The Spiro Circle

The Future of Cybersecurity May Look Like Swarms of AI Hackers - #0076, Shahar Peled

Imagine the scene: A developer at a large financial institution merged a routine code update. Nothing alarming yet, just a minor change that, on its own, meant little. But Terra Security’s AI agents were watching. AI agents flagged the change, verified a potential vulnerability, and then did something a human penetration tester probably wouldn’t have done. They kept looking. Eventually, they found two more vulnerabilities nearby, each individually insignificant. But they spotted a pattern and connected all three together. “1+1+1 = 1,000,” said Shahar Peled, co-founder and CEO of Terra Security. The result was a Remote Code Execution (RCE), a cybersecurity vulnerability that allows an attacker to run malicious code on a target system or server from a remote location. It is considered one of the most critical vulnerability classifications of its type. The customer found out from their vendor, not from an adversary. Founded in 2024, the Tel Aviv and New York-based startup has raised $38 million across a rapid Seed and Series A, and counts Fortune 100 enterprises among its customers. Its core product is an agentic offensive security platform where swarms of AI agents are trained to think and act like “ethical hackers”, running continuously across a company’s attack surface. The traditional model of penetration testing (hiring an external team once or twice a year to probe for weaknesses) was never designed to catch what Terra caught in that unnamed financial institution. “Until 2025, it happened on an annual basis mostly,” Peled explained. “Once a year, you hire someone externally to work for a week or two weeks... The reason you couldn’t do it continuously is that you couldn’t really train software to hard-code how adversaries think and act.” But AI has changed all that. Terra Security’s agents scan for known vulnerabilities and simulate the reasoning of an attacker, chaining together findings and verifying whether a vulnerability is actually exploitable rather than merely theoretical. But Peled is careful not to overclaim, and beat me to my own next question. “Are AI agents today better than any ethical hacker in the world? They’re not,” he said. “They don’t yet possess the creativity of the best ethical hackers. But they can be more scalable than anyone in the world. They can run continuously. They never sleep. They’re already better than the vast majority of ethical hackers in the world.” With AI, there are no longer cyberattackers who wait for annual review windows. Adversaries now use tech to find entry points faster, adapt in real time, and strike before defenders can patch. A point-in-time test is, by definition, already outdated the moment it concludes. Terra’s idea is that continuous, AI-driven offensive security is the only architecture that matches the pace of modern attacks. The chained vulnerability Peled mentioned in our conversation was only catchable because an agent was watching the moment the code changed - and not six months later, when a consultant finally showed up. “I still see too many organizations that say, ‘Okay, now we have AI in offensive security’,” he concluded, and as a slight warning to CISOs still budgeting for annual pen tests. “[They say] ‘I want to do the same thing I’ve done before, just faster, better, cheaper’. And that scares me.” Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Employees Are Leaking Corporate Secrets Through ChatGPT - #0075, Itamar Golan

There’s a new security risk out there, and it’s come to be known as The Shadow AI Problem. It suggests that the next major corporate data breach may not come from a sophisticated nation-state actor or a phishing campaign, but rather from an employee asking an AI chatbot to read or summarize sensitive company data. That’s the reality Itamar Golan has spent the last two years building a company around. As co-founder and CEO of Prompt Security (acquired by SentinelOne earlier this year for $250 million), he has become one of the voices warning of the gap between how fast enterprises are adopting AI and how little they understand about where their data is going. According to him, most CISOs focus on traditional attack vectors, but the real risk is employees pasting IP addresses into unauthorized tools. Prompt Security’s platform now detects nearly 20,000 distinct AI applications operating across enterprise environments. Golan clarified that the figure isn’t plugins or product variants, but 20,000 separate entities. “Today, essentially almost any SaaS application, website, native application running on your endpoint… we are converging towards a landscape where any one of those will be an AI application by itself,” he told me. The Spiro Circle is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. The visibility problem is one thing, but the training problem is another. Prompt Security’s research found that roughly 40% of AI applications [https://prompt.security/blog/smarter-ai-security-true-risk-management-goes-beyond-blocking-ai], when surveyed at the configuration level, are set by default to train on the data they receive. “Not only has confidential data leaked out of your organization,” Golan explained, “it’s now potentially becoming part of the model’s brain.” Details like corporate strategy, personnel data, or legal documents will be available for everyone to see - and there is no obvious retrieval mechanism once embedded in a model’s training run. The sectors most exposed are also the typically traditional ones that are now moving fastest to catch up: Financial services, insurance, and legal firms are adopting AI precisely because it performs exceptionally well on their core workflows. “They find themselves in this very tricky situation,” he told me. “On the one hand, they are adopting AI the fastest, and the potential gain is immense, but the risk of making a mistake is so big as well.” It is a distinctly Israeli problem to be working on. Golan mentioned that when he surveyed the security stacks of Fortune 500 CISOs while building Prompt, he found that around 60% of the tools on their lists were built by Israeli companies. Startup Nation has given the world Check Point, CyberArk (acquired by Palo Alto Networks), and Wiz (acquired by Google). Now, Prompt Security, as part of SentinelOne, is trying to secure the AI layer that sits above all of them. “We cannot stay blind,” Golan concluded. “We must admit that our employees are using hundreds or thousands of AI applications. A big portion of those are able to train on the data we are sharing with them.” Acknowledging that reality, he argues, is the first step to acting on it. Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Israel's FoodTech Story Was Never About Fake Meat - #0074, Ilanit Kabessa Cohen

