• United States




The AI hype machine – let’s be careful out there

May 17, 20185 mins
Artificial IntelligenceData and Information SecurityTechnology Industry

AI over-marketing by security vendors is poised to confuse, frustrate and ultimately disillusion potential customers. We’re at a challenging point in the early maturity of the AI market: now is the time to set proper expectations so that both security vendors and customers be successful.

As a venture investor focused on AI-enabled software, I’m a promoter of the technology. It can and does provide enhanced value.

But over the past three weeks, attending the RSA Security Conference in San Francisco and AI Congress in Las Vegas, I have become somewhat concerned about the market. Both shows drove home how overhyped my beloved focus area has become.

This AI overmarketing is going to confuse, frustrate and ultimately disillusion potential customers.

This hype began over a year ago.  In fact, last year, Gartner proclaimed that AI had reached the “peak of inflated expectation.” All the signs pointed to that view: There has been mass media coverage, usage has grown from early adopters and negative press has begun. The next stop on this journey is the trough of disillusionment. I’m hoping the industry can limit the depths of that trough by getting real about what AI is and what it can actually do.

A journey to the peak

My recent trip to attend the RSA in San Francisco seemed like a voyage to Gartner’s peak. The hype machine began as soon as the plane landed at SFO. Exiting the jetway, the first airport ad I saw was from a security vendor claiming that its AI tech could thwart my organization’s phishing attacks.

Maybe this product could solve some of these attacks, or even most, but certainly not all. But there is some percentage of the population that will see the ad and try it or become customers. Ads work. That’s why companies continue to pay for them.

Getting on the 101 and heading north to my hotel near the Moscone Center, I saw a billboard. This vendor claimed its solution leveraged AI to provide immunity from cyberattacks. Clever marketing, but again I’m struck by such exaggerated claims.

Once on the RSA Expo show floor, including the Early Stage Expo, 500 vendors marketed their solutions to the world’s cybersecurity woes. My best estimate is that at least half of these were trumpeting the proprietary AI or machine learning in their products.

A false view of the market’s progress

Assessing the landscape at the show, you might think AI/machine learning was already a commoditized market. You might think the science has been solved. You might assume the technology has been easily and cost-effectively implemented in today’s hardware and software, and that there is voluminous training data easy to access and leverage.

But that’s not where the market is right now. Using a baseball analogy, we are in the first inning of an AI-based solutions market. There are some great companies out there leveraging highly focused applied AI to targeted problems. They work. In some cases, they provide endpoint protection far greater than their competitors. In others, they detect anomalies in SIEM data otherwise undiscovered.

But there aren’t 250+ companies who have solved all of the world’s cybersecurity problems with today’s implemented technology.  We still have a lot of innovation, development and training to do before we get there.

Artificial artificial intelligence

What’s most disturbing to me are the number of companies that are claiming they have AI, when they’re really using pre-defined statistical algorithms (like many of us learned in college), and then hand-tuning the system on historical data to optimize performance at run-time. This isn’t ML. This isn’t AI. This is optimized statistical modeling.

Switching locations to Las Vegas, while at AI Congress I heard an AI-focused IT executive from a major bank talk about how much AI the bank was already using in its fraud department. The exec then discussed how the algorithms were manually tuned by the company’s data science team to outperform static models with preset behavioral thresholds. This isn’t AI! It may be intelligent, but it’s not artificial intelligence!

What worries me then is that there will be enough buyers of these existing solutions that will overpromise and then underdeliver, hurtling us into the trough of disillusionment. If the AI solutions of the first inning create this dynamic, will the customers be there for the innovators of the second inning – those companies whose solutions in theory should provide enhanced performance?

I have to admit that companies are in a bit of a dilemma now.  If you want to be considered an innovative leader, you have to claim you have AI under the hood. But if you overstate your claims, you potentially set yourself, and ultimately the broader industry, up for tremendous failure.

We’re at a challenging point in the early maturity of this market.  Only with proper expectations set can both security vendors and customers be successful. As a security executive, one should go into any trial or purchasing decision fully aware that no one solution provided today can do everything. The best targeted AI-based solutions can be very helpful in preventing many of the exploits commonplace today.  But no single solution covers the waterfront. And new products will constantly improve performance, as the exploits themselves become increasingly varied and sophisticated.

And as vendors, let’s all try to be a little more honest about what our products can and can’t do.  Let’s not tarnish the industry before it’s truly begun.


Rick Grinnell is a founder and Managing Partner of Glasswing Ventures, an early-stage venture capital firm dedicated to investing in the next generation of AI-powered technology companies that connect consumers and enterprises and secure the ecosystem. As a venture capitalist and seasoned operator, Rick has invested in some of the most dynamic companies in security, enterprise infrastructure and storage.

During his 17 years of venture capital experience he has led investments and served on the board of directors for companies such as EqualLogic (acquired by Dell), Prelert (acquired by Elastic), Pwnie Express, Resilient Systems (acquired by IBM), Trackvia and VeloBit (acquired by Western Digital) and is now lead investor and a member of the board of directors at Terbium Labs.

Rick is also active with various entrepreneurial programs at the Massachusetts Institute of Technology (MIT), Harvard and Tufts Universities, and is a frequent judge at MassChallenge. Rick’s contributions to the broader community include serving as a member of the Board of Directors of Big Brothers Big Sisters of Massachusetts Bay, as Vice Chairman of the Board of Overseers at the Museum of Science in Boston, and as a member of the Educational Council at MIT. Rick has been recognized by the New England Venture Network with the Community Leadership Award for his philanthropic work and contribution to the community.

Rick earned BS and MS degrees in Electrical Engineering from MIT and an MBA from HBS.

The opinions expressed in this blog are those of Rick Grinnell and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.