Insight Partners https://www.insightpartners.com/ Scaling the Future of AI Mon, 29 Jun 2026 19:00:51 +0000 en-US hourly 1 https://www.insightpartners.com/wp-content/uploads/2023/02/cropped-WP_theme_P_tp-1-32x32.png Insight Partners https://www.insightpartners.com/ 32 32 Command Zero is betting big on AI-native defense compressing response time https://www.insightpartners.com/ideas/command-zero-ai-asymmetry/ Fri, 26 Jun 2026 13:42:47 +0000 https://www.insightpartners.com/?p=27968 Cybersecurity has long been defined and dogged by the same problem. Defenders have to get it right every time. Attackers, once. AI has made that asymmetry more marked. Attacks from AI-enabled adversaries increased by 89% from 2024 to 2025, according to CrowdStrike’s 2026 Global Threat Report, and the fastest observed breakout time — the speed […]

The post Command Zero is betting big on AI-native defense compressing response time appeared first on Insight Partners.

]]>
Cybersecurity has long been defined and dogged by the same problem. Defenders have to get it right every time. Attackers, once. AI has made that asymmetry more marked.

Attacks from AI-enabled adversaries increased by 89% from 2024 to 2025, according to CrowdStrike’s 2026 Global Threat Report, and the fastest observed breakout time — the speed at which an attacker moves from initial access to another system — was 27 seconds.

But Alfred Huger, CPO and cofounder of AI-native cyber investigation platform Command Zero, thinks that that asymmetry might now be shifting in defenders’ favor.

“AI is finally giving us the opportunity to get in front of a problem that we’ve always traditionally been well underneath,” he says.

“[AI] presents an opportunity to at least level the playing field. And that’s not a truth that I’ve had in the last 30 years of building products.”

The agentic security operations center (SOC) space is crowded in 2026, with Microsoft, Google, CrowdStrike, IBM, and a long tail of startups talking about autonomy, alert correlation, and mean time to respond (MTTR) compression. But what will it really take for that asymmetry to bend, and is it happening now?

On the attacker’s clock

An asymmetry also exists within defense. There is a difference between what a Tier 1 analyst can do with a set of alerts and what a Tier 2 or Tier 3 analyst can do with exactly the same data.

“The outcome is almost entirely dependent on the skill set of the person who’s in front of the problem, and that’s one of the things that AI helps level out for everybody,” says Huger.


Read Command Zero’s founding story: How Command Zero is redefining incident response in the age of autonomous cyber defense


In a typical breach investigation at a well-resourced organization, he says, it takes “anywhere from 90 minutes to four and a half hours to actually define whether you’re looking at an incident.” Command Zero compresses that to roughly seven minutes.

Set that against the average breakout time for an attacker in 2025: 29 minutes, a 65% increase in speed from 2024. AI enables defenders to respond on the attacker’s timescales, or better, whether they’ve been on the job for 10 days or 10 years.

Most of this time is taken up not with incident response, but actually figuring out what went wrong.

“It’s time lost scrambling…extracting the right data from the right places, finding out where to get it, who owns it, how to access it, and then trying to tie all of these disparate things together into one coherent narrative. When you’re dealing with 30 spreadsheets and a variety of data, that’s word of mouth, a Slack channel, et cetera.”

In other words, not work that humans really want to do. And it only really pays off when a senior analyst is doing it, because they have the experience and hard-won instinct to know where to dig and what to look for. Agents can now do all of that grunt work, while the human moves up the stack to judgment.

Encoded experience is the moat

That doesn’t mean Agents replace decades of expert investigative knowledge, but rather Agents are used to encode and scale it. And that, Huger believes, is the new moat.

“The barrier to entry for everything is both narrowed, and it’s very shallow. So the question is, how do you become successful when code is not the barrier?”

He thinks the answer is the business-specific context that makes an Agent useful in a specific environment. APIs and data integration, he argues, are the easy part.

Most data sources have APIs, they’re fairly well structured, and they’re easy to integrate with. The hard part is the institutional knowledge that turns telemetry into investigation — who owns the asset, why it matters, who the VIPs are, what normal looks like for this VIP user, and what the Agent should expect.

“We spend a lot of time codifying that knowledge and then marrying it against the business context of where we’re deploying,” says Huger. “And when you couple that up with experience from somebody who’s been through thousands of real breaches, you end up with an Agent that’s highly capable.”

“Nothing beats the hard-earned experience of an incident responder or somebody who has lived in these problems.”

Doing more with more

That’s why Huger doesn’t agree with the common narrative that AI in the SOC will immediately replace entry-level analyst roles.

“I’ve yet to meet a CISO who intentionally wishes to trim their budget. This is a space that has far more problems than hands, and that’s not likely to change anytime soon…I don’t think that the best approach right now is to…assume that you can cut staff with it. You can — but I don’t know that that’s the wisest decision to make.”

He frames it in terms of capacity rather than efficiency. Most Command Zero customers, he says, use the speed gain to do more, such as investigating issues they had previously triaged away, running threat hunts they couldn’t staff, and getting ahead of problems instead of always being on the back foot.

“They can certainly do more with less, but in many cases, they can simply do more with more.”

Over-reliance on automation could erode the exact investigation skills SOC teams need over the next several years. The Agent that handles archaeology ultimately depends on humans who have the expertise and judgment to correct it, retrain it, and tell it what to look for next.

Entry-level security analysts will no doubt find parts of their roles changing because of AI, but most organizations will want to continue employing them, because they are the future higher-tier analysts who will orchestrate the Agents.

As Dov Yoran, CEO and cofounder of Command Zero, put it last year, “You’ll certainly still need those Tier 2 and 3 [analysts] that have the experience…Where are those going to come from, if you all of a sudden kill your Tier 1 footprint?”

The end of asymmetry?

This is probably not the end of the fundamental asymmetry of cybersecurity. But there does seem to be a way of bending it in the defenders’ favor, and not in the way that “agentic SOC” makes you think.

It is a future more human than a fully autonomous SOC. The tools and platforms that actually bend the asymmetry will win on the depth of the context and expertise they carry into a specific environment, and how much the AI uplevels everyone on the team, regardless of experience. And it will depend on organizations that use what they gain in speed to do more, rather than using it as a license to do the same with less.

If the agentic SOC is anything, it is the freedom to do more with more.


*Editor’s Note: Insight Partners has invested in Command Zero.

The post Command Zero is betting big on AI-native defense compressing response time appeared first on Insight Partners.

]]>
How AI is rebuilding America’s primary care system https://www.insightpartners.com/ideas/ai-primary-care-innovation/ Wed, 24 Jun 2026 13:07:54 +0000 https://www.insightpartners.com/?p=27784 Nearly half of U.S. primary care physicians report burnout — one of the highest rates among high-income countries — and administrative burden is the top reason. Primary care physicians (PCPs) would need to work nearly 27 hours per day to complete all recommended care and administrative tasks, and it’s costing the system $260 million annually […]

The post How AI is rebuilding America’s primary care system appeared first on Insight Partners.

]]>
Nearly half of U.S. primary care physicians report burnout — one of the highest rates among high-income countries — and administrative burden is the top reason. Primary care physicians (PCPs) would need to work nearly 27 hours per day to complete all recommended care and administrative tasks, and it’s costing the system $260 million annually in turnover alone. More physicians are leaving. And the patients who depend on them most are being left without a front door into the healthcare system.

At Insight Partners, we believe the cycle of increasing resources with steady, suboptimal outcomes must end. AI, used thoughtfully by PCPs, is a powerful lever. Paired with creative care delivery models, AI offers the greatest hope for stronger outcomes, lower costs, and excellent care regardless of socioeconomic background or geography.

The cost of healthcare is rising, yet outcomes are not improving

U.S. health insurance premiums have skyrocketed over the past 30 years, growing around 6% annually, far outpacing inflation and wage growth, but outcomes have remained mixed. For example, while mortality rates from chronic illness have decreased, life expectancy has stagnated, and chronic illness prevalence has increasedThe U.S. has the lowest life expectancy, the highest maternal mortality, and higher admissions for chronic ailments compared to peer nations. The U.S. does lead, however, in the ability to treat many chronic illnesses, such as cardiovascular emergencies and post-operative complications. 

As healthcare spending rises, population health is not improving — only our ability to treat late-stage chronic illness. 

Why is this the case? 

A primary care system stretched to its limits

The primary care crisis isn’t just a supply-and-demand mismatch — it’s the product of decades of structural choices. The way physicians are trained, paid, and asked to practice has made primary care an untenable career, even as the need for it grows.

More patients, same system

Demand for primary care in the U.S. is outpacing supply — driven by an aging population, a more health-conscious public, and a healthcare system that increasingly routes everything through a single front door.

The numbers tell the story. Average new patient wait times have surged from around 20 days in the early 2000s to over a month in 2025 as demand for care has skyrocketed and physician supply has lagged. But the wait time is a symptom, not the cause. Three converging forces are driving the pressure.

The first is demographic. The U.S. population is aging rapidly, with Baby Boomers driving a significant increase in the number of Americans aged 65 and older. Older patients often live with multiple chronic conditions, see specialists more frequently, and need more from their primary care providers — placing real strain on a system that’s already stretched thin.

