Unlike other software, security product value is hard to prove. If a tool finds nothing, it's unclear if the tool failed or if there were no issues to begin with. This shared uncertainty for both buyer and seller makes it difficult to assess true value.
Related Insights
AI audits are not a one-time, "risk-free" certification but an iterative process with quarterly re-audits. They quantify risk by finding vulnerabilities (which can initially have failure rates as high as 25%) and then measuring the improvement—often a 90% drop—after safeguards are implemented, giving enterprises a data-driven basis for trust.
Security products are naturally sold top-down. CISOs need central governance over a fragmented tool landscape, and the product's value is subjective and hard to measure (like insurance). This environment favors a high-touch, relationship-based sales motion, making pure bottom-up adoption difficult to monetize.
Pursuing 100% security is an impractical and undesirable goal. Formal methods aim to dramatically raise assurance by closing glaring vulnerabilities, akin to locking doors on a house that's currently wide open. The goal is achieving an appropriate level of security, not an impossible absolute guarantee.
The AI security market is ripe for a correction as enterprises realize current guardrail products don't work and that free, open-source alternatives are often superior. Companies acquired for high valuations based on selling these flawed solutions may struggle as revenue fails to materialize.
In a security marketplace, customers don't *want* to find the "product" (vulnerabilities), creating a negative feedback loop unlike eBay. Bug Crowd's founder realized the moat couldn't just be network effects; it had to be the proprietary data used to match the right hackers to the right problems, maximizing success for both sides.
While the computational problem of finding a proof is intractable, the real-world bottleneck is the human process of defining the specification. Getting stakeholders to agree on what a property like "all data at rest is encrypted" truly means requires intense negotiation and is by far the most difficult part.
A formal proof doesn't make a system "perfect"; it only answers the specific properties you asked it to prove. Thinking of it as a perfect query engine, a system can be proven against 5,000 properties, but a critical flaw might exist in the 5,001st property you never thought to ask about.
A major unsolved problem for MCP server providers is the lack of a feedback mechanism. When an AI agent uses a tool, the provider often doesn't know if the outcome was successful for the end-user. This "black box" makes iterating and improving the tools nearly impossible.
A core pillar of modern cybersecurity, anomaly detection, fails when applied to AI agents. These systems lack a stable behavioral baseline, making it nearly impossible to distinguish between a harmless emergent behavior and a genuine threat. This requires entirely new detection paradigms.
Don't overcomplicate defining value. The simplest and most accurate measure is whether a customer will exchange money for your solution. If they won't pay, your product is not valuable enough to them, regardless of its perceived benefits.
