Redpoint
Sai Senthilkumar
Partner, investors
Jordan Segall
Partner, investors
Thursday, June 12, 2025

Security Update: 2025 InfraRed Report

Sai Senthilkumar
Partner, investors
Jordan Segall
Partner, investors
Thursday, June 12, 2025

Here are the slides and discussion from the security section of the 2025 InfraRed Report (our take on the current state of cloud infrastructure) as presented at the InfraRed Summit by Sai Senthilkumar and Jordan Segall.

When we look at enterprise spend across the board, cybersecurity is the 2nd largest budget item for CIOs, and we think it will only grow more important over time.

What’s more interesting is that spend on cybersecurity vendors is the least likely bucket to get cut in 2025.

Cybersecurity is here to stay forever. It’s one of those categories stretching back to the 90s where every couple of years, there is an iconic business like Fortinet, Palo Alto Networks, Crowdstrike, and Wiz that gets created.

Why is that the case?

It’s because attacks and outages are having unprecedented impacts.

Last year, account data for over 2.5 million Duolingo users were leaked in an attack.

The Crowdstrike outage caused widespread global disruptions. Thousands of flights were canceled. Estimated losses for Fortune 500 companies alone reached $10 Billion.

We should only expect attacks and failures to get worse in the age of AI as attacks become more simulated and code-generated apps have more bugs and failure points.

As a result, CISOs have never been as crucial to an organization as they are now.

18 months ago, the SEC ruled that publicly traded companies must report material cybersecurity incidents within four business days.

In each 10-K, companies are required to disclose their cybersecurity risk management strategies.

In addition, CISOs find themselves more often in the board room, as over 83% of public company CISOs are in board meetings today.

The CISO’s job has never been more important.

Thus, it's interesting to see the behavior of CISOs relative to other budget holders.

In a recent survey we commissioned, over 70% of CISOs buy best-of-breed security solutions versus larger platforms with adjacent offerings.

In fact, cybersecurity is the ONLY industry where this is the case. Budget owners of AI tools, data and BI platforms, Developer tools, RPA all want to consolidate their different solutions into one.

Cybersecurity is the only category where the budget holders - in this case CISOs - would rather go for best-of-breed versus one comprehensive solution.

And that’s why the average public company deploys over 50 different security tools.

It’s never been a better time to build in cyber.

Take Wiz, for example.

  • Wiz was founded in January 2020 by Assaf Rappaport. In March of this year, they sold the company for $32B to Google.
  • In 5 years, they created $32B of equity value.
  • It’s a combination of a brilliant team, with ruthless execution, going after a market that was screaming to be reimagined.
  • In 18 months, the company hit $100M ARR which was a record at the time. They were north of $600M ARR when they were acquired with over 50% of the Fortune 100 as customers.

Just an incredible story – and for the cybersecurity founders in this room – we’re sure that some of you will have similar stories in the not-so-distant future.

To see where cyber spend will be in the future, we commissioned a survey to look at which categories are the highest priority for CISOs in the next 12 months.

The first question looked at the major security markets like cloud, identity and endpoint.

Not surprisingly, we see some recognizable markets and companies on this slide like Wiz and Cyera.

We also asked these CISOs about which emerging categories they are most excited about.

The bars in red are AI-driven markets in security. AI copilots for SOC analysts, auth for agents and machine-to-machine, automated pentesting, and GenAI social engineering are categories that didn’t exist a year ago.

It’s both a scary and exciting thing.

It’s scary in the sense that these are new threat vectors that need to be addressed and governed.

It’s exciting because it provides a tremendous opportunity for companies in this room to go after large, important problems.

Double clicking on a few of these markets…

  • The AI SOC market is a $30B market that is aiming to automate much of the manual day-to-day of security analysts. It’s seen an explosion in startups like Dropzone, Legion, Prophet, and SevenAI just to name a few.
  • AI deepfakes is a quickly emerging category with startups like Adaptive and Fable to protect against GenAI social engineering attacks.

These categories are growing quickly and could produce the next Wiz.

However, incumbents are not going to stay silent.

Crowdstrike released Charlotte AI - an agentic bot that goes through tons of alerts for Crowdstrike customers acting as a security analyst …

And Zscaler has been on an acquisition spree, most recently acquiring Red Canary and Avalor for over $1B

Incumbents are making aggressive moves to stay ahead in security in the age of AI.

Read the full InfraRed Report here.