.svg)
.svg)
.svg)
Raven co-founder and CEO Roi Abitboul recently sat down with Pulse 2.0 to discuss why AI has fundamentally broken the assumptions that traditional security tools were built on, and what organizations need to do about it before the gap gets any wider.
The full interview is worth reading. Here are the ideas that matter most.
The Blind Spot That Started Everything
Roi spent eight years in the IDF's Ofek 324 elite intelligence unit before co-founding Javelin Networks, which was later acquired by Symantec. Through both experiences, he kept running into the same structural problem.
Security teams had visibility everywhere around the application. Network traffic. System processes. Endpoint behavior. But the application itself, the thing processing transactions, running business logic, handling customer data, was essentially a black box.
"Defenders cannot protect what they cannot see," Roi told Pulse 2.0. "The most damaging attacks do not happen at the perimeter. They happen inside the application, in the execution chain, in the behavior of dependencies you trusted implicitly."
The industry's response to this problem was always the same: add another layer outside the application. Monitor more signals. Correlate more alerts. Raven went in the opposite direction.
Why CVE-Based Security Is Now Structurally Broken
The CVE model assumes defenders have a window between vulnerability disclosure and exploitation. Patch fast enough and you stay protected.
That window is gone.
AI has collapsed the economics of offensive security in ways that break every assumption traditional defense was built on. Roi pointed to Anthropic's Claude Mythos research as a concrete example, demonstrating that AI can accelerate every step of the exploit lifecycle, from vulnerability discovery to weaponization to deployment, faster than any patch cycle can match.
The data backs this up. Approximately 70% of exploits in enterprise environments arrive with no CVE at the time of attack. 42% of exploited vulnerabilities last year had no CVE at time of exploitation. The tools your team depends on to trigger alerts, match signatures, and prioritize remediation are built around CVE identifiers. When no CVE exists, those tools are silent.
"The orgs still betting on CVE-based prioritization and reactive patching are essentially planning to be late to every fight," Roi said. "The only viable response is shifting to runtime detection, catching the exploit in execution rather than racing to close the door before it opens."
What Runtime Visibility Actually Means
Raven's core product is runtime exploit prevention, stopping exploits from executing in real time, before damage is done.
Two things differentiate the approach:
- Near-zero performance impact. Previous attempts at runtime visibility required code injection or instrumentation that introduced performance degradation production teams would never accept. Raven achieves the same visibility through patented eBPF-based technology, without touching the application code, without restarts, and with less than 0.4% CPU overhead.
- CVE-agnostic protection. Raven monitors application behavior at runtime rather than matching against known signatures. Zero-days, CVE-less exploits, and novel attack techniques are stopped on behavior alone, not by waiting for a patch or a published vulnerability identifier.
"Raven operates within the running application, with full visibility into what is actually executing at runtime," Roi explained. "That means Raven catches threats that look completely normal from the outside but are anomalous where it matters: within the application itself."
The Market Moment
Two forces are converging to create the market opportunity Raven is built for.
First, the attack surface has fundamentally changed. Applications are no longer monolithic and static. They are dynamic, dependency-heavy, and increasingly AI-generated, making the code running in production harder than ever to fully audit before deployment.
Second, regulatory pressure is catching up. The EU Cyber Resilience Act and evolving software supply chain requirements are asking organizations to prove they know what is running in their applications, not just what they shipped. That is a runtime visibility problem. Most of the market has no good answer for it.
The highest-priority targets are financial institutions and healthcare, environments where a breach is not a reputational event but an operational catastrophe, a regulatory crisis, and in healthcare's case, potentially a patient safety issue.
This is why the buyer has changed.
The CISO in these organizations is no longer responsible only for infrastructure, networks, and endpoints. They now own the security of software factories: thousands of developers, constant releases, open-source dependencies, CI/CD pipelines, and production runtime behavior.
That creates a new security problem. The tools built for infrastructure visibility were not designed to understand what code is actually running, which libraries are being used, and where real application risk exists in production.
Raven was built for this new CISO - the one securing software, not just infrastructure.
Advice for Security Leaders Right Now
Roi closed the interview with three pieces of advice for security leaders navigating AI-driven threats:
- Embrace automation and intelligence on the defensive side. If attackers are using AI to move faster, defenders need systems that can reason, prioritize, and act with minimal human intervention.
- Stop relying on reactive detection only. Attackers are generating novel attack paths, chaining misconfigurations, and exploiting logic flaws that will never show up in a CVE database. A program centered on patching known issues is always a step behind.
- Acknowledge that detection alone is no longer enough. AI has dramatically lowered the cost of generating high-volume, highly adaptive attacks. In this environment, a purely detect-and-respond model becomes a losing game.
The Long-Term Bet
Roi's long-term vision is straightforward: protect every server in the world from cyber intrusions. A world where organizations of any size can deploy infrastructure without needing a team of elite security experts just to stay safe.
"Today, security is often reactive, fragmented, and overly complex," he said. "Raven's role is to flip that model into something proactive, unified, and automated."
The full Pulse 2.0 interview is available here.
FAQ
What is CVE-less attack detection? CVE-less attack detection is the ability to identify and block exploitation of vulnerabilities that have no publicly assigned CVE identifier at the time of attack. Approximately 70% of enterprise exploitation falls into this category. Traditional security tools that depend on CVE identifiers to trigger alerts are structurally blind to these attacks.
What is runtime application security? Runtime application security refers to the ability to monitor and protect application behavior at the point of execution, inside the running application process, rather than at the perimeter or the host level. Runtime security platforms detect anomalous execution behavior regardless of whether a CVE exists.
How does Raven differ from traditional security tools? Traditional security tools operate outside the application, inspecting network traffic, monitoring host-level processes, or matching dependencies against CVE databases. Raven operates inside the running application using patented eBPF-based technology, observing library-level execution behavior with less than 0.4% CPU overhead and no code modification required.
Why has AI made CVE-based security obsolete? AI has collapsed the time between vulnerability discovery and exploitation from weeks to hours. The CVE publication pipeline, a human-mediated, coordination-intensive process, cannot keep pace. When exploits arrive before CVEs are assigned, every security control that depends on a CVE identifier to activate is operationally blind to the majority of active threats.
.png)
