Become a member of the event that is trusted by business leaders for almost two decades. VB Transform brings together the people who build the real Enterprise AI strategy. Leather
Note of the editors: Louis will lead an editorial round table this month on this subject on VB transformation. Register today.
Open-source AI is the future of cyber security innovation, the consistent demolition of barriers and delivering results. Its impact includes Agile startups to Cisco‘s Foundation SEC-8B model, which has been downloaded more than 18,000 times since the launch in just the last month and more than 40,000 times.
Venturebeat sees the trend speeding up, especially in cyber security startups that bring a new level of intensity to convert route maps into income-producing products. Based on months of interviews with startup founders, Open-Source AI is now indispensable for them and their teams when it comes to fast concepts to complete, shipable code.
The recently announced partnership of Databricks with NOMA Security shows how startups that use open-source AI quickly disrupt aging cyber security providers by achieving accelerated time-to-market and substantial operational maturity. Cisos President and Chief Product Officer Jeetu Patel spoke with the critical shift on RSAC 2025: “AI is fundamentally changing everything, and cyber security is the core of all this. We no longer have to deal with threats on a human scale; these attacks take place on a machine scale.”
The many interviews of Venturebeat with leaders of the cyber security industry, in particular founders, reveal that Open-Source AI is essential to enable companies to tighten their focus on important unfulfilled needs on the broad basis of business perspectives that they successfully change in customers. While open-source AI and the wider software industry stimulate unprecedented levels of new enterprise and innovation, they also feed a growing paradox that includes security, compliance and income.
Venturebeat continues to see successful cyber security startups that navigate and discover new strengths in their apps, tools and platforms that were not expected when they were first made and delivered.
The best guided startups can quickly take advantage of these unforeseen strengths and apply a more disciplined and deliberate management approach, so that the long -term benefits of that strategy are recognized. They are also faster in accepting as much automation as possible. The most impressive thing is how they consider themselves for decades to build communities, all based on the ability to run the product strategy on open source.
The Open Source Paradox Decoding
The ability of Open-source AI to act as an innovation catalyst has been proven. What is unknown is the disadvantage of whether the paradox that is made with the total focus on performance and the ubiquity of platform development and support. In the center of the paradox for every company building with open-source AI, the need to keep it open to fuel innovation, but to get control of security vulnerabilities and the complexity of compliance.
Gartner’s Hype cycle for open-source software, 2024“ Emphasizes this grim contrary and notes that high-risk vulnerabilities within open-source code bases died 26% annually and NOW on average almost three years before resolution.
On RSAC 2025, Diana Kelly, CTO of Protect AI, crystallized the bet during her session entitled Principles of Genai Security: Foundations for Building Security in. She said that “organizations download routine open-source AI models without sufficient security controls, which significantly reinforces the risks for vulnerability.”
Regular compliance becomes more complex and more expensive and further feeds the paradox. However, StartUp founders say VentureBeat says that the high costs of compliance can be compensated by the data that generate their systems.
They quickly point out that they are not planning to provide solutions for governance, risks and compliance (GRC); However, their apps and platforms meet the needs of companies in this area, especially throughout Europe. With enforcement of the Eu AI trade on my hands” Fast security CEO Itamar Golan emphasized the urgency of embedding compliance with the strategic core during an interview that was completed earlier this year with Venturebeat. “EU AI Act, for example, his enforcement begins in February, and the pace of enforcement and fines is much higher and aggressive than AVG. From our perspective we want to help organizations navigate those frameworks, so that they are aware of the available tools available to use AI Safe and to point them to the Riskoniveaus.”
Golan further explained: “A very large part of the current cyber security market is only derived from GDPR, and as I see it, the AI regulation will be much more aggressive than GDPR. It is very rational that around 2028 a very large market will be assigned to AI -Naleving.”
Almost every founder of the CyberSecurity Startup Venturebeat has interviewed over the past five years in the past five years, stating how contributing to the open-source community is the core of the company that they create. Many strive to make this one of the core elements of their business DNA.
