Cyber Builders 2025: Agentic AI, Boldness Gaps, and the Future of Security
Agents got real. Europe still blinked. The grid cracked. Web3 went mainstream. Security’s future won’t look like its past.
Hello Cyber Builders 🖖
With 2025 wrapping up, here’s a look back at what I covered this year. I know newsletters are supposed to focus on a few topics and go deep, but on Cyber Builders, I went the other way, exploring a range of themes.
Agentic Transformation: The industry is moving from passive assistants to active, autonomous agents. This shift means reliability and better user experience matter more than ever. I also rolled out my own framework, HAEGID, to help make sense of it.
Cybersecurity Market: I covered the 12 leading platforms shaping the market. When Gartner has 50+ acronyms (honestly, I stopped counting!), I tried to provide a comprehensive categorization of cybersecurity products.
Economic Divergence: I looked at the 'Boldness Gap'—why Europe lags behind Israel and the US in taking risks and investing big.
New Security Debt: 'Vibe Coding' is on the rise, and so are the risks from AI-generated code. This means we need to rethink how we do Application Security.
OT Security Difference: From my personal experience of the grid’s fragility to the looming shadow of nation-state threats and the expanding risks of our smart-energy transition, I mapped out why securing our power infrastructure is the most critical challenge for today's cyber builders.
Web3 Maturity: I’ve analyzed how crypto has graduated from a niche experiment to a foundational global utility, while simultaneously arguing that our security focus must shift from protecting hardware to safeguarding human identity in an AI-driven world.
Let’s dig into each of these topics.
This is a long newsletter, you better read it only, as the email is probably truncated ! Visit: https://cyberbuilders.substack.com/p/2025-wrap-up
The Agentic Shift and the Reliability “Crisis”
A big focus for me in 2025 was watching AI shift from passive helper to active agent. The cybersecurity industry needs new ways to build trust in these systems.
The Reliability Gap
Back in May, I pushed back against the industry’s focus on model power in my post 'Stop Catching Up: What Agentic AI Can Fix in Cybersecurity.' My take: building agents in 2025 is really about reliability and user experience, not just the AI itself.
Here’s why I think that:
Deterministic Requirement: Cybersecurity is often black-and-white—a vulnerability is confirmed or not, a patch is applied or not. But generative AI works in probabilities, not certainties.
Trust Deficit: Co-Pilots (where a human is in the loop) can make mistakes because someone is there to catch them. Agents (no human in the loop) can’t. Once an agent can change production or block users, mistakes aren’t an option.
UX as the Differentiator: The real winners won’t be the ones with the most innovative models—those are becoming a commodity. It’ll be the teams who build the best guardrails, validation, and user interfaces so people can actually trust what the agent does.
Bonus: my review of DARPA Grand Challenge of AI & Cybersecurity
The “Maturity Moment”: Claude 4.5 and Context Engineering
In October, I called the release of Claude 4.5 a 'Maturity Moment.' Instead of just looking at benchmarks, I focused on what 'Context Engineering' means for the field.
Claude 4.5 stood out because it could manage its own context and work well with tools. That matters in cybersecurity, where you often need to process large volumes of logs and reports at once. Now, AI can finally treat cyber defense as a core use case, not just an afterthought. The real challenge is giving the model the correct data and tools, not just clever prompts.
The HAEGID Framework
In November, I laid out my view on AI in security with the HAEGID Framework. The acronym is explained throughout, but here are the six main pillars I see as key to understanding AI’s impact.
I put this framework together to make sense of how AI shows up in security products. It’s designed to cut through the AI Hangover and offer a straightforward way to see what really matters.
Humanize: Use tailored training and real-time prompts to empower your team’s defenses.
Assist: Help analysts become faster and more accurate with their tools from the start.
Enrich: Automatically gather context for alerts so analysts see the whole picture immediately.
Guide: Turn noisy data into clear incidents, steering teams toward correct action.
Intervene: Enable rapid, coordinated responses across all security tools.
Defend: Proactively hunt for threats and strengthen your defenses early.
My view: feature-based AI is done. Adding 'Summarize this alert' isn’t enough now. Products need to be built around the HAEGID principles to last.
The 12 Cybersecurity Platforms
In 2025, I took on my biggest analytical project yet: mapping out 12 cybersecurity platforms. It kicked off in the spring with my most-read post of the year.
I also wrote several deep dives on these platforms, including 'AI is Reshaping The 12 Cybersecurity Platforms.'
Economic & Geopolitical Landscape
Israel’s $4 Billion Lesson
In January 2025, I wrote a data-driven breakdown of the Israeli cybersecurity sector, titled “Israel’s Cyber Strength: $4B Raised in 2024— and Counting.” This analysis went beyond simple fundraising statistics to investigate the ecosystem's structural resilience. Despite significant geopolitical instability and regional conflict, the Israeli cyber sector demonstrated an uncanny ability to attract global capital.
The analysis identified three “Key Drivers” behind this thriving ecosystem:
The Military-Industrial Feedback Loop: The report highlighted the enduring relevance of units like 8200, which act not just as technical training grounds but as incubators for “offensive” thinking. This mindset—understanding the attacker’s perspective—is baked into the product DNA from day one. It also offers time to build mature technologies and skill sets before launching fast-growing ventures.
Global-First Orientation: Unlike many European startups that focus on capturing their domestic market first (e.g., France, Germany), Israeli startups are structurally forced to ignore their small domestic market and target the US Global 2000 immediately. This necessitates a level of product maturity and sales & marketing intensity that European peers delay.
Capital Recycling and Mentorship: The presence of second and third-time founders who reinvest both capital and operational wisdom creates a compounding effect.
I see Israel as the most mature cybersecurity ecosystem in the world, and something too often overlooked, the most competitive one.
