The Clock Is Ticking on Encryption - #0077, Itamar Sivan

Startup Nation's Most Expensive Lesson - #0078, Giora Gil-Ad

Last week, I heard a number that should terrify every founder raising a Series A. Between 50% and 60% of Israeli tech startups that reach round A never make it to round B. Think of it: You’ve pitched, hustled, and convinced initial investors that your idea is worth betting on… yet statistically, you’re more likely to flame out before the next round than not. The reasons are messier than most founders want to admit. It’s not always the product or market. A lot of the time, it comes down to one hire. The first real sales leader you bring in to crack the US market. Get it right, and you’re soaring your company to new levels. But get it wrong, and you’ll be burning through runway while pretending everything is still fine. This week on The Spiro Circle, I spoke with Giora Gil-Ad about the most dangerous (and weirdly emotional) hire in Startup Nation - the first serious US sales executive. That’s exactly the world he operates in. As the founder of CQ Global, Giora specialises in one very specific, very high-stakes moment in a company’s life: finding the sales exec who will either unlock the US market or become a very expensive lesson. In our conversation, Giora puts the cost of a wrong VP hire at somewhere between $1.5 and $2 million, once you account for the salary, the team members who follow them out the door, the deals that slipped through the cracks, and the months of momentum lost. But the money is almost the easy part to quantify. What’s harder to measure is the founder who starts second-guessing themselves. The team morale evaporates, or investors start asking harder questions. A bad hire can cost confidence, and in the early startup space, confidence is everything. So what does getting it right actually look like? According to Giora, it starts with founders being honest about what they actually need, and accounting for cultural, business, and personal needs along the way. You can learn more about this whole area in the episode above. Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

The Clock Is Ticking on Encryption - #0077, Itamar Sivan

I’ll be honest: I entered into this most recent conversation for The Spiro Circle knowing almost nothing about quantum computing. I said as much to my guest, Itamar Sivan, co-founder and CEO of Quantum Machines, before we even started recording. That’s alright - most people don’t really understand it, he told me. Even scientists used to laugh at the idea that quantum computing would ever be commercially viable. But then, about halfway through our conversation, he said something that piqued my curiosity and made me put down my notes. The threat isn’t that quantum computers will simply ‘make things faster’. It’s that they’ll make things possible that are currently impossible. And one of those things is breaking the encryption that protects everything - and keeping cryptographers up at night. He cited potential examples as banks, messages, the NSA, and Bitcoin. “Quantum computers are not interesting because they’re going to take problems we solve today and solve them faster,” Sivan told me. “But rather they will take problems today we deem as impossible and make them possible.” The mechanism is an algorithm called Shor’s algorithm, [https://en.wikipedia.org/wiki/Shor%27s_algorithm] which can factorize enormous numbers at speeds no classical computer could approach. Modern encryption is built on the assumption that factorizing very large numbers is effectively unsolvable. But by taking away that assumption, the entire architecture collapses. “Something that would take a hundred thousand years might be solvable at the scale of minutes,” he told me. Quantum Machines (QM) is a Tel Aviv-based company that has raised $280 million to build the orchestration layer running quantum processors. Founded in 2018, customers include academia, national labs, and the private sector. What struck me was that he raised this before it exploded as a mainstream story. At the time of our recording, he flagged that a newly published paper [https://decrypt.co/resources/what-q-day-quantum-threat-bitcoin-explained]suggested quantum computers would need far fewer qubits to break encryption than previously thought. “We’re still digesting it. If they’re right, we’re going to see some big changes in the world in a few years.” And almost as an aside: “One of the claims is that it will be able to break the underlying encryption used for Bitcoin. Just that itself could be a big impact.” Research published between May 2025 and March 2026 [https://thequantuminsider.com/2026/04/28/why-2026-matters-quantum-security/]shows that breaking widely used cryptographic systems may require far fewer quantum bits than previously thought. Estimates dropped from around 20 million physical qubits in 2019 to under one million by 2025. Papers from Caltech and Google in early 2026 prompted one Bitcoin security researcher to estimate a 10% chance that a quantum computer recovers a Bitcoin private key from an exposed public key by 2032 [https://decrypt.co/362856/google-quantum-paper-boosts-odds-of-bitcoin-q-day-by-2032-researchers-warn]. In April 2026, a researcher successfully broke a 15-bit elliptic curve cryptography key using publicly accessible quantum hardware — a 512-fold improvement over the previous public demonstration just months earlier. Google has already set a 2029 deadline [https://www.coindesk.com/tech/2026/03/28/here-s-how-bitcoin-ethereum-and-other-networks-are-preparing-for-the-looming-quantum-threat] to migrate its own authentication services to post-quantum cryptography. The so-called “harvest now, decrypt later” threat (adversaries collecting encrypted data today, waiting for quantum capability to mature before cracking it) means the clock is ticking, even though many still believe their things will be protected for many more years. Sivan’s broader point, the one I kept coming back to, is that quantum won’t replace the computing infrastructure we’ve built - but instead plug into it. It means the vulnerabilities we’ve built into that infrastructure travel with us. “Not a question of if,” he told me as we finished. “A question of when.” I didn’t know much about quantum computing before this conversation. But I think I know enough now to think that answer should concern all of us! Watch a 5-minute preview of our conversation on this topic, here: Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