The most successful startups of CyberSecurity realize that the provision of continuous, important contributions to open-source communities builds up sustainable competitiveness and leadership in industry. Cisco’s Foundation-SEC-8B model illustrates how targeted, specially built cyber security tools significantly improve the general resilience of the community. The Foundation-SEC-8B model has been downloaded 18,278 times in the last 30 days alone, according to his page on Cuddle face. Foundation SEC-8B is a parameter model of 8 billion that can be refined for specific use cases, including threat detection and car remediation.
Meta’s AI Defenders Suite and the cores of Project Discovery further illustrate how targeted open-source contribute considerably the ecosystem security and industrial cooperation improve.
NIV Braun, co-founder and CEO of Noma protectionStrengthened the crucial importance of sustainable strategies for building communities during a recent interview, and Venturebeat said: “The community we are building is much, much more valuable and will be much longer than any annual income figure. Building a community where people are trust is absolutely critical”.
Main takeaway restaurants of open-source cyber security leaders
Based on insights from Braun, Golan, Kelly, Patel and more than a dozen interviews with cyber security founders, CEOs and leaders, five important collection restaurants as fundamental to succeed with Open-Source AI. They are as follows:
- Governance strategically enclosing
Set up an Open Source Program Office (OSPO) to manage central licenses, compliance and vulnerabilities. Put the dashboards directly into products and offers visibility of real -time regulations as a core differentiation. Braun emphasized the transforming potential of governance during his recent interview with Venturebeat and said: “Governance is not overhead – it is our most important distinguishing factor, which is possible seamless compliance.”
- Automate security aggressive with generative AI
Implement generative AI extensively to automate security processes, including vulnerability detection, remediation and real -time threat management. As Golan clearly articulates: “Generative AI-driven automation streamlines the activities drastically and improves security efficiency outside manual possibilities.”
- Wear strategically targeted tools
Active keeping specialized, specially built cyber security models back in open-source communities, which improves the resilience of collective security. Jeetu Patel has briefly recorded this perspective during his keynote at RSAC and interview with Venturebeat: “The true enemy is not our competitor. It is the opponent. Purpose-built open source contributions are crucial for collective cyber security resilience.”
- Proactive managing and transparent the total costs of property (TCO).
Clearly articulated TCO, transparent to tackling hidden costs and long -term value. Proactive managing of TCO calculations reduces the uncertainty of the customer and improves market confidence, so that Gartner’s challenges surrounding the perceptions of suppliers directly tackle.
- Give priority to rigorous and proactive risk management
Deployment continuously automated vulnerability scanning and remediation, maintenance of composite internal OSS -Catalogi and automate the compliance documentation (SBOM/VEX) to streamline audits, minimize the risk exposure and simplify compliance with the regulations. Kelly emphasized during her keynote at RSAC 2025: “Rigorous, automated risk management is essential for effective managing of open-source cyber security.”
Conclusion: Control open source for strategic benefits
For startups from CyberSecurity, strategic use of open-source AI AI offers unparalleled innovation, differentiation and persistent growth opportunities. Governance embedded deep, automating security via generative AI, contributing specially built community tools, proactively managing the total ownership costs (TCO) and rigorous mitigating risk positions startups as leaders in industry that are able to stimulate significant cyber security transformation.
As Jeetu Patel summarizes on RSAC 2025: “Strategic open-source innovation is essential to secure our digital future together. The opponent-not competitors is our true challenge.”
By embracing these strategic insights, cyber security startups can navigate confidently through the complexity of open-source software, stimulating transforming leadership in industry and competitive success in the long term.
Participate in VB Transform 2025
I will organize a round table focused on this subject, called “CyberSecurity apps with open source”, on Venturebeat Transform 2025happens 24-25 June in Fort Mason in San Francisco. Register and sign up to put me in conversation. Transform Is the annual event of Venturebeat that brings Enterprise and AI leaders together to discuss practical, real AI strategies.