Cyber Legend Nir Zuk Bets Against AI Hype with New Firm Cylake

SUNNYVALE, CA – March 05, 2026 – Nir Zuk, the iconoclastic founder of cybersecurity giant Palo Alto Networks, has issued a stark warning to the tech industry: the pervasive narrative that generative AI will render dedicated cybersecurity platforms obsolete is not just wrong, but dangerously shortsighted. In an open letter published today, Zuk challenged the prevailing hype, arguing that fundamental architectural and economic constraints will prevent AI from being a silver-bullet replacement for purpose-built security.

Putting his money where his mouth is, Zuk simultaneously announced the launch of his new venture, Cylake, a cybersecurity company built on the very principles outlined in his letter. Backed by an impressive $45 million seed round led by Greylock, the move marks a dramatic return for one of the industry's most influential figures, who is once again making a contrarian bet against the current of popular opinion.

“There is a growing narrative that AI will disrupt cybersecurity as we know it, and that generative AI systems will replace products, compress categories, and render large portions of the industry obsolete,” Zuk stated in his letter. “I fundamentally disagree.”

A Visionary’s Contrarian Bet

For those who have followed his career, Nir Zuk’s latest move is characteristically bold. After helping develop foundational firewall technology at Check Point in the 1990s, he founded Palo Alto Networks in 2005 with the radical goal of reinventing a market he saw as complacent. Over two decades, he built the company into a global leader with a market capitalization exceeding $91 billion before his retirement in August 2025.

His decision to launch Cylake comes at a time of intense market speculation, with many predicting that generative AI will consolidate the cybersecurity landscape, potentially crushing smaller, specialized vendors. Yet, Zuk sees not a dead end, but a “fork in the road.” He argues that the industry’s rush to embrace public cloud-based AI security has left a significant portion of the market—as much as a third, by his estimation—underserved.

This new venture is not a tentative step back into the industry. The substantial seed funding from Greylock, which also provided early backing to Palo Alto Networks, signals strong investor confidence in Zuk’s vision. Cylake is already working with a select group of design partners, with a full product launch anticipated in early 2027, aimed squarely at the market segment he believes others are ignoring.

The AI Reality Check: Cost and Complexity

At the heart of Zuk’s argument is a critical architectural constraint. For generative AI to deliver on its promise of end-to-end protection, it requires comprehensive, unthrottled access to an organization’s complete security data, from network logs and endpoint telemetry to cloud workloads. According to Zuk, this creates two immense, often-overlooked problems.

First is the staggering cost. Ingesting, processing, and retaining the petabytes of data required for effective AI analysis in public cloud environments can be “prohibitively expensive.” Industry data validates this concern. Cloud providers charge for every gigabyte stored, ingested, and transferred. Services like Amazon Security Lake, designed to centralize security data, come with their own ingestion and normalization fees on top of standard storage costs, which can quickly escalate into millions of dollars for large enterprises.

“Generative models can now review code and infrastructure, identify anomalies, uncover vulnerabilities, and automate responses with increasing sophistication,” Zuk acknowledged. “However, GenAI is only as powerful as the data it can operate across.”

Beyond cost, experts note the dual-use nature of AI poses its own challenges. While it enhances threat detection, it also arms adversaries with tools to create sophisticated malware and hyper-realistic phishing attacks. Gartner has identified AI-assisted attacks as a top emerging risk, predicting that by 2030, over half of security budgets will need to shift towards preventive measures as traditional detection tools become less effective against AI-enhanced threats.

The Data Sovereignty Dilemma

The second, and perhaps more intractable, challenge Zuk highlights is the web of regulatory, privacy, and security constraints that govern data. For a large class of organizations—particularly in government, defense, finance, and healthcare—passing sensitive data through shared, multi-tenant public cloud infrastructure is simply not an option. Regulations like Europe’s GDPR and the U.S.’s HIPAA impose strict rules on data residency, processing, and control, creating a demand for data sovereignty that public clouds struggle to meet.

This is the specific gap Cylake aims to fill. The company is developing an AI-native, data-driven security platform designed to operate entirely on-premises or within a customer’s private cloud. This architecture allows organizations to maintain absolute control over their data and operations, aggregating telemetry from all sources into a unified data layer that is processed locally. By keeping the analysis within the customer's environment, Cylake's platform bypasses the data sovereignty and privacy concerns inherent in public cloud solutions.

This approach directly addresses the needs of organizations that cannot, for legal or security reasons, expose their most sensitive information to external infrastructure. Zuk believes this market is substantial and has been largely ignored in the industry's “overrotation” towards cloud-native security.

A Segmented Future for Security

Instead of a consolidated market dominated by a few AI-powered platforms, Zuk predicts a future of increased segmentation and architectural variety. He urges security leaders to resist the temptation to scale back investments in dedicated cyber protection under the assumption that “AI will replace everything.”

Market trends suggest he may be right. While large vendors continue to build out their platforms through acquisition, venture capital investment remains strong for what investors call “differentiated AI-centric plays.” In 2025, AI-native startups accounted for over half of all global cybersecurity VC deals, indicating a belief that specialized, innovative solutions still have a crucial role to play.

By launching Cylake, Zuk is betting that a one-size-fits-all approach to security will fail, and that organizations with the highest security and compliance needs will require a different class of tools. His open letter serves as both a mission statement for his new company and a call to action for the entire industry to look past the hype and confront the complex realities of securing a world transformed by AI. As he concluded, “The only way AI kills cybersecurity is if we let it lull us into accepting less than purpose-built protection.”