Baby Boomers in the US
Source: ChildStats.gov

 

The second is behavioral. Rising health literacy, direct-to-consumer healthcare advertising, and the proliferation of consumer health information online have led patients to be more proactive in seeking care. Preventative screenings, mental health services, and chronic disease management have all seen increased utilization as awareness grows, expanding the demand placed on PCPs who serve as the entry point to the system.

The third is structural, and in many ways the most stubborn. As medicine has become more specialized, PCPs have often become referral coordinators rather than comprehensive care providers. Each visit often generates follow-up referrals, additional testing, and return appointments—a self-reinforcing cycle that multiplies patient touchpoints and amplifies the pressure from the first two forces.

Why fewer doctors are choosing primary care

If the demand side of the primary care crisis is about more patients needing more care, the supply side is about a profession that has made itself increasingly hard to enter — and harder to stay in.

The most visible pressure is burnout. Physician shortages are driven by PCPs retiring early and leaving medicine altogether, as administrative burden crowds out the work that drew most physicians to the field in the first place. Almost half of clinicians report burnout tied to tasks like electronic health records (EHRs) and prior authorization management — work that has little to do with patient care. The consequences are stark: 40% of PCPs are considering leaving medicine, and 80% of internal medicine residents are choosing to subspecialize rather than enter primary care.

But burnout alone doesn’t explain why fewer physicians are choosing primary care in the first place. The economics don’t add up. Medical school debt has ballooned to over $200,000, up from around $90,000 in 2000, while inflation-adjusted primary care salaries have declined over the same period. For a medical student doing the math, primary care is underpaid relative to the value it creates in prevention, cost containment, and longitudinal patient relationships.

And even for those who want to enter primary care, the pipeline itself is constrained. Medicare, under the Balanced Budget Act of 1997, largely funds residency positions, capping the number of training slots available regardless of demand. In 2026, there were nearly 6,500 more medical school graduates than available residency positions — a structural ceiling on how quickly the workforce can grow.

The result is a profession being squeezed from every direction: Too much administrative burden for those already practicing, too little financial incentive for those considering it, and a training pipeline that can’t scale to meet the need. We believe the most viable path forward is equipping the physicians we have with AI tools that enable them to do more — risk-stratify patients, support diagnosis, and coordinate care — without adding to their workload.

Fee-for-service models can create misaligned incentives

Fee-for-service (FFS) models have dominated healthcare reimbursement since the 1930s. The premise is simple: Providers are paid a negotiated rate for delivering episodic healthcare services. The result has been a system optimized for doing more — more procedures, more interventions, more billable visits — often, at the expense of keeping patients healthy in the first place. PCPs see 20 to 30 patients per day, with each getting only around 15 to 20 minutes of their doctor’s time, and limited innovation in population health screening and care coordination technologies.

The shift to value-based care

Value-based care (VBC) emerged from the shortcomings of FFS and was implemented nationally through the Affordable Care Act (ACA 2012) and the Medicare Access and CHIP Reauthorization Act (MACRA 2015). The ACA introduced outcome-based payment models through multiple programs, including Hospital Value-Based Purchasing (VBP), HAC Reduction (HACRP), Readmissions Reduction (HRRP), and Medicare Shared Savings (MSSP) — all designed to reward quality and cost reduction rather than service volume. 

The Centers for Medicare and Medicaid Services (CMS) deployed these programs gradually, driving recent innovation across three phases: 

Measurement

Initial programs had low penalties and bonus potential for quality metric reporting and basic performance benchmarks. For example, HRRP began with a 1% penalty in 2013 for hospitals and new accountable care organizations (ACOs). With light financial incentives tied to quality-of-care reporting, hospitals adopted technologies to provide unified views of their patients, leading to companies such as Innovaccer and Datavant that link longitudinal patient records across providers and payers. 

Management

As penalties grew to 3% over time and downside risk was introduced to both ACOs and individual providers through MACRA, focus shifted to improving care quality and closing care gaps through better coordination. This need led to the success of companies such as Aledade, making ACO participation easy while closing care gaps. 

Prevention 

With reporting infrastructure maturing and quality benchmarks tightening, systems now face pressure to prevent chronic disease rather than just manage it. Companies like Cadence Care embed remote patient monitoring into health system workflows to proactively manage patients with chronic diseases between visits. 

Each phase of financial pressure has unlocked a new layer of the care management technology stack — from infrastructure, to coordination, to prevention. 

CMS hasn’t stopped pushing. The ACCESS Model represents its most direct move yet toward paying for outcomes rather than visits. VBC arrangements are increasingly focused on innovation in prevention, prioritizing technologies that can identify and proactively manage chronic conditions. 

How AI expands what primary care physicians can do

Value-based care has meaningfully shifted the financial logic around prevention, but better reimbursement doesn’t fix a primary care practice’s day-to-day issues. AI’s ability to automate administrative burden and coordinate care addresses this gap in ways previously not possible. 

 

We see the purview of primary care expanding over time as diagnostic technologies democratize, enabling PCPs to perform tech-enabled triage and minor procedures once reserved for specialists. The result is a system where both PCPs and specialists spend more time practicing at the top of their licenses. 

Primary Care AI Market Map

Advanced screening technologies enable PCPs to catch disease earlier and more holistically

PCPs are often the first to see a patient before a disease develops. The problem is that they rarely have the technology to catch it. New technology deployed in the primary care setting will help PCPs measure nuanced biomarkers and screen and evaluate patients more comprehensively. When the right tools reach primary care, physicians can catch what they would otherwise miss, while specialists can focus on the patients who need them most.

Novel measurement modalities will likely be a key enabler for PCPs to track and quantify biomarkers. Companies such as Dermasensor, which enables PCPs to visualize and evaluate skin lesions, and Optain Health*, which allows PCPs to screen for diseases such as diabetic retinopathy, are two examples of these technologies. Each can be used at the PCP level to catch disease earlier, enrich referral pipelines, and free up specialist time to focus on higher-severity, more complex patients. 

Referral management

Better diagnostics can improve efficiency if patients follow up with the right specialists, but unfortunately, up to 50% of subspecialist referrals are never completed. The referral journey is riddled with failure points, including:

  • Difficulty identifying accessible in-network specialists
  • Referrals lost over fax or through incomplete EHR transmissions
  • Inadequate upfront severity triage
  • Patients left to self-schedule
  • Pre-visit coordination gaps that cause appointment rescheduling
  • Specialists rarely close the loop back to the referring PCP

The result is fragmented, uncoordinated care that often leaves the most at-risk patients falling through the cracks. New companies and technologies are necessary to automate, coordinate, and streamline the delivery of clinical care in our currently fragmented care delivery system. Companies such as Medmo*, which automates end-to-end radiology referral management, and Junction, which automates blood-work and diagnostic testing management, are enabling broader follow-through to diagnostic care. 

Enablement of procedures in the PCP Office

Most minor procedures PCPs could perform are currently done in specialist offices or hospital outpatient departments. Often, these procedures come at a higher cost and with longer wait times. There are many historical reasons for this, including training, physician comfort, and lack of appropriate setting or equipment. Enabling PCPs to perform these procedures can improve patient access, relieve specialist backlogs, and increase PCP revenue. 

Innovation here involves affordable, AI-guided procedural devices that bring specialist-level capabilities to primary care. Companies like Butterfly and Clarius are democratizing point-of-care ultrasound; Mendaera is enabling AI-guided needle procedures such as joint injections and biopsies to be performed semi-autonomously; and Ampa is expanding neuropsychiatric access through AI-guided transcranial magnetic stimulation (TMS) without specialist administration.

Clinical decision support (CDS) and predictive analytics

Two converging trends have made clinical decision support (CDS) newly viable. Health records are now largely digital, and the cost of genomic sequencing has fallen from over $10 million per genome in 2005 to under $1,000 today — creating rich, longitudinal datasets that didn’t exist a decade ago. The patterns buried in that data, when surfaced correctly, can meaningfully change how chronic disease is identified and treated.

The most mature application so far is precision oncology, where EHR, multi-omic, and histopathological data are increasingly used in everyday treatment planning. The core value is straightforward: Help clinicians sub-stratify disease and predict how a patient will respond to treatment before committing to it. We see some of the greatest opportunities in two areas: the underlying data infrastructure that enables this, and disease-specific applications built on top of it.

Most CDS platforms for initial disease profiling require a biopsy and tissue digitization to analyze morphological and/or inferred genetic biomarkers. Pathologists have historically worked manually; therefore, the digitization of pathology is a key unlock. Companies like Pictor Labs* enable virtual staining from a single tissue sample, eliminating the need for multiple biopsies to run different tests, while companies like Proscia* are shifting tissue analysis workflows online. 

CDS platforms are increasingly feasible as technology advances and physicians expand their use across their patient populations. Companies like Covera Health* optimize imaging and care pathways for patients whose diagnoses often goes untreated. Concurrently, major biopharma companies are using this technology across clinical trial pathways, including CDS platforms to predict drug success in their pipelines and minimal residual disease (MRD) testing as an endpoint in clinical trials. Tempus is building large suites of patient testing and stratification tools, while companies like Artera and Ataraxis are developing disease-specific models for prostate and breast cancer. 

Automation of clinical and administrative tasks

The past decade has seen an ongoing increase in the administrative burden on PCPs, including EHR tasks and prior authorization management. The digitization of the electronic record has, counterintuitively, increased the documentation burden on PCPs, a problem that agentic systems are well-positioned to solve. 

