Close Menu

    Subscribe to Updates

    Get the latest creative news from infofortech

    What's Hot

    3 Questions: Neural transparency and the future of AI design | MIT News

    July 16, 2026

    Apple now lets you pay for cellular iPads over 3 years, and it’s a sign of a pricey trend that won’t halt soon

    July 16, 2026

    How You Distill 80 Years of Marvel Comics Into Magic: The Gathering Cards

    July 15, 2026
    Facebook X (Twitter) Instagram
    InfoForTech
    • Home
    • Latest in Tech
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    Facebook X (Twitter) Instagram
    InfoForTech
    Home»Cybersecurity»Why AI Is Changing the Buy vs. Build Equation
    Cybersecurity

    Why AI Is Changing the Buy vs. Build Equation

    InfoForTechBy InfoForTechJuly 3, 2026No Comments7 Mins Read
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
    Why AI Is Changing the Buy vs. Build Equation
    Share
    Facebook Twitter LinkedIn Pinterest Telegram Email



    Hello Cyber Builders 🖖

    This past year, I have kept having the same conversation with founders, CISOs, security leaders, and investors.

    A question that once had an obvious answer is back:

    Should we buy this software, or should we build it ourselves?

    For most of the last twenty years, the answer was simple: buy.

    Building software was expensive. Running software was expensive. Maintaining software was expensive.

    Even a simple internal app needed several engineers, infrastructure experts, database skills, deployment, monitoring, security checks, and constant upkeep. The economics did not work.

    Now, that assumption needs to be questioned because the cost structure of software development has changed dramatically.

    Cybersecurity is one of the industries most affected.

    The combination of AI coding agents, agentic workflows, cloud-native platforms, open-source software, and API-first architectures has fundamentally changed the economics of software.

    Tools like Claude Code, Gemini AI Studio, and OpenAI Codex allow a single experienced engineer to produce work that previously required an entire team.

    But code generation is only part of the story. AI is increasingly handling front-end generation, backend development, database schema design, API integration, test creation, deployment, infrastructure configuration, and documentation.

    Every stage of software development is now much cheaper. Apps that once cost hundreds of thousands to build and run can now be built and run by a small team. Sometimes, one senior engineer with AI support is enough.

    Many founders have not yet realized the full impact.

    Building a System of Record is no longer a business.

    A classic MVC app with a database, some web forms, and a few reports? That is a weekend project now. Not a week. Not a sprint. Maybe even overnight.

    Think about the categories of cybersecurity products that are essentially well-organized databases with dashboards: asset inventories, GRC questionnaire tools, basic vulnerability trackers, compliance evidence collectors.

    These products took months to build and years to maintain. The complexity was the moat.

    Today, an AI agent can build the whole thing in an afternoon. The moat is gone before you even start your fundraising deck. This is not limited to software; look at science.

    Anthropic launched Claude Science — a platform that automates biology and chemistry research tasks: CRISPR screen design, protein structure prediction, experimental planning. Tasks that entire biotech companies were built around. The warning shot isn’t subtle.

    Martin Coulter from Sifted wrote: “The companies most exposed aren’t necessarily those doing the science itself, but those selling the computational labour around it.”

    Read that again, and replace “science” with “security.”

    In cybersecurity, the most exposed companies are not the ones doing deep security work. They are the ones selling dashboards, aggregators, or AI wrappers on top of someone else’s model.

    If AI giants turn hard knowledge work into a commodity, the edge moves to proprietary data, real-world execution, and expertise you cannot reduce to a prompt.

    Here is the hard truth for cybersecurity founders.

    Many cybersecurity categories emerged because solving a technical problem was genuinely difficult.

    Take endpoint security in 2015. Building an EDR required extraordinary expertise: kernel drivers, process interception, memory inspection, file system monitoring across multiple OS architectures. Simply collecting data was hard. The Blue Screen of Death was your daily companion as a kernel driver developer.

    Technical complexity was the moat.

    Now look at cloud security. Most products collect data through AWS, Azure, or Google Cloud APIs. The platforms already expose the data. You are not reverse engineering operating systems anymore. You are just using APIs.

    When the engineering challenge disappears, so does the moat.

    Before I go further, I need to address the obvious objection.

    “But Laurent — you just have to build AI into your product. AI changes everything.”

    No. That is not an answer. That is the wrong question.

    AI is not a strategy. It is not a moat. It does not replace having something worth building.

