Hesitation is the New Vulnerability
I hope the start of the year has been productive as you navigate the evolving threat landscape.
As we move deeper into 2026, I wanted to share something I've been thinking about as I settle into my role at Surf AI and reconnect with peers across the industry: we are entering a fundamentally different operating environment.
Last month, I talked about scale and speed. This month, I want to talk about decisiveness.
The Numbers Tell the Story
According to CrowdStrike's recent threat report:
- Cloud intrusions increased 136% in the first half of 2025 compared to all of 2024
- 81% of interactive intrusions were malware-free
- AI and agentic AI are introducing a 10x to 100x increase in complexity across day to day security work, from alerts and logs to decisions, configurations, and remediation
- Attacks are becoming increasingly bespoke, adaptive, and context aware
The Challenge: Fragmented Context
The challenge is that most security environments still lack the shared context needed to operate at this scale. Identity, cloud activity, historical behavior, vulnerabilities, and intent all live in different places. Without a unified understanding of the environment, even when you know what's wrong, you cannot act on it fast enough to matter.
“Hesitation is the new vulnerability.”
What We're Building at Surf AI
The next generation of security must be built around persistent environmental understanding.
Not just logs. Not just alerts. A living model of your organization that understands relationships, history, intent, and risk in real time.
Our approach: By continuously mapping relationships, history, and behavior across an organization, our Context Graph enables specialized AI agents to detect meaningful risks and redundancies, validate intent with the right owners, and safely execute the actions that fix posture, maintain compliance, and reduce costs.
The outcome: Continuous hygiene, intelligent remediation, and security operations that actually keep pace with the business.
What This Means for You
I am not interested in replacing people or automating judgment. I am focused on arming and augmenting defenders with the capabilities they need to withstand this acceleration, while reducing the constant effort spent reconstructing context. That is where humans add the most value.
Looking Forward
We'll continue expanding our Context Graph capabilities and deepening our agent expertise across identity governance, cloud posture, and SaaS security. Our focus remains on eliminating context reconstruction overhead so security teams can execute at the tempo their environments demand.
Let's make 2026 the year security keeps pace with the business.
Yonesy Núñez
CISO, Surf AI
Yonesy Núñez is a five-time CISO with over two decades of experience securing some of the world's most complex financial institutions, including DTCC, Jack Henry, and Wells Fargo, and currently serves as CISO of Surf AI.