The Future of Cybersecurity May Look Like Swarms of AI Hackers - #0076, Shahar Peled

Imagine the scene: A developer at a large financial institution merged a routine code update. Nothing alarming yet, just a minor change that, on its own, meant little. But Terra Security’s AI agents were watching. AI agents flagged the change, verified a potential vulnerability, and then did something a human penetration tester probably wouldn’t have done. They kept looking. Eventually, they found two more vulnerabilities nearby, each individually insignificant. But they spotted a pattern and connected all three together. “1+1+1 = 1,000,” said Shahar Peled, co-founder and CEO of Terra Security. The result was a Remote Code Execution (RCE), a cybersecurity vulnerability that allows an attacker to run malicious code on a target system or server from a remote location. It is considered one of the most critical vulnerability classifications of its type. The customer found out from their vendor, not from an adversary. Founded in 2024, the Tel Aviv and New York-based startup has raised $38 million across a rapid Seed and Series A, and counts Fortune 100 enterprises among its customers. Its core product is an agentic offensive security platform where swarms of AI agents are trained to think and act like “ethical hackers”, running continuously across a company’s attack surface. The traditional model of penetration testing (hiring an external team once or twice a year to probe for weaknesses) was never designed to catch what Terra caught in that unnamed financial institution. “Until 2025, it happened on an annual basis mostly,” Peled explained. “Once a year, you hire someone externally to work for a week or two weeks... The reason you couldn’t do it continuously is that you couldn’t really train software to hard-code how adversaries think and act.” But AI has changed all that. Terra Security’s agents scan for known vulnerabilities and simulate the reasoning of an attacker, chaining together findings and verifying whether a vulnerability is actually exploitable rather than merely theoretical. But Peled is careful not to overclaim, and beat me to my own next question. “Are AI agents today better than any ethical hacker in the world? They’re not,” he said. “They don’t yet possess the creativity of the best ethical hackers. But they can be more scalable than anyone in the world. They can run continuously. They never sleep. They’re already better than the vast majority of ethical hackers in the world.” With AI, there are no longer cyberattackers who wait for annual review windows. Adversaries now use tech to find entry points faster, adapt in real time, and strike before defenders can patch. A point-in-time test is, by definition, already outdated the moment it concludes. Terra’s idea is that continuous, AI-driven offensive security is the only architecture that matches the pace of modern attacks. The chained vulnerability Peled mentioned in our conversation was only catchable because an agent was watching the moment the code changed - and not six months later, when a consultant finally showed up. “I still see too many organizations that say, ‘Okay, now we have AI in offensive security’,” he concluded, and as a slight warning to CISOs still budgeting for annual pen tests. “[They say] ‘I want to do the same thing I’ve done before, just faster, better, cheaper’. And that scares me.” Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Employees Are Leaking Corporate Secrets Through ChatGPT - #0075, Itamar Golan