This isn’t the first time I’ve covered Israel’s foodtech sector. Back in 2022, reporting for CTech, I mapped the ecosystem [https://www.calcalistech.com/ctechnews/article/r1im1c6pj] at a moment of tension, when investment was holding up better than in any other tech vertical, but the skeptics remained. I was, and still am, bullish on Foodtech - at least at the start. I tasted 3D-printed burgers in Tel Aviv and called them “technically perfect, albeit creatively void.” I interviewed investors who compared the industry to early mobile phones [https://www.calcalistech.com/ctechnews/article/bywoxxtsi] — primitive first iterations, but with everything still to come. I wanted to delay a full embrace of alternative foods until the markets all caught up. Turns out many felt the same way. So years later, I wanted to revisit all of that with someone who’s lived it from the inside. Ilanit Kabessa Cohen has spent 25 years asking one question: what does it actually take to bring innovation to market? As the first Head of Innovation at Osem-Nestlé, a corporate venturing lead at Dole in Singapore, and now co-founder of the advisory firm URIKA, she’s seen the food ecosystem from virtually every angle — and she joins me to share what she’s learned. Our conversation opens with an assessment of Israel’s position in global foodtech. Despite being a relatively small player in terms of total funding (roughly $16 billion globally), Israel punches well above its weight: driven by its kosher culinary traditions, research institutions, a culture of cross-domain improvisation, and the Israel Innovation Authority’s risk-sharing model that few other governments have replicated. But Ilanit is candid about where the industry fell short. The first generation of alternative proteins disappointed consumers, investors, and believers alike. Not because the vision was wrong, but because first-generation products rarely win. She argues we’re now entering a correction phase, with more mature companies, better-tasting products, and a smarter understanding that the real action right now is B2B ingredients, not consumer-facing brands. The most forward-looking part of the episode covers what she calls “animal-free technologies” — a next-generation wave that goes far beyond food. Think collagen produced via precision fermentation for use in cosmetics, pharma, and nutrition. Or how biomaterials could replace shark liver extract or horseshoe crab blood in medical testing. She said how the next decade of opportunity lies in the convergence of food, health, and biotech - and finally, she discussed two opportunities: the Coller Startup Competition [https://www.collercompetition.com/](now open, with a $100K prize) and URIKA’s Generate partnership [https://nexture.com/global/en/innovation/generate/open-call] program with CSM Ingredients for startups in sugar reduction and proteins. The Spiro Circle is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Why Israeli Marketers Beat Americans at Their Own Game - #0073, Aviv Canaani