AI scribes have seen success with companies such as Abridge and Ambience Healthcare, experiencing some of the fastest healthcare technology adoption to date. And scribing is only the start. The administrative layer is attracting a new generation of purpose-built tools: Tennr for prior authorization, SmarterDx for revenue cycle management, and Assort and Hyro for scheduling and front office automation.

Agentic AI has helped slow the growing administrative burden, sapping physicians’ time and resources from patient care. As reimbursement rates continue to stagnate while administrative duties increase, the economics of independent practice are increasingly degrading. The burden relief will continue to help physicians maintain independence and devote more time to their patients. 

Considerations for founders

Below are a few considerations we recommend for founders building businesses to empower PCPs:

Immediate value creation

Primary care clinics are generally low-margin and face mounting payroll, technology, and supply costs while reimbursement rates remain flat or decrease. Therefore, it is crucial that new tools deliver immediate, tangible value to PCPs. Founders should ask themselves, “How do we increase the quality of care while increasing revenue or decreasing non-clinical burden for PCPs?”

Many AI-assisted screening tools struggle to achieve incremental reimbursement because policymakers rely on higher patient throughput to drive ROI. Increased volume can be a strong enough incentive for specialists to adopt new tools, but PCPs often need incremental reimbursement to adopt. Retinal screening is a rare example of a policy already in place for incremental reimbursement.  

Speed and workflow

Physician workflows are heavily ingrained due to years of training and optimization. Products that add steps to workflows are likely to fail from the start, whether that’s opening multiple new windows in the EHR or performing lengthy additional tests. Enabling non-clinical staff to perform testing or adding tests to PCP routines without adding to workflow is crucial to ensure adoption and ROI. 

Practicing within scope and referral relationships

PCPs and specialists maintain referral networks built on mutual trust, with specialists delivering exceptional care while PCPs accurately triage risk. Specialists often prefer PCPs to refer any patients who show potential signs of chronic or serious disease, rather than attempt to deliver unguided specialist-level diagnostics. Concurrently, PCPs generally want to avoid reputational risk and liability of diagnosing beyond their own base training, license, and comfort. Therefore, providing specialist guidance in the PCP office can support and affirm the diagnostics done there.

For example, asynchronous eConsults allow PCPs to get specialist advice without referring the patient to another physician. Incentives align well as patients get answers quickly, PCPs get a specialist to sign off on diagnostic triage, and specialists can review low-risk patients asynchronously. BardyDx commercialized a cardiology solution with this structure before getting acquired by Hillrom. Over time, this specialist presence and support may be augmented by AI guidance as generative AI becomes standard in PCP workflows. 

PCPs are the backbone of our healthcare system, and it is increasingly important to empower them so our system can focus on health care rather than sick care. Diagnostic and procedural innovation in the PCPs’ office will require simultaneously addressing reimbursement, time, and liability concerns. We ultimately strive for quality care for the right patients, at the right time, in the right setting. 


*Editor’s Note: Insight Partners has invested in Optain Health, Pictor Labs, Proscia, Medmo, Cleerly, Iterative Health, Screenpoint, Covera Health, Exacare AI, and Idoven.

The post How AI is rebuilding America’s primary care system appeared first on Insight Partners.

]]>
How Skyflow ends the false choice of block or unblock for Agent data https://www.insightpartners.com/ideas/skyflow-agent-access/ Wed, 17 Jun 2026 19:13:16 +0000 https://www.insightpartners.com/?p=28035 For years, enterprise security ran on a simple principle: if a system or user shouldn’t have access to sensitive data, you block it; if they should, you unblock it. That binary worked well enough when the things accessing data were predictable: applications, databases, and human employees following defined workflows. But AI Agents are none of […]

The post How Skyflow ends the false choice of block or unblock for Agent data appeared first on Insight Partners.

]]>
For years, enterprise security ran on a simple principle: if a system or user shouldn’t have access to sensitive data, you block it; if they should, you unblock it. That binary worked well enough when the things accessing data were predictable: applications, databases, and human employees following defined workflows.

But AI Agents are none of those things. They’re autonomous, non-deterministic, and they need access to your most sensitive data to be useful. Block them, they’re useless. Unblock them, and you risk losing control over what they can access and how they act.

“The blocking-unblocking cycle is over,” says Anshu Sharma, cofounder and CEO of Skyflow, a runtime AI data control platform protecting sensitive customer data for companies ranging from two-person startups to Walmart and Visa. “We know we have to unblock these Agents. The question is how.”

“All hell broke loose”

“The first generation of large language models was…basically talking to Wikipedia,” says Sharma. It was a very sophisticated search interface with a limited security surface.

“The second generation of Agents, turns out, is not about finding out what the capital city of Iran is,” he says, “but it’s actually about finding out, when does my lease expire, and can an Agent go ahead and create a document that extends my lease?”

That shift from retrieval to action transforms the risk profile. Agents are calling APIs, connecting to databases, writing records, and triggering workflows. And to do any of that meaningfully, they need access to the most sensitive data an organization holds. But unlike a human employee, they don’t always follow predictable paths to get it.

“All of this mess is uncontrolled because the Agents are fundamentally non-deterministic.”

Legacy security systems were not built to handle this.

And the consequences of getting it wrong are already materializing. In March 2026, an autonomous OpenClaw Agent breached McKinsey’s internal genAI platform, Lilli, gaining read-write access in under two hours. It used basic, well-known software vulnerabilities in endpoints designed for humans, not Agents, revealing the weaknesses in traditional defense.

“The moment we went from the generative aspect of LLMs…to the work aspect of Agents, everything changed,” says Sharma. “All hell broke loose.”


Read on: How Skyflow is building the trust layer for Agents


Legacy tools like data loss protection engines, traditional firewalls, and data security posture management platforms were built on a binary assumption that no longer holds, says Sharma. “Either you are a bad actor, and you should not have access at all, or you’re a good actor, and then you have the keys to the kingdom.”

Take an airline that wants to build an Agent: It needs a customer’s frequent flyer number, credit card number, email address, and phone number. A firewall either blocks everything and renders the Agent useless, or it lets everything through and creates unacceptable risk. Neither is a viable outcome.

What customers want now, says Sharma, is granular visibility and a genuine control layer — something the old architecture could never provide. “They want to know exactly what an Agent does. What can it see? What can it read? What can it update?”

Give Agents what they need, and nothing else

Skyflow’s approach centers on what it calls a polymorphic engine.

“We basically don’t block or unblock data,” says Sharma. “We actually transform it.” The platform creates polymorphic projections, which are targeted, task-specific representations of sensitive data — it fulfills precisely what the task requires and nothing else. That means an age verification check doesn’t need a user’s date of birth; it just needs confirmation that the user is over 21.

“One of the myths in the security industry is what I call the ‘either or’ fallacy: Either I can protect the data, or I can use the data.”

This requires security controls that operate in real time, at the moment of each Agent action, rather than traditional static policies that run on a weekly scan cycle. “Since your Agents are now runtime and non-deterministic, the security platform…needs to behave like that,” says Sharma. “We built Skyflow with that premise from day one.”

Hardware won’t solve data sovereignty

Beyond the immediate Agent security problem, Sharma warns that there is a longer-term regulatory challenge that most enterprises aren’t prepared for.

Data sovereignty requirements, which require that personal data be stored and processed within national borders, are becoming increasingly common. The obvious response is to build local infrastructure in every market you operate in, but that’s not practical or affordable for most businesses, argues Sharma.

“[NVIDIA CEO] Jensen [Huang] wants you to buy a GPU cluster in every country you operate in. Now maybe that’s feasible for the largest oil company in the world, but it’s not going to be feasible for the third-largest airline operating in 37 countries. There is no way in hell a third-largest airline is going to have 37 GPU clusters just because you want to be able to rebook your flight.”

“Instead of trying to replicate everything I do, why don’t I just protect the sensitive data?”

Skyflow’s solution is to secure sensitive data at the source, locally, and send only anonymized, tokenized versions through the rest of the workflow. It’s compliance without a data center on every continent, says Sharma.

“If the data is locally resident and protected using our polymorphic engine, then you can actually serve customers in Saudi Arabia, Bahrain, and Qatar from the same data center.”

The future architecture

Ultimately, Sharma sees Skyflow’s role as building a privacy layer that makes secure enterprise AI accessible to everyone.

Blocking, unblocking, the sovereignty debate, the rogue Agent risk — these are all variations of the same underlying problem. Enterprises need to use sensitive data to make AI work without losing control. Skyflow is offering to do just that.

“If you’re building Agent tech applications, you don’t need to go pay $100M to Palantir,” he says. “You can work with Skyflow plus Databricks*, or Snowflake plus Anthropic* and OpenAI*. That’s the new architecture that’s open.”


*Editor’s note: Insight Partners has invested in Skyflow, Databricks, Anthropic, and OpenAI.

The post How Skyflow ends the false choice of block or unblock for Agent data appeared first on Insight Partners.

