Cybersecurity's Future Belongs to Startups
https://nfx.com/post/cybersecurity-belongs-to-startups-
Security battleground shifted from OS layer to app layer — startups win.
- Apps are now ecosystems: packages, plugins, AI models, extensions.
- Incumbents anchored to legacy architectures and past-threat solutions.
-
Five threat eras: floppy viruses → worms → email → cloud → app layer.
- Each era spawned the dominant vendor of that era (McAfee, Palo Alto, Wiz).
-
Structural startup edge: build for current threats, not past ones.
- No coordination overhead, modern talent, trust via demonstrated vulnerability.
-
Koi hit $1M ARR faster than Wiz, Snyk, Vanta, Figma, Loom.
- Published fake VSCode extension “Darcula Official” — infected 300+ orgs in a week.
- Exposed: orgs have zero visibility into software their teams install.
- Long-term defensibility requires network effects, brand, deep product embedding.
- Eternal arms race: every software innovation = new attack surface = new startup opportunity.
X discourse
- @chooserich: “If large software companies don’t pay Anthropic for their new cybersecurity model THERE IS AN 85% CHANCE THEY WILL BE HA” (521 likes)
- @BucknSF: “all of cyber seems like a massive long…disruptive startups not going to ramp to distribution before CISOs ramp to pani” (307 likes)
- @saxena_puru: “Incumbents in infrastructure software and cybersecurity will benefit from AI. They have deep pockets, enterprise custome” (307 likes)
- @ZaiforStartups: “for startups, this isn’t something to fix later. Security has to be built in from day one.” (265 likes)
- @elipsman: “The innovation almost always comes from startups. The incumbents acquire it, repackage it, and sell it back two years la” (1 likes)
Gigi Levy-Weiss, General Partner at NFX · 2025-09-17 · Read on nfx.com
| Type | Link |
| Added | Sep 17, 2025 |
| Modified | Apr 17, 2026 |