More than a decade ago, I spent two years in a presales role, installing and integrating a complex enterprise product inside banks, government agencies, and infrastructure operators, then watching how they used it after deployment.
I kept seeing the same gap between capability and action: the data and tooling existed, but knowledge lived in disconnected systems. Leaders had what they needed to make better decisions, but extracting the right information meant navigating platforms that didn’t talk to each other. The gap wasn’t in features. It was in architecture.
That experience—and 15 years spent deliberately moving across development, product management, and R&D leadership—still shapes how I evaluate security platforms. It’s also why I think much of the industry’s current approach to AI is headed for disappointment.
A growing number of vendors are building AI-native from the ground up, and that’s the right instinct. But many established players are taking a different path: adding AI to platforms that were never designed to support it. The initial results can look promising: a faster summary, a cleaner alert. But the architecture underneath hasn’t changed, and when the complexity of real-world threats exceeds what a single tool can reason about, that foundation becomes the constraint.
AI Added to the Wrong Architecture
Most legacy security platforms were built on a simple premise: tools collect the data, humans perform the reasoning. Over time, this produced sprawling stacks of specialized software stitched together through integrations and workarounds. Adding AI to that foundation doesn’t solve fragmentation—it adds another silo to it.
You can see the effect at any major security conference. Buyers move through hundreds of vendors promoting AI capabilities and often leave without a clear answer to the question that matters: will this change how my team operates, or is it just a better-sounding version of what we already have?
The technology is real, but the tools remain isolated. CISOs now have no shortage of AI features, yet analysts still juggle dashboards and copy context between workflows. In most cases, the AI summarizes reports or classifies alerts. That’s helpful, but incremental. It doesn’t reason across the full threat management lifecycle or connect detection to decision-making the way an experienced analyst would.
Consider the difference: when a bolted-on AI triages an alert, it can describe what happened. When an AI-native platform triages the same alert, it can cross-reference threat intelligence, assess exposure, check whether the organization has validated its defenses against that technique, and recommend a response—because the architecture lets those capabilities reason together rather than operate in parallel silos.
The Metric That Matters
Across every role I’ve held, two constraints have emerged: complexity left unaddressed early becomes permanent technical debt, and adding layers later rarely fixes structural problems.
We faced that reality when evaluating how to introduce AI into our own platform. Across thousands of deployments, we saw organizations ingesting hundreds of threat intelligence sources, generating enormous volumes of data, but still struggling to move from raw information to a defensive decision fast enough to improve their security posture. We rejected the incremental approach—adding AI features to existing products—because scattered capabilities inside a non-AI-native platform recreate the exact fragmentation customers are trying to escape.
The metric that mattered was time from signal to action: how quickly a security professional can move from raw data to a defensive decision. That number depends less on any individual AI feature and more on whether the underlying platform was designed to let those capabilities reason together.
The Architecture Question
When AI is layered onto disconnected systems, fragmentation grows. Each capability operates within the limits of its host tool rather than across the broader problem space.
Instead of evaluating which vendor lists the most AI features, ask which vendor’s underlying architecture allows AI to connect knowledge and action. Systems where agents hand work to one another, reason across the threat lifecycle, and surface decisions instead of raw data represent a fundamentally different approach.
Adding more AI to yesterday’s architecture will not close the gap between data and decision. It will widen it. The foundation has to change first, and the organizations that recognize this now will be the ones that move faster when it matters.
Click Here For The Original Source.