]]>
How Trustmi uses AI to make sure every dollar goes where it should https://www.insightpartners.com/ideas/trustmi-leadership-story/ Wed, 17 Jun 2026 13:08:57 +0000 https://www.insightpartners.com/?p=27948 For cybercriminals looking for a quick payday, ransomware used to be the go-to. But as organizations have improved their backup and recovery processes and become better coordinated with law enforcement, it has become harder to get paid. Although this sounds positive, the reality is that it has motivated many attackers to shift from targeting software […]

The post How Trustmi uses AI to make sure every dollar goes where it should appeared first on Insight Partners.

]]>
For cybercriminals looking for a quick payday, ransomware used to be the go-to. But as organizations have improved their backup and recovery processes and become better coordinated with law enforcement, it has become harder to get paid.

Although this sounds positive, the reality is that it has motivated many attackers to shift from targeting software to targeting people who move money. Business email compromise (BEC), vendor fraud, and socially engineered payment scams have surged over the past few years, powered by increasingly sophisticated AI tools.

Attackers exploit human psychology and play on human instincts, often impersonating authority figures to bypass security measures, steal data, or redirect funds. In perhaps the most publicized example of this kind of scam, the British engineering firm Arup lost $25M after an employee joined a video call populated by AI-generated deepfakes of the company’s executives.

“The easiest route is going after the people that have access to the funds,” says Shai Gabay, the cofounder and CEO of payment security company Trustmi. “That’s what changed the game.”

Gabay’s perspective is that the issue goes beyond phishing or email security. The problem is how enterprise payments are made. “It’s a very complex process,” he says. “It’s kind of low tech…relying on a lot of manual controls and processes. So there are a lot of loopholes that cybercriminals can attack.”

Trustmi, an AI-powered payment security platform, was built to close those loopholes, protecting B2B payments before money leaves the organization. It connects to the systems involved in the payment lifecycle — enterprise resource planning (ERP) platforms, procurement systems, invoices, emails, banking workflows — and correlates activity across the entire chain to verify each payment.

Marrying safety with ROI

Trustmi’s founders came to the problem after years in cybersecurity. Gabay began hacking at 13 and spent eight years working in cybersecurity for the Israeli military before moving into a defensive role as a bank CISO, working closely on fraud prevention and financial security.

During that time, he repeatedly saw corporate customers lose money through payment fraud schemes and was inspired to build a solution. Although he had spent years working with startups, he wanted to gain firsthand operational experience before running his own, so he decided to spend several years in the high-growth security startup ecosystem.

“I went to three different cybersecurity [startups] to learn how to build my own company. After six years…I knew what I needed to do.”

It was during this period, while working at cybersecurity startup Cynet in 2018, that he met Trustmi Cofounder and CTO Eli Ben Nun. They were both frustrated with the broader cybersecurity industry, which seemed to rely on fearmongering, rather than measurable business outcomes.

From the beginning, the founders saw payments as a broader operational problem that spans fraud prevention, payment accuracy, and workflow automation.

“I was really passionate about doing something…impactful,” Gabay recalls. “It’s very hard to justify business ROI in cybersecurity, and most of the narrative of the sales is about fear and insurance…I wanted to be able to build something that can show you real savings, real ROI, quantified and measurable results.”

$1B in fraud prevented and $5B in mistakes caught

Before building the product, Gabay and Ben Nun spent months validating the problem with finance leaders, interviewing 150 CFOs across the United States. Trustmi was founded in Tel Aviv in 2021 and raised a $4M seed round. A $17M Series A followed in 2023, coinciding with the company’s official global launch from New York.

The company has expanded rapidly, now protecting more than $240B in payments annually. Its customers are large enterprises across manufacturing, pharmaceuticals, hospitality, and insurance, including Fortune 500 companies such as Takeda, Colgate-Palmolive, Mohawk, and monday.com. Trustmi says it has prevented more than $1B in fraud and $5B in payment mistakes, like duplicate invoices and human error.

Those operational savings reflect the company’s long-term goal. While Trustmi started with payment fraud prevention, the company increasingly sees itself as an intelligence and automation layer for enterprise payments more broadly.

“We started with the clear pain of payment security,” says Gabay. “But…there is a lot of opportunity [to] also improve efficiency, automation, and payment mistakes…and provide much more value to our customers.”

Where most security tools stop, Trustmi starts

Most security tools only cover fragments of the payment process. Email security products, for instance, can catch malicious links or attachments, while finance systems manage transactions and approvals. Attackers exploit the gaps between these systems.

“It’s a classic people/process/technology problem,” says Gabay. “A lot of technology, [but] no one connecting the dots.” That’s why Trustmi is designed to insert directly into existing payment workflows, so finance teams can use it without overhauling their operations. “No one’s going to change the way they do business, even for security,” Gabay explains.

“We help organizations make sure their payment goes to the right place, at the right time, [for] the right amount.”

Trustmi acts as an intelligence layer across the payment process, analyzing activity during payment cycles and assigning each transaction a risk score in real time.

“We become their copilot,” says Gabay. The company categorizes risk as green, yellow, or red. “Green [says], go ahead and pay it. Yellow, suspicious payment. And red, that’s a planned payment fraud, and we’re going to block it.”

The new face of payment fraud prevention

The rise of generative AI is accelerating the scale and sophistication of deepfakes and impersonation in payment fraud, says Gabay. At the same time, businesses are increasingly incorporating AI into workflows, experimenting with autonomous Agents and systems for processes like procurement, invoicing, and approvals. That scenario requires a new set of security systems capable of operating at machine speed.

Trustmi’s mission is to shift from a payment fraud platform into the trust layer for increasingly autonomous financial operations. “[The aim is] not only to be able to help organizations do what they do today. We also envision what the future is going to look like, and we’re building for that as well.”

That scenario requires a new set of security systems capable of operating at machine speed. “In four or five years from now, AI is going to do everything,” predicts Gabay. “We won’t see payment as someone sending you an invoice. It will be Agent [to] Agent, speaking by themselves.” We’ll see far more AI used in attacks, he says, requiring a defense system built on AI in kind. “You’re thinking that you know who you’re speaking with. You’re thinking that this invoice is legit, and you are relying on things that you cannot verify anymore.”


*Editor’s note: Insight Partners has invested in Trustmi.

The post How Trustmi uses AI to make sure every dollar goes where it should appeared first on Insight Partners.

]]>
How Tamnoon is tackling the cloud security backlog with autonomous remediation https://www.insightpartners.com/ideas/tamnoon-leadership-story/ Tue, 16 Jun 2026 20:21:06 +0000 https://www.insightpartners.com/?p=27894 Cloud security has dramatically improved over the past decade. New tools that surface risks, misconfigurations, and vulnerabilities in real time have given organizations remarkable visibility. But visibility has created a new problem. Security platforms generate thousands of alerts, and addressing them is rarely straightforward, particularly in live production environments where one small change can have […]

The post How Tamnoon is tackling the cloud security backlog with autonomous remediation appeared first on Insight Partners.

]]>
Cloud security has dramatically improved over the past decade. New tools that surface risks, misconfigurations, and vulnerabilities in real time have given organizations remarkable visibility.

But visibility has created a new problem. Security platforms generate thousands of alerts, and addressing them is rarely straightforward, particularly in live production environments where one small change can have unintended consequences. The result is huge backlogs of unresolved alerts, where risk is understood but not addressed.

“Detection and visibility are a software problem,” explains Marina Segal, cofounder and CEO of cloud remediation solution Tamnoon. Tools can plug into your cloud systems, pull out data, and automatically spot issues.

Fixing those issues is more challenging because it involves coordination and human judgment.

“You actually need to perform almost like an open heart surgery on the production system of your customer,” says Segal. You need to figure out who owns the system, convince them that the issue needs resolving, and gain approval to make changes.

“It’s more of an operational, people, process problem. People don’t want to take down production environments that generate revenues for the companies.”

“Security cannot be the aspect that stops your revenue generation streams.” 

The path to Tamnoon

Tamnoon’s founding team has deep roots in cloud security. Segal, along with cofounders Idan Perez and Zohar Alon, worked together at Dome9, an early pioneer in cloud security posture management (CSPM). “We were there in the cloud security space when it wasn’t called cloud security,” says Segal.

“We’ve seen the industry develop from day zero.”

The trio had a front-row seat to where the market was falling short. With remediation lagging behind detection capabilities, many customers were unwilling to risk making changes in live production environments, so even when automated fixes were available, they often went unused.

“What we noticed is that we have amazing technology, we have an amazing ability to…get visibility into the cloud,” recalls Segal. “The biggest challenge…that is not solved fully yet is, how do we make those tools fully operational?”

Solving that problem became the foundation for Tamnoon. The founders spent roughly two years refining the concept during the pandemic before deciding to focus fully on building a remediation solution.

Before building the product, Segal tested it with the market, gathering feedback from CISOs and security practitioners across industries. The pattern was consistent: Organizations had invested in powerful detection tools but lacked the resources, processes, and confidence to safely act on what those tools surfaced.

The AI Agent built to fix what detection tools leave behind

Tamnoon rolls the stages of remediation into one workflow. It connects to customers’ existing security tools, takes in their alerts, and investigates, prioritizes, and resolves them safely. “We’re basically the fixers,” says Segal. “We are doing all the heavy lifting.”

This positioning sets Tamnoon apart from much of the market, where most tools are designed to detect issues, not resolve them in complex, live environments. The platform is powered by a hybrid model. Tamnoon’s AI Agent, Tami, handles large-scale data processing, triage, and investigation.

