Read about the Open Defense Initiative
Sign in Request demo

Why Defenders Can’t Bet on One Model

Over the last few months, one of the most advanced cybersecurity models in the world went from broadly discussed as a major leap forward, to available only to a select group of organizations, to behaving differently depending on who was querying it or what kind of request was being made, to being caught up in export controls that restricted access entirely.

The lesson is bigger than any one company or any one model. It is about what happens when critical security capabilities become dependent on infrastructure that customers do not control.

My cofounders and I have believed for a long time that cybersecurity becomes even more important in a world where intelligence is abundant. As models get better, attackers get more leverage and defenders need help. They need systems that are highly reliable, available, governed properly, have the required enterprise features and integrated deeply enough into their environment to produce consistent outcomes all the time.

Security teams cannot afford to wake up and find that the system protecting their software behaves differently than it did yesterday, is no longer available in their region, or is suddenly limited by policy decisions outside their control.

That is why the next generation of AI security products has to be independent of any single model provider. The product layer needs to be able to use the best model for each task, switch when the landscape changes, and preserve the customer experience even as the underlying models evolve.

This belief has shaped how we built depthfirst.

We use the best models available, but we are not dependent on any one of them. Our custom, state of the art security harness constantly routes to best in class models for the task and we continuously measure performance with very deep evals built through years of research. We have also invested heavily in our own AI research and post-training so that verified customers can access frontier cybersecurity intelligence directly through a rigorous KYC process.

That was not the obvious path when frontier foundation models were already available. It required time, capital, and a belief that security would demand more specialized systems than general-purpose models alone could provide. Our work here has strengthened that belief.

Our systems found 21 vulnerabilities in FFmpeg and discovered NGINX Rift, an 18-year-old remote code execution vulnerability in one of the most widely deployed pieces of internet infrastructure. These are just the tip of the iceberg — we have found and remediated thousands of vulnerabilities in popular open source projects that are being responsibly disclosed and released.

The point is not that any single model, including ours, will always be the best. It is that cybersecurity requires a durable intelligence layer that can adapt as models, policies, providers, and access change.

Different models will come and go. Some will be better at code reasoning. Some will be better at exploitability analysis. Some will be better at remediation. The best systems will know how to use the right model for the job while continuing to build and preserve specialized security intelligence of their own. The future of cybersecurity is not reliance on a single model, but will be defined by systems that turn changing model capabilities into consistent security outcomes, providing high reliability, availability and features that enterprises care about.

See what autonomous security looks like

Request demo