The race to become the next CrowdStrike or Wiz in AI security is playing out this week at the RSAC Conference, the cybersecurity industry’s largest gathering.
Why it matters: A wave of AI-native upstarts in the cybersecurity space is piling pressure on incumbents to adapt through acquisitions and by building new capabilities
- “These vendors are very aware now that they need to adapt because if they don’t, these smaller, AI-native companies have a very unique window where they can really penetrate the market,” Dimitri Zabelin, a senior investment research analyst at PitchBook, told Axios.
The big picture: Wiz and CrowdStrike became breakout cybersecurity players by quickly owning emerging technology shifts — cloud for Wiz and endpoint detection for CrowdStrike.
- Now, cybersecurity CEOs say they’re feeling pressure to keep up and are arriving at RSAC looking for acquisition targets and ideas to build internally.
Driving the news: Customers will spend the week at RSAC comparing notes on which vendors are best at defending against the AI-driven threats they’re already facing, Hugh Thompson, executive chairman of RSAC, told Axios.
- “You’re going to see a lot of these companies have to respond at a speed that they really haven’t had [to before],” he added.
Threat level: Legacy vendors and emerging startups are up against a fast-changing landscape.
- Some customers are building AI-powered security operations centers in-house instead of outsourcing to vendors.
- Others are shifting portions of their cybersecurity spending to smaller, AI-focused vendors.
- At the same time, Anthropic and OpenAI are exploring agentic cybersecurity products built on top of their existing code security platforms.
By the numbers: In the last quarter of 2025, deals involving security orchestration, automation and response (SOAR) — or tools that identify and respond to threats like phishing and data exfiltration — grew 76.5%, according to PitchBook.
- In 2025, half of all cybersecurity deals involved AI-native startups, per PitchBook.
Zoom in: Rubrik CEO Bipul Sinha told Axios the cybersecurity market “as we know it is dead.” The most successful vendors will be those that reimagine their products as AI-native, not just AI-enhanced, he said.
- Earlier this year, Rubrik made its Agent Cloud generally available, offering tools to manage and control AI agents on systems.
- “If the company has culture of change, adaptability, innovation — that’s the company that will survive,” Sinha said.
Reality check: While some legacy vendors are adapting, others are failing to grasp the shift, including its implications for the workforce, analysts told Axios.
- “There is still a lot of head in the sand for the reality of the situation and a lot of marketing as well,” Jeff Pollard, vice president and principal analyst at Forrester, told Axios.
- Many large companies are unlikely to quickly abandon long-standing security vendors in favor of early-stage AI startups.
What to watch: The list of winners from RSAC’s Innovation Sandbox, the conference’s flagship startup pitch competition, as a signal for where market demand is heading.
Go deeper: OpenAI unveils Codex Security to automate code security reviews
Get more tech news in your inbox with Axios Login.