Security Is Only Truly Security When It Is Native

The most valuable thing I gained from building security products at AWS was the opportunity to sit with security leaders and practitioners across nearly every Fortune 500, and beyond. I listened. 

Cloud providers offer powerful native controls. They're essential for building secure architecture. The problem is operationalizing them. It's hard in one cloud. It becomes unmanageable across multiple clouds. It doesn't scale. 

Now add AI, it accelerates everything: the pace of infrastructure change, the push toward multi-model and multi-cloud architectures, the speed of attacks. Detection and response still matter. They just cannot be the core strategy. 

The scalable path forward is native. Security embedded into infrastructure. Enforced at the source. Adapting continuously as the business changes, as cloud services evolve, as new capabilities emerge. Not security that watches. Security that is.  

What's been missing is a control plane that unifies native security controls across clouds and translates security intent into an operational system. Define intent once, safely roll it out through each cloud's built-in controls, and keep everything aligned as the environment changes. 

Today, we publicly launch Native.

What I Learned Inside AWS

Inside AWS, you learn quickly that security at scale is an architectural discipline. Detection matters, but it's not the foundation. The foundation is secure-by-design infrastructure, continuously enforced.  

It's hard. Even with the best people. Even with direct access to those who built the services. 

Then I watched our customers try to do the same thing. We would host the world's top security teams in executive briefing centers and present “the slide”: a massive grid of building blocks representing dozens of security services and controls, complex enough on its own, before you realize each block represents dozens of APIs and layers of configuration. Impressive. Also unreasonable to expect anyone to master all of it. 

As one customer told me: there just aren't enough hours in the day. 

The building blocks exist. They're native to each cloud. The operating manuals exist, scattered across documentation pages, blogs, videos, tribal knowledge. But turning all of that into a living system that continuously enforces security at the architectural level? That's where everyone struggles. That's where we saw the opportunity.

Why Now 

Three forces are converging that make this moment different. 

AI-augmented attacks compress time. When adversaries operate at machine speed, security that depends on human response time is already behind. 

Multi-cloud is shifting from reality to strategy. AI adoption is pushing organizations toward multi-model architectures that span providers. Heavy compute workloads make vendor lock-in impractical. Resiliency requirements demand fallbacks across providers, increasingly a regulatory mandate. The experienced security leaders I speak with do not confuse their multi-cloud visibility with their ability to run a multi-cloud security program. 

The talent gap isn't closing. Finding experts in one cloud is hard enough. Finding multi-cloud expertise at the pace complexity is compounding is nearly impossible. We can't hire our way out. We need a different operating model. 

What We Built 

Native is the cloud security control plane for the enterprise. 

One place to define security intent and operationalize it across AWS, Azure, GCP, and OCI using each provider's built-in controls. We don't replace what you already have. We make what you already have effective and consistent. We partner closely with all four major providers and deliver their latest capabilities at, or before, public launch. 

Native is not another dashboard. It's an operating system. 

A security team defines what must be true. Native translates that intent into provider-specific controls, simulates impact before anything changes, deploys safely, keeps enforcement aligned as the environment evolves. 

Why This Couldn't Exist Before 

Two things had to be true. 

The native controls had to be ready. Go back a few years and many foundational enforcement capabilities were immature or missing. Even one or two years ago, a meaningful share of what enterprises rely on today did not exist. The providers listened to their customers, and accelerated. The toolbox is finally deep enough to build secure-by-design architecture as a system. 

AI had to be capable enough to close the operational gap. Most cloud security work is manual: mapping intent to controls, understanding interactions, simulating impact, planning rollouts, managing exceptions, and keeping up with constant change. It demands expert humans and time, and it does not scale. 

Native can walk into an environment and understand thousands of control states across multiple providers. It turns that complexity into an intent-based view of your security architecture in plain language. Then it executes: planning, simulation, rollout, and continuous alignment. 

A Fortune 100 customer watched a single policy statement translate into hundreds of controls across dozens of services and multiple clouds. Work that took months executed in minutes. 

A specialist security architect from one of the major cloud providers watched us walk through an operationalization flow in under a minute. Their response: "What you showed there represents a three-month consulting engagement." 

What Changes  

The industry has gotten good at observation. We can detect misconfigurations, flag anomalies, and surface risk faster than ever. 

But observation from the outside has a ceiling. No matter how good your visibility is, you are describing the state of an environment you do not control. You document problems and send them to someone else to fix.  

Native changes the nature of the work. 

When controls are embedded into the architecture, dangerous patterns don't persist while a ticket works its way through a queue. The environment is secure because the architecture demands it. You stop managing risk and start architecting it out of existence. 

This is how you reduce the security tax.  

Every control enforced at the architectural level is an exposure that never existed, a ticket that was never opened, an escalation that never happened.  

And the business feels the difference.  

CEOs want speed in cloud and AI. CISOs want to be an enabler, not the bottleneck. When security is embedded into the architecture, engineering moves quickly inside a secure foundation.   

A CISO recently told me: “With Native, I can go to my CEO and my board and confidently say: adopt whatever service, whatever model, in whichever major cloud you need. Our security team can handle it without adding headcount.” 

That's when security earns a seat at the table. Not by presenting risk reports, but by enabling the business to move faster than competitors with standards that hold.

Thank you

Something rare came together here. The right co-founders in Gal and Eyal, with deep, deep domain expertise, and excellence that raises my bar every day. The right investors, who know this space so well. Early customers who saw the vision, trusted us with their environments, and helped shape the product. The right team to execute. The right advisors and network (Zohar, you have been a steady rock throughout). When all of this converges around a unique idea the market genuinely needs right now, there is an extraordinary opportunity to have an outsized impact. So thank you, for the belief and support until now, and for what is yet to come. And of course, there is what we do, and there is why we do it. The biggest why for me is my family. Thank you to my wife and children for the sacrifice and support, and to my parents for everything.

The Future of Cloud Security Is Native

Native is the first cloud security company born in the AI era. That gives us the privilege, responsibility, and necessity to do things differently. To build a new operating system for cloud security. 

A VP of Cloud Security at a Fortune 500 told us that with Native, a five-person AWS security engineering team now operates like a twenty-person team with real coverage across four clouds. The impact we are seeing today is only the start. The next step is not incremental. It compounds. From five to twenty. From twenty to two hundred. And beyond. 

To get there, we have to change the nature of security work itself. From dashboards to a control plane. A platform where security can calmly build the systems that propel the business forward safely, securely, at speed.  

The hallmark of native security is silence. Quiet confidence of systems that hold. 

Security is only truly security when it's native.  

I’d love to hear your thoughts. Please don’t hesitate to reach out.