“We trained her on how to prioritize cloud security issues in the context of each and every customer environment,” Segal says. “It’s not an Agent that was trained on generic LLM models…She was trained on real-life executions in production environments.”

 “You have to be behind the wheel to a certain extent.”

Human experts step in in situations where confidence is lower, such as when changes could impact critical systems, to validate decisions and oversee execution. “The most important thing is to know where human involvement is necessary and where it is not,” says Segal. “That’s how Tamnoon is able to scale human operations in a very sophisticated way.”

From seed to scale

Tamnoon officially launched in 2023, the company emerging from stealth with a $5.1M seed round. Growth followed quickly: The company expanded its customer base by more than 300% leading up to the seed round and continued to build momentum into its $12M Series A in September 2024.

Alongside this announcement, Tamnoon launched Tamnoon Prevent, a proactive tool designed to stop non-secure configurations before they are deployed. Later that year, the company became a launch partner for Wiz Defend, integrating its remediation capabilities to help security teams detect and respond to threats more effectively.

By 2025, the platform was operating at full tilt. Tamnoon processed 6.3 million alerts over the course of the year, resolved 2.7 million of them, and protected more than 200,000 critical customer assets.

“We want to make the remediation process fully autonomous”

As Tamnoon scaled, its AI capabilities accelerated. “From when we started, we knew that we wanted to leverage machine learning and AI,” says Segal. “The problems that we are solving are very, very complex, and in order to scale human operations, you really need to use machine learning and AI capabilities.”

The company has gradually shifted more responsibility from human operators to its AI systems, using AI to handle most of the analysis and decision-making, and humans to review higher-risk cases. “Our platform is smart enough to perform the majority of the processes and operations on its own,” Segal says.

As of 2026, Tamnoon has reached what it defines as level four autonomy, meaning that the “majority of the decisions around prioritization, investigation and safe remediation plan…are being done by machines,” Segal explains. This automation benchmark was created by the Society of Automotive Engineers in 2014 and is mostly used to evaluate self-driving vehicles. “Level five is where we are headed next.”

At level five autonomy, the platform will be able to execute certain remediation actions directly in production when confidence is high. “The moment we reach a certain safety score…we will let the machine drive on its own,” she says.

The future of cloud remediation

Even as Tamnoon pushes automation forward, the underlying problems it is tackling are persistent. “I’ve been talking about it for 10 years, and nothing is changing,” Segal says. Identity and access issues, misconfigurations, and exposed assets continue to be the most common sources of risk, driven “mostly by human mistakes and network problems.”

Addressing those risks at scale requires a clearer understanding of when it is actually safe to act, or as Segal refers to it, the “confidence factor.”

“If you want to fix something, the first thing that you have to do is make sure that it is not being used actively by something in your environment,” she explains. Where dependencies exist, the system guides teams on what needs to change first rather than blindly applying a fix.

This reflects Tamnoon’s efforts to move earlier in the lifecycle. “My vision is that we have to move into preemptive space more and more,” says Segal. By addressing misconfigurations before they reach production, the goal is to reduce the volume of alerts altogether, resulting in fewer incidents.

“With the landscape of threat actors that we have today and how fast they are able to move, we have to be in the preemptive space sooner than later,” warns Segal. “They don’t care if they break anything in production, and we do.”


* Editor’s Note: Insight Partners has invested in Tamnoon.

The post How Tamnoon is tackling the cloud security backlog with autonomous remediation appeared first on Insight Partners.

]]>
The next generation of analytics: Why we invested in Golden Analytics https://www.insightpartners.com/ideas/why-we-invested-in-golden-analytics/ Tue, 16 Jun 2026 13:05:00 +0000 https://www.insightpartners.com/?p=28134 Software engineers have been transformed by AI: Cursor, Copilot, and Claude Code*. Data teams? Still stuck. In many businesses, there is a large gap between the data they have and the answers they need. Ask a business leader how long it takes to understand why revenue dropped last quarter, and they will answer in weeks. […]

The post The next generation of analytics: Why we invested in Golden Analytics appeared first on Insight Partners.

]]>
Software engineers have been transformed by AI: Cursor, Copilot, and Claude Code*. Data teams? Still stuck. In many businesses, there is a large gap between the data they have and the answers they need. Ask a business leader how long it takes to understand why revenue dropped last quarter, and they will answer in weeks. Behind that delay is a stack of disconnected people and tools: a data engineer piecing together the right dataset, an analyst writing and iterating on queries, and a business intelligence (BI) developer translating the work into a static dashboard.

BI has evolved through three generations: enterprise warehouses and reporting, self-serve analytics tools, and the modern data stack. But even the modern data stack left many organizations behind It expanded what’s possible with data infrastructure, but the tools analysts use to consume and explore that data didn’t keep pace.

Built for the Next Stack

Golden Analytics is built from the ground up to be part of what Insight Partners is calling the Next Stack of data and AI, the next generation of analytics. Point it at a data warehouse like Snowflake or Databricks* and the Agents do the work of an entire data team: surfacing the questions worth asking, preparing and joining data in plain language with no structured query language (SQL), building charts and explaining what each one shows, and turning the analysis into an interactive story anyone can explore. Work that used to span multiple tools and teams can now happen in one place, in minutes.

Golden meets users where they are with what the team calls a “slider of autonomy,” which means the user decides how much the AI takes on, from a fully automated analysis to embedded agents exploring the next possible actions as you build. The experience feels less like building a dashboard or report and more like thinking out loud. Design-quality visuals. Analyst-grade depth. Same tool, cohesively helping analysts stay in the flow of work.

The right team for this moment

Our conviction in Golden is inseparable from the team behind it. CEO François Ajenstat spent almost a decade at Tableau as chief product officer, helping pioneer the self-serve analytics movement. He is one of the most recognized and trusted voices in the analytics community, someone who understands exactly where the category broke down and what it needs to become. In an era where AI makes it easier to build software, taste and craftsmanship matter more than ever. Ajenstat and the team have both in spades.

What seals our conviction: Golden is designed to get smarter with every analysis, and so do the organizations using it. A compounding advantage that legacy tools and generic models simply can’t replicate. The next generation of analytics will not look like a better dashboard; instead, it will look like better questions. We’re thrilled to partner with Ajenstat and the entire Golden Analytics team as they build what’s next.


*Note: Insight Partners has invested in Databricks and Anthropic.

The post The next generation of analytics: Why we invested in Golden Analytics appeared first on Insight Partners.

]]>
How Mate Security is building the AI teammates that security operations centers have been waiting for https://www.insightpartners.com/ideas/mate-security-leadership-story/ Thu, 11 Jun 2026 13:30:35 +0000 https://www.insightpartners.com/?p=27914 Security operations centers (SOCs) are often overwhelmed by alerts that increase daily, including both real threats and false positives. Sifting through them all to work out which is which is a slow and manual process. Under pressure to clear backlogs, many teams compromise security by muting alerts, tuning down detection rules, or making policy exceptions. […]

The post How Mate Security is building the AI teammates that security operations centers have been waiting for appeared first on Insight Partners.

]]>
Security operations centers (SOCs) are often overwhelmed by alerts that increase daily, including both real threats and false positives. Sifting through them all to work out which is which is a slow and manual process.

Under pressure to clear backlogs, many teams compromise security by muting alerts, tuning down detection rules, or making policy exceptions. But when an analyst creates a static exception to suppress a false positive, they inadvertently create a blind spot in the organization’s defense.

At the same time, threats are accelerating. Increasingly powered by automation and AI, attackers move faster than human teams can respond, turning overload into vulnerability.

AI SOC platform Mate Security was built to replace this brittle, static tuning with dynamic, context-aware AI that automates the investigation process. It provides AI agents that work together to gather context, run investigations, and surface what matters, freeing up security teams to focus on real threats.

From the enterprise, for the enterprise

Mate was founded in early 2025 by a team of enterprise cybersecurity veterans with experience in large-scale product development. Oren Saban, the company’s cofounder and chief product officer, befriended CEO Asaf Wiener and CTO Guy Pergal at Microsoft before they went on to senior roles across the industry: Wiener at Wiz, Pergal at Axonius, and Saban at Apex.

The idea for Mate came from a growing disconnect between what security tools promised and what practitioners were actually experiencing, says Saban. “We saw a lot of problems with how the tech works today, and we were very, very eager to solve this.”

“[We] have brought all different things to Mate. One of them is in the enterprise readiness. Mate has been built from the get-go [to support] enterprises.”

After years of watching teams drown in alerts and dashboards that generated more noise, the founders realized that the issue was a lack of usable, organizational intelligence. When recent advancements in AI finally made it possible to tackle the problem meaningfully, they moved quickly.

Mate emerged from stealth in November 2025, with a $15.5M seed round co-led by Insight Partners and Team8, and launched its Security Context Graph a few months later.

An “instant promotion” with AI Agents

At its core, Mate is designed to shift the SOC’s role from reactive triage to real-time decision-making. “Before Mate, you had a queue with hundreds of alerts [that] you have to prioritize,” says Saban. “After Mate, within a few minutes, you’ve already got a prioritized queue with noise reduction. You get to focus on the things while they happen.”

Instead of manually triaging alerts, analysts can assume a supervisor role, overseeing and guiding AI Agents as they conduct investigations. “We call it an instant promotion,” jokes Saban. “Humans are governing that AI is doing the right thing, exactly like you would handle your employees.”

