PeopleApproachPortfolioPrimary LabsFirst EditionJobs
First edition

Investing in the Reinvention of Cybersecurity

Tobias Citron joins the Partner team at Primary

Investing in the Reinvention of CybersecurityInvesting in the Reinvention of Cybersecurity
BY  Tobias Citron

We are at a crucible moment in cybersecurity, one in which AI is changing everything. Just last week, Anthropic caught a near-successful cyber espionage attack that was 80%-90% executed by AI agents. These AI agents ran many parallelized attacks at thousands of requests per second, the kind of speed and sophistication a human would only dream of. The world is getting scarier, and CISOs wake up every day confronting this reality.

At the same time, AI is a new technology platform that presents internal risks. Top-down mandates from C-suites and boards mean that AI experimentation is ubiquitous, creating new threat vectors. Additionally, new hardware and configurations in the data center mean that the physical infrastructure to protect is different too, necessitating new solutions.

This change is scary, but also exciting. For too long, cyber has been bogged down in the SPM craze—“posture management” and dashboards. Of course, visibility is necessary, but the dashboard sprawl has become comical. A CISO’s main problem is no longer blindspots, but rather an excess of data. Alert after alert, and security teams seemingly get farther from actual solutions. In the words of a CISO I know well, many tools are just “more software for software.”

The evolution of the market in this way makes sense. Some visibility-focused startups have become category-defining, generational companies. In pursuit of the next Wiz, VCs have over-funded visibility. Despite some successes, most of these companies have contributed to the most fragmented, sprawling, and redundant stack in the history of cybersecurity.

AI has the potential to break this pattern by automating workflows, reducing costs, and finding better signals in the noise. We see this happening across all security categories, from identity to data to endpoint, and have made investments accordingly. The time to build in cyber is now—to give security leaders less, not more; to think of cyber from a blank slate with AI at the center; to use the data the SPMs of the last decade have generated to deliver unique value.

And New York is a great place to build. Although Primary is much bigger than we once were and we now invest globally, the firm began with a bet on New York. A bet that New York is the greatest city in the world, with the highest density of customers and talent, and that founders should be here. This is true for cyber. New York is home to the largest Israeli community outside of Israel, where a disproportionate number of cyber companies are born. And, as the center of the financial world, New York is home to some of the biggest, most sophisticated cyber customers in the world.

We are seeing the gravity around New York strengthen, as companies like Wiz, Cyera, and Axonius have all relocated their headquarters here. Today, there are thousands of security operators in this city, and that number is growing. Undoubtedly, many of these operators will start great companies of their own. We believe we are on the verge of an explosion of the New York cyber ecosystem.

Today, I am humbled that my promotion to Partner is being announced to the outside world. Primary is a deeply special organization for me. I first met the team when I was 25, before going to business school, having spent my prior years working on a startup in NYC. As a born and bred New Yorker who knew how hard the earliest days of startup building were, Primary stood out. “Startups are hard; founders deserve better” has been and is always at the core of what we do, and our ability to execute on that truth and deliver value for founders has grown exponentially since I joined the firm.

I am especially excited about leading the cyber practice for Primary, at a time when security is so existential and great upstarts so needed, and in a place that is poised to become a hotbed for cyber activity. We are working on a lot of interesting things here, and have big dreams. We do not invest in many companies—I will make maybe two investments a year—but the companies we do invest in will be big swings, and we will try to help them in a differentiated way unmatched by any seed firm on the planet.

The challenge of building a cyber seed investing practice is real, but we believe our strategy and positioning is unique. If you are reading this, and intrigued to learn more about our approach, please get in touch. Today I am kicking off a search for an associate to help me with these efforts. This person will be my partner-in-crime, and together, we will define the strategy and investment decisions of the cyber practice at Primary.

The reinvention of cyber in an AI age starts with startups, and amazing customers, advisers, and investors who help them on their journey. If you want to be a small part of this transformation, let’s talk.