“Today’s tools won’t survive”: Bitsight on cybersecurity paradoxes and AI adoption models

New tech is not just indistinguishable from magic - it's often seen as dangerous voodoo to be feared and shunned. More than 15 years ago, Bitsight threat intelligence chief Gabi Reish witnessed this reaction first-hand during a visit to a German bank.

Back then, this risk-averse, highly regulated organisation was grappling with a technology we're now familiar with. Now many businesses are doing the same with an even more transformative technology: AI. If you've lived through other revolutions, the result is easy to predict

"When I visited that bank in 2010, it told me: 'We don’t allow employees to browse the web - it's just too dangerous,'" Reish recalls in a video call with Machine.

The lesson is clear. First, we fear innovations. Then we tumble headfirst over ourselves to adopt them. Finally, we pick a few of our favoured tools and reject all the rubbish that emerged during that frothy, hyperbolic stage of the hype cycle.

Reish - a 20-year security veteran - has a neat four-stage formulation of this adoption process, which he's seen unfold during a high-flying career involving nine years as VP Product Management & Product Marketing at Checkpoint, before landing at the dark web intelligence platform Cybersixgill. After Bitsight acquired the firm in December 2024, he became its VP of Product, Threat Intelligence & Exposure Management.

He says: "Every time there’s a tech revolution - mobile, cloud and now AI - it transforms the way we operate. With each wave, I see four stages.

"The first is rejection. Practitioners say: 'don’t use it'. Mobile wasn’t allowed in offices, for instance. The cloud was 'too risky'. AI is 'uncontrollable'.

"This is followed by forced adaptation. We try to use old tools in the new context. We force network security tools into the cloud, and it doesn’t work.

"Then it's a tool explosion. That involves a flood of new tools purpose-built for the new tech emerging. We saw this with mobile and cloud, and now with AI.

"Finally, it's consolidation. Out of the flood, only a few tools survive. The rest fade or get acquired."

From hype to reality

Right now, we're in the middle of the transition from stage two to three, according to Reish's analysis. What this means is that enterprises are experimenting with a vast array of new tools, most of which will be ditched in the next stage of the cycle.

"Gartner says cybersecurity typically accounts for about 3-5% of the IT budget," he continues. "From an insurance perspective, people keep buying more tools. Think of it like an orchestra where everyone is playing without a conductor. That’s what’s happening in cybersecurity.

"Threat actors take advantage of this. Every time something new appears, we buy a new tool, but it’s not integrated or tuned. Two years later, we buy another.

"Every cybersecurity event today features AI: new tools, new methods. But many of today’s AI security tools won’t survive."

And all those defunct tools mean wasted money for enterprises as well as problems for the vendors who make them.

"What’s happening in this industry - and AI is a different conversation - is that many of the tools we’re buying and acquiring today are completely underutilised," Reish warns. "Statistics show a standard enterprise has between 40 and 80 different security tools. These tools may start highly tuned, but over time, they become underutilised, outdated, and inefficient."

Plus ça change, plus c'est la même chose

The long view afforded by two decades in security has given Reish a unique view of the metatrends shaping the industry and threat landscape.

In many ways, the dangers today are the same as they were five years ago, he explains. Ransomware "stands out" still, for example, although it's certainly becoming more sophisticated.

"When we used to think of ransomware, we pictured someone locking family photos on a laptop - but that’s not the case anymore," Reish tells us. "Now it’s about extortion and exposing sensitive data. It’s completely different.

"Ransomware today is often sponsored and supported by well-equipped, organised criminal groups. When these groups see an opportunity, like any other entity, they exploit it - because there’s always a financial incentive. Otherwise, they wouldn’t be involved. In many cases, state-sponsored actors are also part of it.

"These are trends - maybe AI is a newer one - but if you’d asked me five years ago, I’d say the same things: ransomware is rising, sophistication is increasing, and attackers are getting better."

He also highlights supply chain attacks and the security of third-party software as a "significant issue" for businesses, with the risk highlighted brutally by Log4j and the MOVEit vulnerability.

A widescreen view of the threat landscape

Flash back further and the roots of today's trends can also be clearly observed.

"During every conversation over the past 15 years, I would start by saying that the cyber war is raging and there’s more sophistication every year,' he says.

"That’s still true. What’s amazing is that, despite all the significant investments in cybersecurity - think about how much is spent on prevention tools - cyberattacks are still growing. So something is clearly going wrong. It’s a paradox: the more you spend, the more attacks happen."

Various versions of this contradiction between investment and threat level lie at the heart of security, Reish has found during his two decades in the sector. However, this is far from the only security paradox he has encountered.

During presentations, the threat intel leader uses a slide which says: "The more you have, the less you know."

In other words: the larger the organisation, the less chance it has of understanding its systems, let alone protecting them.

"It’s a simple concept," Reish explains. "I’m dumping all this data on a customer, and the more data I dump, the less they know - unless they want to know. If you overwhelm customers with data, it’s hard for them to see through it. Sometimes, they even prefer not to receive the data because they don’t want to be liable for information they don’t know how to act on.

"That happens. Big enterprises say: 'Don’t tell me something I’ll be liable for.' Sometimes, they prefer not to know."

Escalating risk in the AI era

What's different about 2025 and the next few years is the rise of AI, both as a key part of enterprise defences and as an enabler of lower-cost attacks requiring less skill to launch, lowering the barrier of entry for would-be cybercriminals.

"AI isn’t just helping bad actors," Reish concludes. "There’s more rumour and noise than reality about how AI is used by attackers. The idea of an ultimate, impenetrable AI-driven weapon doesn’t exist - at least not yet.

"On the defence side, generative AI is giving us capabilities we didn’t have before: better correlation, better data extraction, and the ability to work with massive datasets. It’s easier to pinpoint threat actors and link them to TTPs ( Tactics, Techniques, and Procedures).

"So, going back to the paradox: it’s always a chase. We’ll always be a step behind because we’re still adapting while attackers are already in later stages - using the gaps while we’re still figuring out how to close them."

Have you got a story or insights to share? Get in touch and let us know. 

Follow Machine on X, BlueSky and LinkedIn