“It feels like your teammate, hence ‘Mate.’”

Automating the repetitive work can also improve timing, which is a top priority for CISOs, says Saban. “Mean time to respond is one of the most important things that people ask about…And the second thing is the threat containment speed. Can we actually stop attacks when they happen, not after the fact?”

Security that understands the stack

The next phase of SOC depends less on deploying AI and more on teaching those systems how the organization actually operates, says Saban. “Any security vendor nowadays has already or will introduce AI Agents to their security stack…What’s special about Mate?” The answer lies in Mate’s Security Context Graph, a dynamic, continuously updated map of an organization’s environment.

This tool, introduced officially in early 2026, connects users, devices, behavior, and historical activity to enable AI Agents to investigate threats with the same context and intuition as a human analyst. “This is the underlying layer that makes Mate accurate, personalized, tailor-made to you,” says Saban.

“You want your doctor to prescribe something that is personalized for you, and it’s the same thing with security.”

Mate is designed to work alongside the rest of the security stack. Customers can connect their own Agents to the Security Context Graph or Mate’s model context protocol (MCP), so that Mate’s Agents can communicate and collaborate with other AI Agents already deployed in the environment, and close the loop on incidents.

When AI has to prove itself

For all its potential, AI implementation in cybersecurity still faces a major hurdle: trust. Research published by the ACM shows that 65% of analysts are skeptical about AI alerts, favoring hybrid human-AI models (79%) over full automation.

Mate’s approach is to ground its reasoning in real organizational data, says Saban. “Then you’re able to reduce the hallucinations dramatically and increase trust.”

“These insights are what’s separating bringing in really good analysts…from an analyst that has been there for years.”

The second ingredient is usability. “If I have to read through a bunch of text and long reports for every alert, I won’t understand what the Agent has done, I won’t build trust, and that really has no impact.” Mate makes its reasoning both accurate and intuitive so that analysts can quickly validate and act on information.

Though Mate initially focused on investigation, it saw customer demand for other services. “Response is a very big thing…Reporting…is a very big thing. The ability to close the loop to detection is a very big thing. They’re pushing us forward to achieve better security with AI.”

The future of SOCs

Looking ahead, Saban wants to see more collaboration in the cybersecurity industry, noting how Mate has built momentum through partnerships and participating in the 2026 Cybersecurity Startup Accelerator run by CrowdStrike, AWS, and NVIDIA.

“The defense side of the world in security has been working in a siloed mode, and we think that the future and where we have to go is to work together as a community to…stop attackers,” he says.

He also predicts a shift in how security teams operate. “The role of the SOC [is] going to converge with security engineering.” As AI Agents take over the repetitive tasks of investigation, triage, and automation, human analysts will move to “the front layer of catching what puts us in danger,” he says.

This is among the most effective ways to combat the increasing threat of AI-powered cyberattacks. With attackers moving at machine speed, security teams can’t rely on manual processes to keep up anymore.

“You can buy ransomware on the dark web for 20 bucks or so, but it will be really hard to build an AI solution for the enterprise that will attack with the same machine-to-machine capabilities,” he says. “We believe that through partnerships, through working deeply together to solve problems, that’s what we can introduce.”


*Editor’s Note: Insight Partners has invested in Mate Security.

The post How Mate Security is building the AI teammates that security operations centers have been waiting for appeared first on Insight Partners.

]]>
Brinqa is building the context layer that enterprise security is missing https://www.insightpartners.com/ideas/brinqa-leadership-story/ Mon, 01 Jun 2026 13:43:08 +0000 https://www.insightpartners.com/?p=27887 The cybersecurity industry has been a victim of its own success. There is a tool for every attack surface and vulnerability, but each one generates alerts, and few of them talk to each other. This leaves big companies drowning in alerts. “They’ve invested millions in all of these different tools. They’ve got their [endpoint detection […]

The post Brinqa is building the context layer that enterprise security is missing appeared first on Insight Partners.

]]>
The cybersecurity industry has been a victim of its own success. There is a tool for every attack surface and vulnerability, but each one generates alerts, and few of them talk to each other. This leaves big companies drowning in alerts.

“They’ve invested millions in all of these different tools. They’ve got their [endpoint detection and responses] (EDRs), they’ve got threat intelligence, they’ve got [cloud security posture management] (CSPM), and attack surface management — and all of them do very specific things,” says Dan Pagel, CEO of Brinqa.

“But they don’t want to have to go into each one to take action…There’s just so much noise and so much for them to triage that when you get to a certain size and volume…they simply can’t get to the bottom of it.”

Brinqa was built to solve this problem for some of the most complex security environments, including Global 2000 companies and the largest healthcare providers. The platform pulls signals from across an organization’s stack into a single decision layer, helping security teams figure out which of the thousands of vulnerabilities flagged each week actually matter, and what to do about them.

Turning data into a living map

This is a key part of what is known as continuous threat exposure management (CTEM), and with the rise of AI, it’s become a crowded category. In Pagel’s opinion, not always for the right reasons.

“What’s happening right now in the space is the same thing that happened with zero-trust six or seven years ago. It was perceived as a product. And the reality is it’s a framework,” he says.

“There’s no one company that’s doing all of it. It’s going to be various different companies and platforms that are bringing those pieces together so that you can have that continuous exposure management.”

Brinqa’s piece is helping people make decisions. The company’s platform ingests exposure data from over 240 security, IT, cloud, identity, application, and business systems, and unifies it in a cloud-native data layer. Brinqa’s Cyber Risk Graph turns this data into a contextual map of an organization’s environment, combining assets, vulnerabilities, ownership, and exploitability into a single model.

“The standard companies are giving you visibility to the assets. They’re giving you better dashboards. What we’re doing is we’re telling you what that all means.”

“We’re tying everything together and putting context around it that says, ‘This isn’t exploitable in your environment. Ignore that. Let’s focus on the 10 or 15 things that truly are.’  It’s a living, breathing context…and it’s changing as your environment changes.”

A record year

The company was founded in 2009 by cybersecurity veterans Amad Fida and Hilda Perez, who saw early on that enterprise security would become a coordination problem. The proliferation of best-of-breed point solutions, even then, had created the need for a horizontal view of risk across disparate sources — something that could proactively identify cybersecurity gaps and automate remediation.

Fida and Perez bootstrapped the company for more than a decade before Insight Partners led Brinqa’s first institutional round of $110 million in June 2021. Then, in 2024, Pagel, previously CEO of Playvox (acquired by NICE) and a leader at Britive, NetMotion, and MobileIron, stepped in as CEO. The company doubled bookings through the first three quarters of 2025.

A big part of that, says Pagel, was just listening. “[We] spent a lot of time sitting down with customers and trying to hear…what are their real challenges, and what does their day-to-day actually look like, versus what we perceive it to look like.”

Many customers, it turned out, were using Brinqa just for vulnerability management, leaving its application security and cloud security capabilities untouched. Teaching customers about the wider platform increased retention and net revenue retention.

“Explainability is trust”

On top of the data layer, Brinqa is building a growing number of AI Agents, which can fill gaps in the data, merge any duplicate findings, and enrich exposure intelligence. This gives security teams confidence in the data they’re making decisions with, and reduces traditionally manual work.

Take, for example, ownership of assets. “In many organizations, up to 80% of assets don’t have an owner attributed to them,” explains Pagel. “So even if you can find the exploitable vulnerability, who do you actually hand it to to go take care of it?” This is exactly what AI is good at: going through masses of data and contextualizing it. And the more data, the better.

“We’re telling customers, ‘Give us more, keep feeding it in, the more the better.’”

“We can then build Agents on top of that, and we can become the decisioning layer to do all of these individual point things that required many thousands of man hours…and so the Agents are saving millions of dollars for these customers, just taking away the spreadsheet processes that existed in correlating that data.”

But security teams aren’t comfortable with AI doing everything. “Customers aren’t quite ready…to trust AI to actually take actions within their environments, but they are ready for it to surface context.” Brinqa’s platform assigns a confidence score to every output, so security teams can see whether the model is 65% or 95% confident in the result, leaving the human to act on it or not.

This explainability matters for CISOs because they are increasingly being asked to justify their decisions to CIOs, CEOs, auditors, and boards. Brinqa’s data layer helps here, too. CISOs can pull snapshots of their company’s exposure profiles from six months and two years ago and show how it’s improving over time.

CISOs need to evolve with the speed of AI

What CISOs need to prove is getting harder because AI has changed what good looks like. It is expanding the surface they have to defend, and shrinking the time they have to defend it.

“The attack surface is going to evolve with the speed at which AI moves,” says Pagel. But he thinks it’s not necessarily attackers using speed to attack zero-days that are the biggest risk, but rather, AI expanding the attack surface, via the defenders.

Engineering teams are using AI to build their own applications, and that creates new vulnerabilities. “Their own attack surface is expanding, from the code that they’re writing, from the ability of attackers to build faster to be able to come after their environments.”

That leaves CISOs with a choice: chase the faster zero-days, or focus on reducing the overall footprint. “They’re still trying to figure out which one to address.”

“The job of a CISO today is not an enviable one…any breach is unacceptable, so it’s just that one vulnerability that matters.”