    All your competitors have access to the same foundation models. OpenAI, Anthropic, Google: same APIs, same capabilities, same pricing. If your only edge is ‘we use AI,’ you do not have an edge. You have a feature.

    It is a mistake to think that wrapping a product around an LLM is the same as building a real product. It is not.

    The challenge is no longer collecting data. The challenge is understanding it, prioritizing it, and driving action. The bottleneck is moving from collection to intelligence.

    Andreessen Horowitz recently described the transition from Systems of Record to Systems of Intelligence. I believe cybersecurity is entering exactly this transition.

    First generation — Systems of Record: asset inventories, vulnerability repositories, CMDBs, GRC platforms, ticketing systems. The value came from having the data.

    Second generation — Systems of Workflow: SOAR platforms, ServiceNow workflows, Jira integrations, incident response orchestration. The value came from routing tasks efficiently.

    Third generation — Systems of Intelligence: AI creates a layer where the problem is no longer data scarcity.

    Most security teams already have too many alerts, dashboards, findings, and tools. The real problem is deciding what to do.

    Security leaders increasingly need answers to: What should I fix first? Which risks matter? Which actions produce the largest reduction in risk? What can safely wait?

    The winners will not be the companies that collect the most data. They will be the ones that provide the best judgment.

    There are six categories where I believe durable cybersecurity companies can still be created — places where expertise, trust, and real-world complexity create moats that AI cannot simply erase overnight.

    Hardware and physical security. Network effects and practitioner communities. Deep tech and cryptography. Systems of intelligence. AI-native security services. And the new frontiers that don’t have names yet.

    I will cover each one in the next issues of CyberBuilders. If you want to make sure you don’t miss them, share this post with someone who is building security right now.

    Steve Jobs said it in 1997.

    “You’ve got to start with the customer experience and work backward to the technology. You can’t start with the technology and try to figure out where you’re going to try to sell it.”

    Most cybersecurity products are built forward. A team discovers a new technical capability, such as a detection technique, a new API query, or a clever use of an LLM. Then they look for a buyer.

    The result is products that are technically interesting but commercially irrelevant. Dashboards that security teams open once and forget. Alerts that no one knows how to act on.

    At CyGO, we build with the market, not for the market. We start with the problem the CISO is losing sleep over. We start with the workflow the analyst has to run ten times a day. We start with the question that never gets answered because the answer lives across seven different tools.

    Then we figure out the tech. It sounds obvious. It is almost never done.

    The best cybersecurity products were never built by committees running market surveys. They were built by people with a strong conviction about a specific problem — people who understood a threat model deeply enough to know what “correct” looks like, and cared enough to build it right before the market had the vocabulary to describe what they needed.

    AI is resetting the playing field. The cost of entry has collapsed. The window to define a new category is open.

    This is not a crisis. It is the best moment in a decade to build something that matters in cybersecurity — if you start with the right question.

    Not: Can we build this?

    But: What do we understand about this problem that nobody else does?

    That is where the next moats will be built.

    Laurent 💚

    Before you write your next product spec, watch this 3-minute clip from 1997 Apple WWDC.

    Jobs had just returned to Apple. The company was weeks from bankruptcy. He stood on stage and explained exactly why most technology companies get it backward.

    It is the most honest 3 minutes ever filmed about product strategy.

    ▶ Watch: Steve Jobs — “Start with the Customer Experience”

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    InfoForTech
    • Website

    Related Posts

    Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

    July 15, 2026

    Troy Hunt: Weekly Update 512: IoT Lockout Fail

    July 15, 2026

    Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

    July 15, 2026

    U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

    July 14, 2026

    CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

    July 13, 2026

    Rokarolla Android Malware, How to Protect Your Banking Apps

    July 13, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views

    This is the tech that makes Volvo’s latest EV a major step forward

    January 24, 202616 Views
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Advertisement
    About Us
    About Us

    Our mission is to deliver clear, reliable, and up-to-date information about the technologies shaping the modern world. We focus on breaking down complex topics into easy-to-understand insights for professionals, enthusiasts, and everyday readers alike.

    We're accepting new partnerships right now.

    Facebook X (Twitter) YouTube
    Most Popular

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

    March 20, 202638 Views

    Microsoft is bringing an AI helper to Xbox consoles

    March 14, 202618 Views

    Why Security Validation Is Becoming Agentic

    March 16, 202616 Views
    Categories
    • Artificial Intelligence
    • Cybersecurity
    • Innovation
    • Latest in Tech
    © 2026 All Rights Reserved InfoForTech.
    • Home
    • About Us
    • Contact Us
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.