Europe’s Dilemma: Talent Without Risk
In contrast, I authored the post “Cybersecurity in Europe: The Talent Is There—Where’s the Boldness?” as a wake-up call for Europe. I emphasized that the region faces a “fragmentation of ambition' and clarified that the “Investment Gap” I mentioned is not just about the amount of capital but its quality.
Furthermore, the analysis touched upon the regulatory environment, specifically the European Cyber Resiliency Act (CRA). While the blog acknowledged the CRA’s positive intent—mandating security-by-design and engineering standards—it also highlighted the risk of “Regulatory Drag.” Regulation indeed establishes a baseline of trust, but it cannot act as a substitute for innovation.
There is a palpable tension between the European instinct to regulate AI and cyber tools and the American/Israeli instinct to build them. Without a shift in investor mindset—bridging the gap between “Scaling Faster” and “Competing Globally”—Europe risks becoming a consumer of cybersecurity rather than a producer.
The Builder’s Playbook – AppSec and The “Vibe Coding” Crisis
The New Security Debt
While much of the industry celebrated the productivity gains of AI coding assistants (like GitHub Co-pilot or Cursor), Cyber Builders focused on the dark underbelly of this trend. In July 2025, I introduced concepts like “Vibe Coding” and the exponential growth of Security Debt.
In a collaboration on the “Hidden cost” of AI, I highlighted a staggering statistic: “Among YC startups in 2025, 95% of their code is reportedly generated by AI.”
Definition: “Vibe Coding” is a development style in which creators use AI to generate code based on a high-level “vibe” or intent, often without fully understanding the underlying syntax or security implications.
The Problem: “Creativity Accelerates Insecurity.” The friction of writing code used to be a natural throttle on the creation of vulnerabilities. With that friction removed, the volume of code—and thus the volume of vulnerabilities—explodes. The blog argues that this leads to “invisible liabilities” that accumulate faster than any human security team can audit.
“Application Security - AI Won’t Save You.” In 2025, AppSec teams must own the basics, slash security debt, and build security in collaboration with the dev team.
Scanners generate noise. If you have an AI coding bot generating 10x the code, and an AI security scanner generating 10x the alerts, you have scaled the chaos by 10x. You have not solved the problem.
OT & Industrial Security is the cornerstone of our society
I’ve been diving deep into the digital nerves of our society: the power grid. It’s a topic that is often invisible until it’s gone, and through three interconnected articles, I’ve tried to map out why the stakes for “Cyber Builders” have never been higher.
The Wake-Up Call: From Abstract to Absolute
I started by sharing a personal story in When the Lights Went Out. It’s easy to talk about “infrastructure security” in a boardroom, but everything changes when the lights actually flicker and die. For me, experiencing a blackout firsthand wasn’t just a minor inconvenience; it was a stark reminder of our total, fragile dependency on the flow of electrons. It turned a technical challenge into a human one. I realized that as we build the next generation of digital tools, we aren’t just protecting data—we are protecting the warmth in our homes and the safety of our streets.
The Invisible Frontline: Why the Grid is the Ultimate Target
Even though a cyberattack did not cause the Spanish blackout, I examined various cyber threats to power grids. In Gridlocked, I explored the cold reality of modern geopolitics. Power grids have become the ultimate “crown jewels” for nation-state actors. Whether it’s the shadow of Sandworm or the stealthy pre-positioning of groups like Volt Typhoon, the goal has shifted. It’s no longer just about immediate disruption; it’s about strategic leverage. I argued that the grid is now a digital battlefield where “living off the land” techniques allow adversaries to hide in plain sight, waiting for the moment when a flick of a switch can achieve more than a physical strike ever could.
The Paradox of Progress: Smart Grids, New Risks
Finally, I looked toward the future in When the Grid Gets Smart, the Threat.... We are currently in the middle of a massive energy transition. We need “smart” grids to manage renewables, electric vehicles, and distributed energy.
But here is the paradox I’ve been wrestling with: every “smart” device—every connected solar inverter and EV charger—is a new door for an attacker. By decentralizing our energy, we are exponentially expanding our attack surface. We are moving from a world of a few massive targets to a world of millions of tiny ones, and our security models haven’t yet caught up to this “Edge” reality.
Web3 and Proof of Human are part of the future of cybersecurity
Lastly, this December, I’ve been looking at how the very nature of digital trust is shifting beneath our feet, moving from specialized technical problems to the foundational pillars of our daily lives.
First, I took a hard look at the state of decentralized economy and technologies in 2025: Crypto Isn’t Niche Anymore. For years, we’ve treated blockchain as a side quest or a speculative bubble, but we’ve reached a tipping point where it has become essential infrastructure. Whether through stablecoins acting as global payment rails or the tokenization of real-world assets, crypto is no longer a playground for the few—it is the new plumbing for a more transparent and efficient global economy.
This evolution of infrastructure brought me to an even deeper question: how do we protect the people using it? In my conversation with Adrian Ludwig, From Securing Devices to Securing Humanity, we discussed a fundamental shift in the cybersecurity mission. In an era where AI can mimic almost any digital footprint, simply “securing the digital layers (device, software, cloud, network)” is no longer enough. We are entering an age where our primary challenge is verifying our very humanity through new primitives like “Proof of Human,” ensuring that the digital world remains a space built for and by people, rather than a sea of automated deception.
Conclusion
As 2025 draws to a close, one thing stands out: the future of cybersecurity will be shaped by those willing to rethink how we defend an automated, hyper-connected world. From agentic AI and the 12 security platforms to OT resilience, Web3, and Proof of Human, the stakes have never been higher—and neither have the opportunities.
Thanks for being part of Cyber Builders this year. If these ideas connect with you, stick around—2026 is when we start making more of them real.
Laurent 💚