For the last two decades, cybersecurity has largely been shaped by the logic of prevention. First came the perimeter and firewall era: keep attackers out. Then came zero trust in the late 2010s: every user, device, and workload must continuously prove itself. Zero trust was an important step forward, but it still carries the implicit assumption that with the right controls, correctly configured, organizations can meaningfully prevent compromise.

That assumption is getting harder to defend. A stolen credential can sail through every zero trust control undetected, and code from a trusted vendor can carry an attacker deep inside your environment, legitimately authenticated the entire way. 

Today’s environments are more dynamic, more distributed, and more difficult to map and inventory than ever before. Cloud infrastructure is sprawling, human and non-human identities are proliferating, code-gen is flooding the world with new apps, agents and integrations, each one a potential entry point, and now agents are multiplying the number of possible attack vectors and permutations of attacker behavior. The result is not just that the attack surface is growing. It is expanding combinatorially, in ways that make purely preventative security models feel increasingly incomplete.

That is why we’re excited to announce our investment in Tracebit.

Why Now: Increasing Security Asymmetry

Security has always been an asymmetric game. Defenders have to protect everything; attackers need to find one path that works. What is changing now is the speed and scale of that asymmetry.

AI dramatically favors the offense. It enables attackers to automate reconnaissance, scale social engineering, and move through environments with a level of speed and adaptability that older security architectures were never designed to handle. At the same time, the attack surface itself is growing exponentially, and stochastic agents are multiplying the number of possible entry points into enterprise systems. 

In that world, the old question of “how do I stop every intrusion?” becomes less useful than a harder and more practical one: “how do I know immediately when something malicious is operating inside my environment?”

That is the core insight behind “assume breach.” The best security teams are increasingly recognizing that resilience matters more than the illusion of control. They need signals that are early, credible, and operationally useful. They need products with a high signal-to-noise ratio: systems that do not just generate more alerts, but generate the kind of alerts that actually matter.

Why Tracebit: The Era of “Assume Breach”

That is exactly what drew us to Andy and Sam at Tracebit. 

At its core, Tracebit is building a modern deception and canary platform for the assume-breach era. The idea is simple: place realistic decoys across an environment — credentials, cloud resources, identities, endpoints, Kubernetes objects, CI/CD systems, and other assets that should rarely be touched during normal operation — and if they are touched, something is wrong. Not potentially wrong after a week of correlation and triage, just wrong.

Canaries are not a new idea. What’s been missing historically is a way to make them practical for modern environments. This is where Tracebit stands out. They are building a platform that makes canaries dynamic, well placed, realistic, and scalable across the kinds of environments security teams actually run today. Tracebit supports deployment across AWS, Azure, GCP, Kubernetes, identity environments, workstations, credentials and artifacts, and CI/CD systems. The product elegantly leverages AI itself to analyze customer environments, generate canaries that fit naturally into those environments, and continuously adapt those canaries as infrastructure changes. That makes the deception more believable, the deployment more scalable, and the resulting detections much more valuable.

And it matters for a broader reason: the future security stack will need more systems that are attacker-agnostic and technique-agnostic. If agentic attackers can invent new paths into an environment faster than defenders can anticipate them, then one of the few reliable answers is to spread smart traps widely enough that attackers trip over them early in the kill chain. In our view, deception is moving from niche to necessary. Tracebit is the clearest embodiment of that shift we’ve seen.

What’s Next: Defining a Category

Tracebit’s public customer list includes organizations such as FirstMark portfolio companies Synthesia and Riot Games, as well as Docker, Cresta, Snyk, Admiral, Compass and more. There is a much longer list of household names who’ve been flocking to Tracebit that, naturally, don’t want to reveal their deception strategy to their adversaries. These are all demanding security teams running large, complex environments, and their adoption is a strong signal that assume-breach architecture is moving into the mainstream. 

More broadly, we think this architecture is becoming table stakes across the market. Not because prevention stops mattering, but because prevention alone is no longer enough. The winners in this next era will be the teams that can detect malicious activity earlier, respond faster, and make it much harder for attackers to operate successfully once they are inside an environment. We believe the operating metrics that will increasingly matter are time to detection, time to response, dwell time and false positive rates, and Tracebit is incredibly aligned with that shift. 

Andy and Sam are exactly the kind of founders we love to partner with to build for moments like these: technically deep, product-minded, and unusually insightful (you can read Andy’s first post on honeypots, written weeks after Instagram first launched) about what modern security teams need. They have one of the most compelling product roadmaps in security ahead of them, building towards a foundational assume-breach platform that arms security teams with quick, scalable detection and peace of mind as they navigate the wild new world. We’re thrilled to partner with Andy, Sam, and the entire Tracebit team!