There’s a new security risk out there, and it’s come to be known as The Shadow AI Problem. It suggests that the next major corporate data breach may not come from a sophisticated nation-state actor or a phishing campaign, but rather from an employee asking an AI chatbot to read or summarize sensitive company data. That’s the reality Itamar Golan has spent the last two years building a company around. As co-founder and CEO of Prompt Security (acquired by SentinelOne earlier this year for $250 million), he has become one of the voices warning of the gap between how fast enterprises are adopting AI and how little they understand about where their data is going. According to him, most CISOs focus on traditional attack vectors, but the real risk is employees pasting IP addresses into unauthorized tools. Prompt Security’s platform now detects nearly 20,000 distinct AI applications operating across enterprise environments. Golan clarified that the figure isn’t plugins or product variants, but 20,000 separate entities. “Today, essentially almost any SaaS application, website, native application running on your endpoint… we are converging towards a landscape where any one of those will be an AI application by itself,” he told me. The Spiro Circle is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. The visibility problem is one thing, but the training problem is another. Prompt Security’s research found that roughly 40% of AI applications [https://prompt.security/blog/smarter-ai-security-true-risk-management-goes-beyond-blocking-ai], when surveyed at the configuration level, are set by default to train on the data they receive. “Not only has confidential data leaked out of your organization,” Golan explained, “it’s now potentially becoming part of the model’s brain.” Details like corporate strategy, personnel data, or legal documents will be available for everyone to see - and there is no obvious retrieval mechanism once embedded in a model’s training run. The sectors most exposed are also the typically traditional ones that are now moving fastest to catch up: Financial services, insurance, and legal firms are adopting AI precisely because it performs exceptionally well on their core workflows. “They find themselves in this very tricky situation,” he told me. “On the one hand, they are adopting AI the fastest, and the potential gain is immense, but the risk of making a mistake is so big as well.” It is a distinctly Israeli problem to be working on. Golan mentioned that when he surveyed the security stacks of Fortune 500 CISOs while building Prompt, he found that around 60% of the tools on their lists were built by Israeli companies. Startup Nation has given the world Check Point, CyberArk (acquired by Palo Alto Networks), and Wiz (acquired by Google). Now, Prompt Security, as part of SentinelOne, is trying to secure the AI layer that sits above all of them. “We cannot stay blind,” Golan concluded. “We must admit that our employees are using hundreds or thousands of AI applications. A big portion of those are able to train on the data we are sharing with them.” Acknowledging that reality, he argues, is the first step to acting on it. Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Israel's FoodTech Story Was Never About Fake Meat - #0074, Ilanit Kabessa Cohen

This isn’t the first time I’ve covered Israel’s foodtech sector. Back in 2022, reporting for CTech, I mapped the ecosystem [https://www.calcalistech.com/ctechnews/article/r1im1c6pj] at a moment of tension, when investment was holding up better than in any other tech vertical, but the skeptics remained. I was, and still am, bullish on Foodtech - at least at the start. I tasted 3D-printed burgers in Tel Aviv and called them “technically perfect, albeit creatively void.” I interviewed investors who compared the industry to early mobile phones [https://www.calcalistech.com/ctechnews/article/bywoxxtsi] — primitive first iterations, but with everything still to come. I wanted to delay a full embrace of alternative foods until the markets all caught up. Turns out many felt the same way. So years later, I wanted to revisit all of that with someone who’s lived it from the inside. Ilanit Kabessa Cohen has spent 25 years asking one question: what does it actually take to bring innovation to market? As the first Head of Innovation at Osem-Nestlé, a corporate venturing lead at Dole in Singapore, and now co-founder of the advisory firm URIKA, she’s seen the food ecosystem from virtually every angle — and she joins me to share what she’s learned. Our conversation opens with an assessment of Israel’s position in global foodtech. Despite being a relatively small player in terms of total funding (roughly $16 billion globally), Israel punches well above its weight: driven by its kosher culinary traditions, research institutions, a culture of cross-domain improvisation, and the Israel Innovation Authority’s risk-sharing model that few other governments have replicated. But Ilanit is candid about where the industry fell short. The first generation of alternative proteins disappointed consumers, investors, and believers alike. Not because the vision was wrong, but because first-generation products rarely win. She argues we’re now entering a correction phase, with more mature companies, better-tasting products, and a smarter understanding that the real action right now is B2B ingredients, not consumer-facing brands. The most forward-looking part of the episode covers what she calls “animal-free technologies” — a next-generation wave that goes far beyond food. Think collagen produced via precision fermentation for use in cosmetics, pharma, and nutrition. Or how biomaterials could replace shark liver extract or horseshoe crab blood in medical testing. She said how the next decade of opportunity lies in the convergence of food, health, and biotech - and finally, she discussed two opportunities: the Coller Startup Competition [https://www.collercompetition.com/](now open, with a $100K prize) and URIKA’s Generate partnership [https://nexture.com/global/en/innovation/generate/open-call] program with CSM Ingredients for startups in sugar reduction and proteins. The Spiro Circle is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. Get full access to The Spiro Circle at www.thespirocircle.com/subscribe [https://www.thespirocircle.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4]