Datarails CRO Aviv Canaani has an unusual vantage point. He runs the full revenue engine of the financial planning and analysis platform for Microsoft Excel users — sales, marketing, partnerships — from New Jersey, while his marketing team operates out of Israel. He relocated to be closer to the North American customer base as the marketers stayed put. And after years of sitting inside both ecosystems at the same time, attending CMO sessions in Tel Aviv and building pipelines in the US, he’s reached a verdict most people in his position wouldn’t say out loud: the Israelis are better. It’s a claim that cuts against the instinct of almost every Israeli founder he’s encountered - and every company I’ve spoken to over the years. “Normally, when I speak to startups that are born in Israel, they want to send their sales and marketing overseas immediately. [It’s] the first thing they want to do,” I told him during our conversation. But Canaani’s experience runs the other direction. The Israeli edge, he claims, comes down to a cultural obsession with output. “When you talk with people in Israel, marketing leaders, it’s about how they built machines, how much the cost per meeting, how they’re running campaigns on Facebook and Google and all that.” American counterparts, he finds, often arrive at the conversation from somewhere else entirely. “A lot of CMOs and people in marketing I talk with in the US or Canada… can talk more about the brand, how things take time, like it’s a long-term investment.” “Tachlas mentality” explained He traces this back to something structural in Israel’s tech DNA: The concentration of adtech companies and the performance-marketing culture they seeded, and also what he calls “tachlas mentality”. He explained that this requires teams to be focused on results above everything else. The blend of that mindset with an unusually international talent pool (many ‘Olim’ from Britain, the US, or Europe) produces something Canaani finds hard to replicate in America. But there’s a catch - and one worth remembering. The same intensity that makes Israeli marketing so effective in the early stages carries a structural weakness as companies grow. “In North America, things are much more organized. It’s clearer how they create the messaging and the product marketing and how to make sure there is alignment between marketing and sales,” he told me. Israel, by contrast, tends to run so fast that alignment becomes a casualty. “It seems like sometimes it doesn’t even matter if marketing speaks one language and sales speaks another. Let’s just run fast. It’s speed above everything else.” The American advantage, then, is less about raw marketing talent and more about institutional discipline. “In North America, maybe it’s hard in the startup phase, but once they’re a bigger company, they have better processes — how to run things, how to stay on point.” So what Canaani is describing is a stage-mapping problem. Israeli performance marketing is almost perfectly calibrated for the zero-to-one phase: find the signal, iterate fast, fill the pipeline before the runway ends. But American marketing discipline becomes the dominant advantage once you’re scaling and when the team is distributed. Move fast and break things, but then slowly mold them into greatness. The companies that figure out how to sequence both are the ones most likely to build something that lasts. Datarails, with teams operating on both sides and a CRO who has lived inside both cultures simultaneously, is running that experiment right now. [5-minute preview: Why Israeli Startups Are Better at Marketing Than They Think] Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

The Middle Eastern Map No US President Can Escape - #0072, Gidi Grinstein

Every few years, a new American administration arrives in the Middle East convinced it can start fresh. Trump’s team was no different. They came to the problem with a clean slate and nothing but the confidence of a New York real estate mogul. They produced two documents across both his terms: the January 2020 plan and the October 2025 twenty-point Gaza framework. The result, according to my guest Gidi Grinstein, was that they landed exactly where everyone always lands. “Even Trump ends up landing very close to where Nixon landed, to where Carter landed, to where Clinton landed,” he told me. “Because there is a gravitational force that is shaping these negotiations.” Gidi Grinstein has seen the Middle East from angles most people never will. At 29, he was the secretary of Israel's negotiating delegation at Camp David and the youngest person at the 2000 Summit. He spent years inside the machinery of the peace process drafting texts, aligning teams, and managing the distance between what leaders said in public and what they were willing to accept in private. Today, he runs Tikkun Olam Makers (TOM), a global initiative using open-source 3D printing to bring affordable prosthetics to people who can't access or afford conventional ones. While we intended to speak mostly about TOM, our conversation stayed on peacebuilding, negotiation, and his view of politics today. The force, he said, traces back to “the most brilliant and American diplomat of the last hundred years”, Henry Kissinger, and the architecture he designed in the 1970s. It was a framework built not around Israeli or Palestinian interests, but around American hegemony in the Middle East. Half a century later, and it is proving so durable for Washington that no administration, however disruptive, can break from it. The 2020 Trump plan's "two nation states for two people" echoes UN Resolution 181 from 1947. The 2025 Gaza framework in places reads like a revamped version of the Oslo Declaration of Principles from 1993. “You would be stunned by the amount of similarities,” he told me. What’s interesting this time around is that both countries - Israel and the US - face impending elections mere days apart, promising to shake up not just the political makeup for both sides, but potentially the leadership of one. This creates what Grinstein calls the clock problem: Israeli and American leaders, under electoral pressure, always want a deal now. Their counterparts (Arafat then, the Iranians today) operate on an entirely different political timeline, with every incentive to wait out a weakened or transitional government. “The synchronization of the political clocks is very important in getting the deal,” he said. Trump, he suggests, may be walking into the same trap by pushing hard before November while Tehran calculates what comes after. The gravity doesn’t guarantee peace, but I realized it means the frameworks are always roughly the same so long as the Americans are involved. And so far, history is showing us that they always find their way back to them. You can catch the entire conversation above. And expect more analysis from our conversation in future newsletters. [5-minute preview: Watch Gidi explain this in a YouTube clip, “Trump Thinks He's Rewriting Middle Eastern History. He's Repeating It.”] The Spiro Circle is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]