How Cyclops is uncovering cybersecurity’s blind spots

Modern cybersecurity teams are drowning in data. Between vulnerability scanners, monitoring platforms, asset management tools, and dozens of other systems, today’s enterprises generate vast amounts of information.

But if you ask a CISO which of their assets are the most exposed — and which weaknesses really matter — many will struggle to answer.

It’s something that Eran Zilberman, cofounder and CEO of Cyclops Security, witnessed firsthand during his years of working with enterprise security leaders.

“[Enterprises] have so many vulnerabilities — hundreds of thousands of them,” he says. “So how do [they] know what is critical?”

This lack of clarity is at the heart of cybersecurity today, Zilberman argues, and it’s what inspired him and fellow cybersecurity veterans Elay Gueta and Biran Franco to found Cyclops in 2022. Between them, they had racked up more than three decades of cybersecurity research and product development experience in leadership roles at the likes of RSA, Cynet Security, Axonius, Microsoft Defender for Endpoint, and Insight Partners’ portfolio company SentinelOne.

Recognizing the need for a solution to data fatigue, the team set out to revolutionize the way security teams access and analyze their data, stop them from being misled by incomplete or inaccurate information, and help them see the full picture.

Making sense of the security stack

It may seem like the last thing cybersecurity teams need is another security tool, Zilberman acknowledges.

“I meet lots of CISOs and organizations,” he explains. “What is the thing that we see most? It’s organizations paying lots of money for unused tools that are relying on data that is [not] useful …There are so many tools that organizations are getting 20-25% out of … How do I get at least 70 or 80% [out] of every tool?”

Cyclops offers a solution — enabling companies to get the most out of all their tools by helping make sense of the data those tools produce.

Launched publicly in 2023 after raising a $6.4M seed round with participation from Magnola, an investment vehicle affiliated with Insight Partners, the security startup provides a genAI-powered search engine built on cybersecurity mesh architecture (CSMA). It unifies disparate cybersecurity data, enabling SecOps teams to query complex issues and get insights.

“Our main purpose is to empower security teams to proactively defend against cyber threats and prioritize addressing critical vulnerabilities with the necessary contextual data,” said Zilberman at the time.

For Zilberman, the focus for businesses should be understanding and maximizing the value of the data. Everyone is focusing too much on acquiring as much data as possible, says Zilberman, but the question is, “What do you do with all the data? What kind of insights do you get?”

“What we do is take the cybersecurity attack surface to the next level by not giving you just the visibility on the asset, but the risk on the asset.” 

Cyclops offers visibility across the entire data stack, Zilberman explains, while traditional tools are indiscriminate. “Vulnerability scanners, for instance, they scan the network, they see assets — they don’t know [enough about] these assets,” he says. “They are guessing. Because we see the data, we see that the data from those scanners is not accurate.”

By simplifying the query process and providing clear responses similar to a Google or ChatGPT query, Cyclops empowers security teams to make better, more timely, and informed decisions.

Simplifying the data and analyzing risks doesn’t just reduce businesses’ security threat — Cyclops is also a productivity tool, aiming to improve mean time to detection and mean time to response by 80%.

AI as a security copilot

Zilberman believes that aspects of AI have been overhyped by the cybersecurity industry — for example, security for LLMs. “When was the last attack you saw that compromised an LLM model?”

However, Cyclops has been using AI from the beginning, integrating it in multiple functions across its platform. It’s at the heart of the tool, Zilberman says, and “its ability to understand data.”

Cyclops’ autonomous correlation engine, for instance, leverages AI to categorize and analyze alerts and data points from an organization’s existing security and IT technology stack, which often come in a confusing array of formats or different names. CyclopsIQ uses AI to suggest useful queries to users, and Cyclops Copilot harnesses LLMs to decipher free-text queries.

“The bottom line is, you cannot rely on one tool to be your source of truth,” says Zilberman. “You need [all the] tools together to tell you what is right and what is wrong.”

What an agentic future looks like

As Zilberman sees it, in a future where “the threat landscape is changing all the time,” the top cybersecurity tools will be those that “have conversational models.”

That’s why Cyclops’ approach to AI isn’t just about automation — it’s about making security interactive. At the core of the platform is a natural language interface that allows security practitioners to query their environment and even question the results. “Some people call it agentic AI,” says Zilberman. “[When] you can speak with your tools, if they understand your data correctly, and you can ask them questions, and they can give you great insights … you can challenge them and get a very specific input on everything that you have in your organization related to cybersecurity. This is the future, and those are the tools that will dominate.”

*Note: Insight Partners has invested in Cyclops and SentinelOne.