Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe below for weekly updates!

Howdy! 👋🏼 I’m just getting back up to speed after spending some time in the desert for Hacker Summer Camp. What. A. Week!

Tons of meetings and events on the Monad and TCP front. I even hosted my first event ever. In true Darwin fashion, I figured why not try hosting 2 events within 12 hours and see what happens 🤷🏽‍♂️

Luckily, it all went well. We (Monad x TCP) hosted a SecOps Sunset Social at 550ft above the Vegas Skyline followed by a 730am workout at the Dragon’s Lair with Code Red Partners.

A couple other personal highlights were:

• Gifting TCP swag and seeing people wear it in the coming days

• Crushing a 2hr workout w/ an influential figure in my life, Dr. Yonesy Nuñez

• Getting to hang w/ part of my Security Weekly fam

• The 3rd annual Miscreants Korean BBQ dinner

• Catching up w/ friends I had not seen in 5+ years

• Being back at DEF CON after 2 yrs off. Hard not to leave inspired from there

  • DEF CON > Black Hat… Highly recommend attending if you haven’t already.

Here are some of my fav shots from the week ⬇️

I'll have two posts this week. This one's a personal recap with my top takeaways while Thursday's will be a traditional TCP drop covering the biggest announcements from last week.

⚠️The Shadow AI Problem Is Worse Than You Think⚠️

Shadow AI is spreading faster than security teams can track it. Reco's State of Shadow AI Report reveals the uncomfortable truth after analyzing 55K+ apps across 50+ enterprises for over a year.

Get the report to see what's really happening with unsanctioned AI tools in your environment.

Why it matters: IBM recently found Shadow AI breaches add $670K in costs🤯

👉 Download Your Copy

TL;DR 📚

I had at least 100 chats w. practitioners, leaders, investors, and presenters this past week, below are my key takeaways:

1. AI Security: Teams are scrambling to understand agent-to-agent interactions, shadow AI, and new attack surfaces. Someone even said MCP security is like swiss cheese and feels like 1998 all over again 🧀

2. SIEM Fatigue: Security leaders are not satisfied with the current state of SIEMs that still take hours to run queries and drain their budgets, while their best talent does manual work on maintenance, standardization, and compliance.

3. AI in the SOC: Finally moving beyond the hype with real use cases in production. Not hearing any folks trusting it for building detections e2e, IR + containment, or other mission-critical tasks.

4. Messaging Matters: Simple vendor messaging wins over jargon soup every time. You want to ‘wow’ security teams with your product. Your messaging should act as a hook for your core ICP (Ideal Customer Profile).

5. Trust Networks: Peer recommendations and trusted voices now matter more than vendor websites in how security tools actually get bought.

Main Takeaways

1. AI Security Is the Elephant in Many Rooms

Whether it's Agentic AI, Shadow AI, LLM security, or anything in between, security teams are struggling to wrap their arms (and brains) around it. The challenge is multi-pronged as there are many variables at play here including:

• Understanding how different AI systems and protocols work + how to secure them

• Enterprise AI governance (i.e., Shadow AI) + security culture

• New unknown unknowns

  • One prime example is agent-to-agent interactions and delegated activity. This introduces new attack surface + impacts traditional threat models

I attended a 1Password panel with David Lewis (advisory CISO), Wendy Nather (Legend), Anand Srinivas (VP of Product) and Joseph Carson (enterprise security leader). Here are some key highlights from the chat:

• “MCP security is like swiss cheese. It's like 1998 again” - Attendee

• "AI is like the accelerator mushroom🍄 in Mario Kart. If you have no handles or control, it doesn't matter how fast you go, you will crash." - Joseph Carson

• "AI is like a toddler you need to consistently monitor." - Wendy Nather

• Delegated access to agents is a massive issue

• We're repeating a lot of old patterns and mistakes

• Agents should be able to exchange security context with each other.

  • At the surface, this makes a ton of sense. I’m too green on agentic security to know what it’d look like in a practical sense.

AI security came up plenty throughout the week. The rate of adoption is simply outpacing both understanding and security controls.

I haven’t been able to fully dig into it yet, but this is an Agentic AI Security guide authored by CISOs, practitioners, and two vendors at the forefront of AI security: https://secureaiguide.com/

When you pair recent news w/ the above context, it makes sense why Palo Alto Networks acquired Protect AI, SentinelOne acquired Prompt Security, and why Noma was able to raise a $100M Series B. AI security is scorching hot and it’s a top concern.

2. SIEM Fatigue Is Real and There’s a Fog Over The Future of SecOps

Many security leaders I spoke with are not satisfied with their SecOps situation. All the consolidation in the space paired with emerging novel approaches have created this weird fog where they realize the inefficiencies with the traditional SOC model, but they’re still trying to piece together what the best path forward is.

SIEM costs are still high. Some queries still take hours or even days to run. Data volumes (and sources) keep growing. Emerging SIEMs repeat same mistakes as traditional SIEMs (hence why teams are churning from next-gen SIEM tools). SOAR + AI SOC tools helps ease the triage thrash, but at what cost?

Lots is still in flux. Obviously, there’s no one size fits all, but many leaders are still tinkering with the most optimal set ups for their SOC.

Here’s a recent LinkedIn post that captures the current discourse 🤷🏽‍♂️

3. AI in the SOC Is Getting More Traction

The DEF CON Blue Team Village Q+A, Doom and Gloom: Answer Your SOC Questions and the Implementing AI in Security Teams: Lessons from the Trenches panel both highlighted a key shift from 2024 to 2025. SOC teams are increasingly using AI/ML for practical use cases like:

• Natural language queries for investigations

• Summarizing long-running investigations. Super helpful when context switching or on days-long investigations.

• Detection rule translations between platforms

• Streamlining triage

Some folks in the audience mentioned they’ve built their own agents or small language models while seemingly most were using the AI capabilities that their vendors provide.

Side note: The "agentic AI replacing humans" narrative is BS and that came through loud and clear. Without automation, SOC teams feel like they’re fighting w/ one hand behind their back and AI helps them have both hands to put up a good fight.

It doesn’t seem like teams are trusting AI for the more mission-critical stuff like writing + fine-tuning detections, incident response + containment etc. There are several reasons for this which we could probably dissect at some later time.

4. Clear Messaging Matters (and Some Are Failing at It)

Walking the expo floor, I was disappointed, but not surprised, by how many booths still have confusing, jargon-heavy messaging. What’s the point of paying 10s or 100s of thousands for a booth if your messaging doesn’t pull people in?

The vendors who stood out kept it simple and clearly stated the problem(s) they solve (i.e., Agentic Vulnerability Management, Extended Access Management, Dynamic SaaS Security).

Buyers need to know what bucket(s) to put a vendor in based on security domains and challenges they’re facing. The "AI-powered, cloud-native, zero-trust enabling, quantum-resistant” type jargon only muddies the messaging. That stuff should be secondary or tertiary, not in the top line.

5. The Role of Trusted Voices in Security Marketing, Selling, and Buying

Putting this one last since it might seem self-serving, but the shift is undeniable. Content creators and influencers have become a key indicator and marker for security leaders and vendors. Authentic voices with real audiences cut through in ways traditional marketing can't.

One CISO even told me that he rarely cares about the vendor’s site copy (“fluff”). He cares more what his peers and trusted names in the industry think about the solution and vendor.

Conclusion

This was one of my favorite hacker summer camps. Already looking forward to the next one!

See you on Thursday for a traditional TCP weekly issue recapping all the madness from the vendor side! 👋🏽