Either way, they now have less time to solve it. “We had a large Fortune 100 retailer who told us that six months ago, their [service level agreements] SLAs were 30 days for exploitable critical vulnerabilities. By the end of 2025, that was down to two days,” says Pagel. “And they expect that to come down to basically real time.”

Consolidation, expansion, and cutting through

“We’re moving at a crazy pace, but I’d say over the next two years, I think that we’re going to see both consolidation and expansion in the market. There is a huge opportunity, and it’s only getting bigger right now. You seem to hear of another acquisition taking place by a platform vendor every few months, and you absolutely see every couple of weeks, somebody coming out of stealth claiming to be a CTEM platform.”

But Pagel plans to focus on what Brinqa has always focused on. “We see the opportunity continuing to be to address the core problem that exists, which is companies being able to take in all of this data, put it into one place, and then make decisions against it,” says Pagel.

There will always be tools that create noise, and there will always be a need for tools that cut through it.


*Editor’s Note: Insight Partners has invested in Brinqa.

The post Brinqa is building the context layer that enterprise security is missing appeared first on Insight Partners.

]]>
The SaaS GTM glossary that no one has written yet https://www.insightpartners.com/ideas/saas-gtm-glossary/ Mon, 01 Jun 2026 11:50:40 +0000 https://www.insightpartners.com/?p=27995 In the SaaS landscape, many long-held best practices and truths are being questioned with the evolving capacities of AI. Go-to-market is no exception. It’s being rewired, and new opportunities, problems, and metrics have surfaced, but most of the vocabulary hasn’t caught up. These are the concepts that keep surfacing in founder conversations, product reviews, and […]

The post The SaaS GTM glossary that no one has written yet appeared first on Insight Partners.

]]>
In the SaaS landscape, many long-held best practices and truths are being questioned with the evolving capacities of AI. Go-to-market is no exception. It’s being rewired, and new opportunities, problems, and metrics have surfaced, but most of the vocabulary hasn’t caught up.

These are the concepts that keep surfacing in founder conversations, product reviews, and board meetings across our portfolio — the ones people are reaching for but don’t have a clean name for yet. We’ve broken the list into four thematic categories.

The thinking here draws on conversations with Insight Onsite experts Senior Vice President Neal Behrend, Vice President Jack Rohrer, Executive Vice President Ajay Gandhi, Senior Vice President Samma Hafeez, Vice President Jared Brickman, and Executive Vice President Charlene Chen.

SaaS GTM glossary
For illustrative purposes only.

The AI gatekeeper: What happens before you ever get a meeting

Your pipeline doesn’t start when a prospect visits your website anymore. It starts, and often ends, in an AI evaluation you never knew was happening.

Shortlist gravity

Long before any human takes a meeting, the buyer’s Agent has already read your site, your G2, your security docs, and done a full product teardown — and quietly disqualified you or placed you on a list you never knew existed. If you survive that audit, you still face a second structural problem: AI purchasing Agents tend to reproduce the same vendor shortlists because they’re trained on the same corpora. This includes analyst reports, G2 rankings, review sites, and press coverage. The rich get richer, the unknown stays unknown, and no amount of outbound fixes a training data gap.

“The vendors winning AI-era procurement are winning on presence. If you’re not in the training data, you’re not on the list. No cold email fixes that.”

— Neal Behrend

Cold outreach immunity

Prospects’ AI Agents are now handling inbound sales communications, filtering them against stated priorities and discarding them without the human ever seeing them. Your sequence didn’t fail; it was intercepted. Better subject lines, smarter timing, and custom signals to drive personalization won’t move the needle when the audience is an Agent, not a person. The lever shifts from outbound content to presence: the review sites, analyst reports, and training data that Agents actually consult.

“We keep optimizing sequences for humans who never see them. The buyer didn’t ignore your email; their Agent did. You can’t personalize your way onto a shortlist that was built before you ever sent anything.”

— Jack Rohrer

Signal laundering

AI-generated research behavior gets processed through your intent scoring as human buying signals. Your marketing-qualified lead (MQL) scored a 94, but no person was ever actually curious about your product. The programs you’re doubling down on, the accounts your business development representatives (BDRs) are calling, the pipeline your CRO is forecasting. It’s all downstream of a signal that was never real.

“Your intent data is lying to you. It’s not intentional. It just doesn’t know it. And neither do you.”

— Ajay Gandhi

Death by irrelevance: How you lose customers without ever losing them

Traditional churn announces itself. This kind doesn’t. The contract renews, the daily active user (DAU) holds, and the relationship quietly hollows out.

Passive displacement

You don’t get canceled. Instead, you stop being invoked. The contract stays active, the renewal auto-processes, but usage quietly zeros out as Agents route tasks to tools that are more API-friendly or better represented in their training data. It’s death by irrelevance rather than cancellation, and it won’t show up in your churn rate until it’s too late.

“Usage is the truth. Everything else — the contract, the login, the renewal — is a lagging indicator. In this era, being contracted by the human and used by the Agent are two completely different things, and I’m not sure which matters more.” 

— Neal Behrend

Agent-mediated churn

A customer’s AI Agent may proactively identify a better-fit solution and propose switching, without the customer ever being dissatisfied. Your NPS score, your account executive relationship, your quarterly business review (QBR) cadence, none of it mattered because none of it was visible to the actual decision-maker. The human didn’t churn; the Agent made the call.

Retention used to mean keeping the human happy. Now it means keeping the Agent from looking around. Those require completely different playbooks.”  

— Samma Hafeez

Zombie adoption

Your DAU looks healthy, but your champion isn’t. The work is being done by the customer’s AI Agents, not the humans who signed the contract, meaning that the product is active, but the relationship is on life support. When renewal comes, there’s no champion fighting for you because no human has meaningfully touched your product in the past 6 months.

“You can’t manage retention that you can’t measure. And if your DAU doesn’t distinguish humans from Agents, you’re not measuring anything real.”

— Ajay Gandhi

Built for humans, broken for Agents: The product debt accumulating right now

Your product was designed for humans. Agents are the new primary user. The gap between those two facts is where your next product crisis lives.

Agentless workflow debt

Every workflow you built for human users that an AI Agent can’t cleanly traverse is accumulating as a new form of technical debt — onboarding flows that require human clicks, dashboards that surface data visually but don’t expose it via API, support processes that require phone calls or form submissions. As Agents become the primary interface for SaaS interaction, the cost of not fixing these will compound like tech debt: quietly, invisibly, and then all at once. The companies that treat Agent-legibility as a product priority today will have a moat that’s very hard to replicate in two years.

“Every time you built a UI instead of an API, you were making a bet that humans would always be the primary interface. That bet is coming due.”

— Neal Behrend

Human override tax

The penalty a product pays every time an Agent has to stop and ask a human to click, approve, interpret, or resolve ambiguity. Too many overrides make the product Agent-avoidant, even if human users still love it. Agents will simply route around products that interrupt their workflows and toward ones that don’t. Some overrides are necessary for governance, but the unnecessary ones can serve as a vote against you in the Agent’s next routing decision.

“Every approval gate you built for compliance is a tax your Agents pay on every workflow. Some of those gates are worth it. Most of them were designed for a world where humans were the bottleneck.”

— Jared Brickman

Execution drift

An Agent completes the requested job but takes a weird, expensive, non-compliant, or low-margin path to get there. The customer sees “task complete,” yet the vendor sees token burn, API overuse, audit risk, and support tickets. This is the operational cousin of hallucination, and it’s harder to detect because the outcome looks fine until you look at what it costs to produce it.

“You can have a perfectly accurate support org that’s bleeding margin. The culprit isn’t wrong answers — it’s how many steps it took to get to the right one.”

— Jared Brickman

The commercial reckoning: Economic and strategic problems with no existing playbook

The old problems have playbooks. Churn can be modeled, pipeline can be forecasted, and analyst narratives can be crafted. These four sit outside the old frameworks.

Tokenmaxxing customers

Customers who use AI features and LLM output so heavily that they’re a net cost to serve. You can’t fire them — they’re proving out your best use cases daily and generating the case studies your sales team needs — but managing their usage and pricing is now critical to long-term margins. The challenge is that the unit economics your pricing model was built on didn’t anticipate them.

“You priced your AI features assuming average usage. Your best customers don’t have average usage. Those are two very different businesses hiding inside the same contract.”

— Neal Behrend

MEDDICC theater

There are now a dozen tools, native platform features, and DIY options that will auto-score deal qualification off of call transcripts. Most of them grade for language, not reality. The model passes a deal because nothing disqualifying was said, not because something real was confirmed. Reps figure that out in about a week. The opportunity grading dashboard turns green, qualified pipeline coverage looks better than ever, and managers run deal inspection on the opportunities that surface as problems, while the real risk hides behind green scores. The CRO finds out the hard way at the end of the quarter. The AI made the theater more convincing overall.

“Compliance scoring tells you whether the champion said the right words. It will not tell you if that champion is actually going to go to bat for you at the end of the quarter. When you score qualification artifacts instead of qualification reality, you just teach reps to produce better artifacts.”

— Jack Rohrer

Outcome attribution war

When multiple Agents and tools contribute to the same result, everyone claims the outcome, and no one can cleanly prove causality. In a workflow spanning CRM, ERP, billing, support, and data infrastructure, the question becomes: Who gets paid for the resolved ticket, the prevented churn, the booked meeting? The commercial and contractual infrastructure for answering that question doesn’t exist yet, and the companies that figure it out first will have a significant pricing and retention advantage.

