On The Precipice
The consensus view in security is so settled that no one bothers to argue it anymore: the incumbents win. They always win. You can map the last twenty years of the industry as a slow gravitational collapse toward a handful of platforms: the endpoint giant that became a cloud-security giant, the network company that became an everything company, the identity layer that quietly became load-bearing for the entire internet. Every category that matters eventually gets absorbed into one of four or five orbits. The startups that look threatening in year three get acquired in year five and integrated in year seven, and the cycle repeats. This isn’t cynicism. It’s the base rate. Betting against the security oligopoly has long been a great way to lose money.
I believed this too. And I want to make the case that it is, right now, beginning to stop being true, and that the thing breaking it is AI, though not for the reason most people say. Note, I have a shit ton of bias writing this article, considering I’m building an AI security company.
Why the oligopoly won
It’s worth being precise about why the incumbents won, because the mechanism is the whole story. They didn’t win on product. They won on the things that compound around the product: distribution, data, and integration.
Distribution, because a CISO already in for the platform will buy the next module rather than run a new procurement, a new security review, and a new contract. Data, because the company sitting on telemetry from half the Fortune 500 has a moat no startup can dig. And integration, because the real cost in security was never the tool.. it was the wiring, the SIEM connectors, the agents on every endpoint, the year of professional services. Once you’d paid that cost, switching felt insane. The oligopoly’s power was never due to its products being the best. It was that the cost of choosing anyone else had been made unbearable.
This is the consensus, and it has been correct for most of the careers of most of the people reading this.
The crack
Here is the counter-consensus claim: every one of those three moats: distribution, data, integration: is being quietly neutralised by AI at the same time, and the oligopoly is structurally unprepared for it.
Start with integration, the deepest moat. The reason switching was unbearable was the human cost of rewiring. The months of engineers mapping one system’s logic onto another’s. That cost is collapsing. When an AI agent can read a detection rule in one vendor’s syntax and rewrite it in another’s, when migration is a prompt rather than a professional-services engagement, the switching cost that held the entire oligopoly together starts to evaporate. The moat was made of human toil, and human toil is exactly what’s being commoditised first.
Then data. The incumbent’s telemetry advantage assumed that whoever had the most data built the best models, full stop. But the frontier has moved. A small team standing atop a foundation model inherits a reasoning capability that no amount of proprietary 2019 telemetry can match. The advantage is shifting from who has the most data to who can reason best over the data in front of them, and that capability is, for the first time, available to rent rather than something you had to spend a decade accumulating. The giant’s data lake is still an asset. It is no longer a wall.
And distribution. This is the slowest to crack, because relationships and inertia are real. But distribution’s hidden premise was that evaluating a new tool was expensive, so buyers defaulted to whatever they already had. As evaluation itself gets cheap, as a security team can stand up, test, and rip out a new product in a week instead of a quarter, the default loses its grip. You don’t stay with the incumbent because it’s best. You stay because leaving was hard. Make leaving easy, and the loyalty turns out to have been hostage-taking all along.
None of this means the incumbents die. It means the thing that made them unbeatable, not their product, but the cost of leaving them, is being dismantled by the same technology they keep putting on their own slides.
The precipice
There’s a second, slower reason the oligopoly is exposed, and it’s the one I keep coming back to. I got it, of all places, from a CISO I sat down with this week, someone who has been quietly running ahead of this thesis for years.
He runs what amounts to a two-tier strategy. The core stack: )1) the load-bearing systems that cannot fail at 3 am, stay with established companies, the ones he calls “established but still hungry.” Everything outside that core, which turns out to be most of the surface area of a modern program, he routes deliberately to startups (2). When I asked why, he didn’t reach for the cost. He reached for a single idea I haven’t been able to shake: “Once you cross that precipice from innovation to acquisition, you’re not really innovating anymore.”
That line is the second crack, and it’s older than AI. Every company in the security oligopoly crossed the precipice long ago. At some point, each of them stopped optimising for the product and started optimising for the acquisition, its own, or the next one it would make. The roadmap quietly became an M&A document. The energy that used to go into building out competitors went into buying them and integrating their logos. This is the thing Christensen warned about in The Innovator’s Dilemma: great companies fail not by doing things wrong but by doing everything right: listening to their best customers, defending their margins, moving upmarket—until they’ve optimised themselves into a corner and ceded the frontier to someone hungrier. The security oligopoly is not a collection of great products. It is, increasingly, a portfolio of companies that crossed the precipice and were acquired on the way down, stapled together under one brand and sold as “consolidation.”
What’s new is that AI removes the cover. As long as switching was unbearable, it didn’t matter that the platform was a museum of post-precipice acquisitions — you were locked in regardless. Lower the switching cost, and suddenly the staleness is visible and actionable. The buyer can finally do something about it. The precipice problem and the AI problem are the same problem seen from two angles: AI is what lets the market finally punish the companies that stopped innovating years ago.
The CISO is the leading indicator
This is why I think the CISO I met is worth paying attention to, not because his philosophy is clever, but because he is doing in 2026 what the market is about to do at scale. He is not anti-incumbent. He keeps the core with the establishment precisely because the cost of being wrong there is catastrophic and unrecoverable. But he has decided to never be the incumbent’s best customer, because the incumbent’s best customers are the ones who get optimised last. He routes the periphery to companies that “haven’t gone on buying sprees yet” and read that carefully, because the thing he’s underwriting isn’t a feature set, it’s a stage of corporate life, a pre-precipice metabolism with a known half-life.
This CISO has lowered his threshold for action exactly where AI is lowering the cost of switching at the periphery, where being wrong is cheap and the upside of catching a company before the precipice is enormous. He’s running more experiments, seeing more of the frontier, forming real opinions about which young companies are good before the analysts have a category for them. A year ago, that was an idiosyncratic discipline. With AI collapsing the cost of evaluation and migration, it is about to become the obvious move, and the consensus will follow him into it without admitting it was ever counter-consensus at all.
The steelman
I should resist making this cleaner than it is. The bull case for the oligopoly hasn’t vanished, and pretending otherwise is how you get a thesis that feels good and ages badly.
AI cuts both ways. The same foundation models that let a startup punch above its weight are also being wired into the incumbents’ platforms, and the incumbents have the distribution to ship them to a million seats overnight. Security is one of the few markets where being boring is a feature, where “one throat to choke” is a real value proposition to a CISO who answers to a board after a breach. And the regulatory and compliance gravity that favours the established name is, if anything, getting heavier. It is entirely possible that AI accelerates consolidation rather than breaking it, that the giants use it to absorb capabilities even faster, and that the window for startups closes more tightly than before.
The honest position is that the moats are cracking, not gone, and that the next few years are the contest over whether the incumbents can re-cross the precipice, whether a company that long ago started optimising for acquisition can teach itself to innovate again before the switching costs that protected it finish eroding. Christensen’s whole point was that almost none of them can. But “almost” is doing real work in that sentence, and I’d rather name it than pretend it away.
What I’m confident of is narrower and, I think, more useful: the era when betting on the security incumbent was a free option is ending. The thing that made it free, the unbearable cost of choosing anyone else, is being dismantled in real time. And the buyers who already understood that the giants crossed the precipice years ago are no longer stuck admiring the problem. For the first time, they can act on it.