First Thoughts from Bonfy!

It has been a few weeks since I joined Bonfy.AI and I thought this would be a good time to share my experiences during this period of transition, talking to customers and prospects and yes, from activities outside of work, like watching movies! Because one thing is sure, in a seminal period of technology evolution like the one we are experience now, it’s hard not to be thinking about certain facets of technology which have become omnipresent, such as GenAI and the thing that drives it, data!  

Let me start by what drove me to Bonfy. Like what we were taught at the business school’s entrepreneurship 101 class, for an enterprise to be successful, there has to be a winning combination of People, Problem, and Solution Viability. Translating that to the model, which I personally employ a lot, emphatic answers to the burning questions of Who? What? Why? How? and When? I didn’t want to make this first blog too much about the product sausage making or a roadmap, hence will spare the last two. Let’s spend some time then on the others, shall we? 

The People

I have had the honor and privilege of working with Danny Kibel, Bonfy’s co-founder and CTO, at three of my previous roles a) at Idaptive/Centrify, where he was CEO, b) at CyberArk where he led the entire R&D, c) and at Cisco where we built a multi-context aware management system. Knowing him and his smart but humble approach to solving complex technical challenges and managing teams for effective execution, it was natural for me to be curious about his next venture after CyberArk.  

We met and he introduced me to Gidi Cohen, Bonfy’s other co-founder and CEO, an extremely smart and charismatic leader, a serial entrepreneur with many feathers in his cap and someone exuding confidence and conviction at levels I have seen in only a few other leaders in my professional life. I quickly realized that given the problem they were trying to solve, I needed to, as my teenager son would put it, “lock in.” That brings me to the problem Bonfy is trying to solve. 

The Problem

The problem is data and its many consumers, humans, machines (and their various manifestations), their unpredictable behavior, and what follows when you mix these two. The results can be possible irreparable damage caused by breaches from short-term impacts such as interruption to business, to some very long-lasting ones such as loss of customer trust, higher cost of cyber insurance among the primary ones. Some of the previous Bonfy blogs do a great job capturing the problem statement as also the below excerpt from a blog from our lead investor TLV partners: 

“As GenAI becomes embedded in everything from email to code to customer communication, the line between human- and AI-generated content blurs. Sensitive information flows faster, gets repurposed endlessly, and often bypasses the traditional security stack entirely. Legacy DLP systems weren’t designed for this. Most GenAI security tools aren’t either.” 

In other words, GenAI is not the problem itself but rather one of the main causes behind the effect of the exponential rise of data at rest, transit, and use, and how the decades old, and a very well established and seemingly mature technology of data loss prevention (DLP), is falling flat on its face trying to adapt to this extremely fast evolving space.  

One may argue that the existing solution itself has become part of the problem. It’s probably like what the automobile did to the infrastructure of the late 19th century when it first came out! So, let’s not blame the driver of the next revolution but focus on what needs to change around it so that it can be a roaring success and we humans can move on to thinking and worrying about the next big thing. I strongly recommend Gidi’s blogs on how a new way of doing DLP is required in the AI-powered enterprise, since the ways in which the Enterprise is going to be deploying GenAI for content generation is only going to increase over time given the benefits that it offers.  

This is a perfect segue into the Solution and why we strongly believe in its viability. 

The Solution

As is evident from the “Problem” section, we need a “New Way” (Next-Gen) of looking at DLP for the AI-powered Enterprise. The aforementioned blogs have excellent outlines of what the Next-Gen DLP would have to look like to cater to the fast-evolving needs in a GenAI powered world. Key additional strategic factors to note that are driving and influencing this evolution are: 

• Alignment of data security and governance with GenAI governance 
• The new solution itself needs to not only address the gaps of the legacy DLP solutions (static, content based, non-adaptive, resource intensive etc) but also strike coherence with adjacencies within (DSPM, multi-channel DLP delivery) and outside (identity security, SaaS, SSE) of data security 
• Address and adapt to the fast evolving regulatory landscape in the context of GenAI 

As we discuss our solution with analysts (Gartner rates privacy and data security as the top security risk posed by GenAI, followed by enhanced attack efficiency, misinformation and fraud and identity risks) and customers, it’s quite evident that the next gen DLP solution cannot come fast enough. In fact some have expressed that they need the new risk and multi-context aware, adaptive, AI-driven DLP solution even for the non-GenAI content! Now imagine what will happen when these very customers also roll out GenAI (only a matter of time), potentially exposing sensitive data through shadow GenAI, RAG, and the fast-evolving MCP architectures.  

TL:DR (F1- The Movie, moderate spoiler alert!) 

The recently launched F1 movie centers on the idea of how even the most experienced of F1 racing teams sometimes fail to consider seemingly common factors and contexts when designing cars and planning for races. In one of the scenes, Sonny (played by Brad Pitt) highlights the importance of external elements beyond the vehicle itself, perhaps subtly hinting at his own intuitive understanding of racing dynamics. Well, as I was watching that, I couldn’t help but think of the vehicle as the content generated by humans and GenAI alike and the ambient factors as the multitude of contexts that the current age DLPs turn a blind eye to.