Companies that allow customers to embed their own processes into the tool are favored, as this improves user experience and drives data collection and model performance.
   • Open-source offerings are commended for providing transparency and allowing enterprises to test products before purchase.

Broader implications for the cybersecurity industry: The updated investment criteria reflect a fundamental shift in how cybersecurity solutions are being developed and deployed in response to evolving threats.

• The focus on AI-native architectures and founding teams with both security and AI expertise suggests a convergence of these two fields, potentially leading to more integrated and effective security solutions.
• The emphasis on AI agents and automation highlights the industry’s move towards addressing the global cybersecurity talent shortage through technological means.
• The attention to data and identity security in an AI-driven world underscores the new challenges and vulnerabilities that emerge as AI becomes more prevalent in enterprise environments.

This updated checklist not only guides Menlo Ventures’ investment strategy but also provides valuable insights for cybersecurity startups and established companies looking to adapt and thrive in the AI-driven security landscape.