Rupert Marais serves as our resident specialist in the intricate world of endpoint security and network management, bringing years of hands-on experience in defending complex digital environments. In this discussion, we explore the shifting paradigms of vulnerability management following the inaugural Infosecurity Europe Cyber Startup competition in 2026. The conversation highlights how emerging platforms are moving beyond simple detection to address the massive bottlenecks created by modern scanning tools and the rise of AI-driven threat landscapes. We delve into the significance of industry validation, the technical hurdles of managing millions of vulnerabilities, and the roadmap toward a future where autonomous agents handle the heavy lifting of cybersecurity triage.
Winning a major industry competition judged by veterans who founded companies like Check Point and Imperva adds a unique layer of credibility to a startup; how does this level of validation influence the way a company like Konvu approaches the market?
Receiving the nod from a panel that includes figures like Shlomo Kramer is essentially a masterclass in industry validation because these individuals have built generational companies that defined the cybersecurity sector. When you have the founder of Check Point, Imperva, and Cato Networks looking at your platform and saying it solves a critical problem, it immediately transforms the conversation from a pitch into a proven strategy. For a company established in 2024, this type of backing is the ultimate trust-builder for potential buyers who are often skeptical of new, unproven tools in their security stack. It allows the team to approach enterprises with the confidence that their solution has been vetted by the best in the world, which is a massive advantage when trying to get an AI-native platform into the hands of real-world users. This win at the 2026 inaugural competition doesn’t just provide a trophy; it offers the PR support and brand workshops necessary to scale that trust into a long-term market presence.
With the rise of products like Mythos and other LLM-driven tools, we are seeing a massive spike in detected issues that many organizations struggle to handle. Could you explain the specific strain these new technologies put on traditional vulnerability management programs?
The current moment in cybersecurity is unique because we are seeing a “vulnerability overload” triggered by the very tools meant to help us, such as Mythos and various LLM products. These advanced scanners and AI tools are incredibly efficient at probing complex environments, but they end up generating hundreds of thousands, and sometimes even millions, of vulnerabilities that enterprise teams simply cannot keep up with. This creates a downstream nightmare where the human component—the actual investigators—becomes a bottleneck because they have to manually triage which issues are high-priority and which are merely false positives. You cannot reasonably expect a human team to remediate a million vulnerabilities, so the strain leads to a backlog that attackers are more than happy to weaponize. It’s a specific crisis where the detection phase has outpaced the investigation phase, leaving organizations vulnerable despite having more data than ever before.
Modern enterprise environments are often cluttered with various scanners that generate overwhelming amounts of data; how does the concept of an “AI agent” sitting on top of these existing tools change the workflow for a security team?
The beauty of the approach we are seeing now is that it doesn’t require a “rip and replace” strategy, which is usually a non-starter for large enterprises with established workflows. Instead, an AI-native platform integrates directly into the existing investigation process and sits on top of the scanners that are already in place. These AI agents act as an augmentation of the human team, taking over the incredibly repetitive and manual tasks of collecting context on vulnerabilities and determining what actually needs a fix. By automating the triage-as-a-platform functionality, the system speeds up the time from initial detection to final remediation, which is the most critical metric in preventing a breach. It essentially gives the security team a digital workforce that doesn’t get tired and can process those millions of data points at a speed that humans simply can’t match.
Looking ahead to the next few years, there is a clear ambition to move from human-in-the-loop systems to more autonomous operations. What does that transition look like in a practical sense for application security?
Right now, we are in a phase where human experts are still very much in the loop to validate the results produced by AI, ensuring that the confidence levels of the output remain high. However, as we look toward the next year or two, the goal is for these programs to become significantly more autonomous as the algorithms prove their reliability. If the work is done correctly, we can envision a scenario in two or three years where 90% of vulnerabilities are triaged and remediated without any human intervention at all. This would leave the remaining 10%—the most complex and nuanced cases—to the humans who have the deep expertise required to handle them. We are constantly testing every new model against rigorous evaluations to ensure that as we move toward this autonomous frontier, we never sacrifice the quality or the trust that the customers have placed in the platform.
What is your forecast for the role of human security analysts as AI continues to take over the majority of vulnerability triage?
In the coming years, I expect the role of the human analyst to shift from being a “triage worker” to being a “strategic architect” of the security ecosystem. While we aim for that 90% automation mark for standard remediations, the 10% of vulnerabilities that remain will be increasingly sophisticated, requiring a level of creative problem-solving and institutional knowledge that AI hasn’t mastered yet. Analysts will spend less time on the “million-vulnerability backlog” and more time on high-level threat hunting and refining the logic that the AI agents use to operate. We will see security teams becoming much smaller and more specialized, focusing on the frontiers of defense while the autonomous platforms handle the heavy lifting of day-to-day vulnerability maintenance. Ultimately, this shift will allow organizations to scale their security posture at the same rate as their digital infrastructure, finally closing the gap between detection and protection.
