The underlying assumptions in security are shifting. Security tooling was built for a world of binaries, deterministic systems, and slower adversaries.

Today, code is generated and executed dynamically, AI agents act autonomously, and attack paths evolve in real time.

At RSA, we’re excited to meet founders designing security architecture for the new reality.

Post-Binary Endpoint Security
Endpoint security was built to detect suspicious executables. But today, most code doesn’t run as standalone binaries. It runs inside trusted environments like browsers, IDEs, interpreters, plugins, and AI-assisted tooling.

Legacy EDR was optimized to detect suspicious executables; it has limited visibility into the dynamic code paths executed within approved applications such as Chrome or VS Code.

We’re looking for next-generation endpoint platforms that provide deep runtime visibility and enforce behavioral controls across this expanding non-binary attack surface.

Detection at the speed of Adversaries
“Can we detect this?” shouldn’t require a war room.

We’re looking for AI-driven detection engineering that connects threat intelligence to real telemetry, exposes coverage gaps, and turns detection readiness into a live metric — while also generating, testing, and tuning detection rules automatically.

Coverage shouldn’t be a manual mapping exercise; it should be continuously measured and continuously improved.

Securing the entire software supply chain
As AI accelerates software creation, more code is being generated and deployed faster than ever. We’re looking for startups that ensure nothing reaches production without cryptographic proof of how it was built, who built it, and whether it was properly reviewed.

Open-source supply chains are starting to get secured. Internal software supply chains remain exposed.

We’re looking for the company that brings provenance, cryptographic attestation, and enforcement to internally built code before it ships.

Securing Autonomous Agents
AI agents don’t behave like traditional software. They reason, make decisions, and act across APIs and data in ways that aren’t strictly deterministic.

Securing them requires deeper visibility into LLM flows and tool execution, as well as new enforcement models that constrain behavior without breaking utility.

We’re looking for the infrastructure layer that makes agentic systems observable and controllable.

Continuous Threat Exposure Management
CTEM shouldn’t be another dashboard of CVEs with a different risk score.

True exposure management must be hyper-specific to an organization’s environment, including network reachability, identity paths, cloud posture, data sensitivity, and real attacker behavior.

We’re excited about platforms that move beyond static feeds like KEV and EPSS, ingest internal context and unstructured data, model exploitability probabilistically, and continuously drive exposure reduction tailored to the business.

We believe the next generation of security leaders will rebuild foundational layers, not just improve workflows.

If that’s what you’re working on, let’s connect in San Francisco.

Lastly, we’re hosting a small, invite-only breakfast for CISOs and Security Leaders on Tuesday, March 24th, to discuss how these trends are playing out in practice, where the friction lies, and what’s still missing. If you’re a security leader who’d like to join the conversation, let us know.

This article is for informational purposes only and does not constitute investment advice. Saaya Pal and Aqil Pasha are affiliated with Jump Capital and the expressed herein represent the opinions of the authors and Jump Capital. Jump Capital may have investments in or pursue investments in the cybersecurity sectors and companies discussed. References to specific companies do not constitute investment recommendations.