“When five Agents touch the same outcome, every vendor claims credit. The company that can actually prove causality in multi-Agent workflows will reprice SaaS from the ground up.”

— Jared Brickman

Prompt-and-pray implementation

The act of using AI by entering prompts and hoping valuable output follows, without the training, context, workflows, or systems needed to make results reliable and repeatable. At the individual level, prompt-and-pray looks like trial-and-error prompting: asking, rephrasing, regenerating, and hoping the next response is better than the last.

At the organizational level, it means handing people AI tools and expecting transformation without investing in the workflows, systems, and knowledge sharing needed to make AI effective at scale. The result is that AI stays trapped at the individual level: people get faster, but the company doesn’t get better.

Giving everyone AI and calling it a strategy is like handing out instruments and calling it an orchestra.”

— Charlene Chen

None of these terms existed five years ago because none of these problems did. That’s the point. The GTM playbook most SaaS companies are running was written for a world where humans did the buying, the using, and the leaving. That world is receding faster than most teams are moving. The vocabulary you use shapes the problems you can solve, and the companies that name this terrain clearly will navigate it better than the ones still borrowing language from the last era.


This post contains forward-looking statements and predictions regarding the future of AI. These statements are based on our current expectations and assumptions, and actual results may differ materially from those expressed or implied in these statements. The information provided in this post is for informational purposes only and does not constitute financial, investment, or professional advice. This post should not be considered as a recommendation to buy, sell, or hold any particular investment or security. Investments in AI and related technologies involve inherent risks, and past performance is not indicative of future results.

The post The SaaS GTM glossary that no one has written yet appeared first on Insight Partners.

]]>
What top-performing CMOs say about success in 2026 https://www.insightpartners.com/ideas/cmo-survey-2026/ Wed, 27 May 2026 19:36:33 +0000 https://www.insightpartners.com/?p=27692 Each year, Insight’s Onsite team runs qualitative surveys across the portfolio filled out by functional leaders (CxOs). This year, over 150 CMOs filled out the survey, across all sizes and stages of growth. The top five findings from the survey were: Sales & Marketing alignment is critical with top marketing teams targeting bookings  AI and automation adoption are […]

The post What top-performing CMOs say about success in 2026 appeared first on Insight Partners.

]]>
Each year, Insight’s Onsite team runs qualitative surveys across the portfolio filled out by functional leaders (CxOs). This year, over 150 CMOs filled out the survey, across all sizes and stages of growth.

The top five findings from the survey were:

  • Sales & Marketing alignment is critical with top marketing teams targeting bookings 
  • AI and automation adoption are a near-term priority for top performers 
  • Human-led channels are the durable moat in an AI-saturated digital space 
  • Top product marketing teams ensure messaging is activated with the sales team 
  • Operational excellence comes in the form of better processes, not always more complex ones 

Executive Vice President Meg Fitzgerald and Vice President Dustin Zaloom presented the findings in a recent Onsite Hour. Rather than rely solely on financial data, the survey asked CMOs a direct question: How has your company performed relative to your closest competitor over the last 12 months? The roughly 25% who said they were doing “much better” became the top performer cohort. When cross-referenced against internal financial data, this self-reported proxy tracked closely to the rule-of-40 performance.

This piece comes from Onsite Hour, a weekly virtual event series for portfolio companies, created by Insight’s 100+ in-house experts. Survey and benchmarking reports are created by our Onsite Insights team. 

Alignment is key, as top performers align with bookings 

When CMOs rated their overall alignment with sales, the distributions looked nearly identical between top performers and the average. The real tell was at the low end: Not a single top performer rated their sales-marketing alignment as poor or terrible.

Note: For illustrative purposes only.

“Solid alignment with your go-to-market counterparts is really table stakes for top performance,” said Fitzgerald. “It’s not necessarily a differentiator, but it is a prerequisite.”

“Solid alignment with your go-to-market counterparts is really table stakes for top performance.”

Where top performers do separate themselves is in how they measure success. Most companies track marketing-sourced pipeline. Top performers are more than twice as likely to hold themselves accountable for marketing-sourced bookings. That shared accountability can significantly change the relationship with sales.

The gap also shows up in the execution layer: shared funnel definitions, joint quarterly planning, and consistent feedback loops from the field. Top performers have built these into their operating rhythm. It’s not a one-time alignment exercise; it’s ongoing.

Over 75% of companies are doing account-based. Most are stuck.

About 78% of companies have some version of account-based marketing in place, but most haven’t scaled beyond the pilot stage. Top performers are the ones who have — and the reason, more often than not, is that they had the sales-marketing alignment required to get there.

ABX GTM AI efforts
Note: For illustrative purposes only.

The plays they’re running also look different. Top performers go deeper on personalization: one-to-one named account plays, one-to-few plays, and tighter SDR integration. Average companies tend to spread efforts more broadly with a one-to-many approach.

Zaloom flagged a pattern he sees often: Companies operationalize intent data, but when a trigger fires, all they do is call the account faster. “That’s not really anything different. That’s just a prioritization mechanism,” he explained. Getting from intent signal to a genuinely differentiated play — a campaign, an event, direct mail — is where many companies stall.

Top performers use more AI across the org, but are more selective about it in content creation

Nearly twice as many top performers listed AI and automation adoption as a top-three priority. And AI tools ranked as the number one technology investment across the board, with nearly 50% citing them at the top of the list.

top performers use AI
Note: For illustrative purposes only.

But the more interesting finding is how top performers use AI differently. In content creation, they’re more selective. They use AI to turn around commodity content faster, but they’re clear-eyed about what it can’t do: produce genuinely differentiated thought leadership grounded in proprietary data or subject matter expertise.

“Top-performing companies really separate the tasks of what AI is good at, and what humans still need to do,” Zaloom noted. Human-in-the-loop stays part of the process even as AI adoption increases.

“Top-performing companies really separate the tasks of what AI is good at, and what humans still need to do.”

On the creative and video side, top performers are also more likely to use agencies than their average counterparts. This is not because they’re avoiding AI, but because they understand that agencies offer the kind of flexible capacity that full-time equivalents can’t. Both levers are used together.

One example from the call: a product marketer used Claude* to build a messaging consistency tool — paste in any content, get a score against the company’s message house, and receive suggested edits. Low overhead, high adoption across the org.

The 50-50 budget split that’s separating the field

The old rule of thumb was 20 to 30% of program spend on brand, but the survey data pushes back on that. About a third of top performers are running a roughly 50-50 split between brand and performance. Among average companies, that number drops significantly.

AI marketing budget
Note: For illustrative purposes only

“If you’re only investing in performance marketing, you’re fishing from the same pond everyone else is,” Fitzgerald said. “Brand is what will make that performance spend more efficiently and effectively over time.”

“Brand is what will make that performance spend more efficiently and effectively over time.”

This matters even more in a world where nearly 75% of CMOs flagged AI replacing traditional search as the biggest GTM shift of the next two to three years. Today, around 70% of Google searches are zero-click. Buyers are doing discovery, evaluation, and meeting prep through AI before they talk to a single human. If your content isn’t optimized for that, you may not even be in the consideration set.

PR investment is growing

Despite still being largely reactive and ad hoc across the portfolio, PR investment is growing, and top performers are leading that charge. They’re less likely to staff it in-house, and more likely to work with full-service agencies that have genuine journalist relationships. As tech media has contracted, those relationships matter more than ever.

Note: For illustrative purposes only.

 

The generative engine optimization (GEO) connection is direct. AI search algorithms are gaining significant press coverage and third-party citations. Companies with strong PR footprints are more likely to show up in AI-generated answers.

Several CMOs on the call shared early proof points: One ran eight press releases over six weeks and saw a meaningful bump in answer engine optimization (AEO) and GEO as a result. Another paired a quarterly consumer sentiment survey with Cotality’s* first-party data to fuel a robust pitch calendar — and it’s showing up in search results.

Top performers are doing less

Perhaps the most counterintuitive finding in the survey: Top performers are running simpler operations, not more complex ones.

Note: For illustrative purposes only

 

On planning cadence, top performers generally stick to annual plans and quarterly re-forecasts. Average companies are more likely to be doing rolling quarterly objectives and key results (OKRs). “If a lot of your strategy is dictated by building something over the course of the year, pivoting away from it every three months can be detrimental,” Zaloom noted.

On attribution, 60% of top performers use first- or last-touch models. The more a portfolio company debates attribution, the worse the outcomes tend to be.

On lead scoring, top performers are the least likely to have a formal methodology at all, while average companies are more likely to be running advanced AI-based scoring. Simple rules of the road, well understood by both teams, outperform complexity that no one can agree on.

On inbound routing, top performers rely on basic segmentation logic. Enterprise leads go to account executives; SMB leads go to SDRs. Average companies are more likely to funnel leads into nurture streams that rarely convert.

Complexity doesn’t produce better outcomes when it creates friction, misalignment, or debates that eat more time than the process saves.


*Editor’s Note: Insight Partners has invested in companies including Anthropic, Cotality, and OpenAI. For a full list of portfolio companies, visit insightpartners.com/portfolio.

The post What top-performing CMOs say about success in 2026 appeared first on Insight Partners.

]]>