It’s Time for a Security Foundation Model

It’s Time for a Security Foundation Model

August 14 2025

By: Chang Xu

AI has solved code. Security is next.

Security is a uniquely AI-native problem:

  • Machine-generated data at massive scale
  • Infinite attack surfaces
  • Real adversaries who evolve fast
  • Real environments to train and test in

And yet… most current solutions are wrappers around general-purpose models or fine-tunes of open source LLMs to run on-prem. That’s adaptation, not transformation.

If language, vision, video, and code have all had their Cambrian moments, why not security? The next frontier is a security‑native foundation model — one capable of operating across domains, consolidating fragmented point solutions and learning the universal patterns of attack and defense.

The Opportunity Beyond Incrementalism

At Black Hat 2025, the “AI SOC analyst” takes many forms:

  • For triage vs. for taking autonomous action
  • Single LLM calls vs. complex multi-agent systems
  • Augmenting vs. replacing human analysts
  • On-prem vs. API-based deployments
  • Mid-market vs. enterprise CISO distribution channels

But these approaches meet the market, and the technology, where they stand today. The real opportunity is to take the lessons from foundation models, infuse them with deep security expertise, and direct that capability toward the enduring challenges of vulnerabilities and evolving threat actors.

What’s in the Way (and Why It’s Surmountable)

In conversations with security leaders at Hacker Summer Camp, a few themes came up repeatedly:

Data access — Security data is often locked away, but synthetic generation, curated human labeling and strategic partnerships can unlock high-value training sets without compromising privacy.

Output quality — Guided by experts, LLMs can produce secure, high-quality output. This is a workflow challenge, not a fundamental capability gap.

Complex threat chains — Current models can excel at simple vectors, but struggle with multi-step attacks. This is a temporary ceiling; multi-step, agentic execution will mature quickly.

Clear business value — Whether starting with enterprise-ready use cases (AI pen testing, red teaming, next-gen SIEMs) or going bottom-up via developers or mid-market first, the key is to deliver measurable outcomes and build proof points before scaling up to the CISO’s desk.

Why the Fragmentation Is the Opportunity

Most security products follow the same loop:

1. Extract a signal (via agents, integrations, feeds)
2. Correlate it to risk (from regexes to regressions to LLMs)
3. Map to potential impact (quantified in prior incidents)
4. Sell mitigation (budget + buy-in)

While point solutions are tuned for specific problems, a security foundation model could span multiple domains, cutting vendor sprawl and unlocking billion‑dollar TAMs. By learning the structure of security events, the relationships between them and their progression over time, it could address multiple verticals in parallel and combine those markets into a truly scalable opportunity.

From First Hints to Full Convergence

We’re already seeing the first signs of convergence. AI-driven pentesting could capture much of the bug bounty market by automating discovery at unprecedented scale. As these models advance, they can expand into AI red teaming — executing simulated, adaptive, multi‑vector attacks. Red teaming, in turn, produces rich datasets that feed directly into defensive applications like next‑gen detection, automated incident response and real‑time risk scoring.

In a world where secure‑by‑default code becomes the norm, powered by robust AI‑assisted development, the application security market could contract, as vulnerabilities are avoided at the source rather than patched after the fact.

This progression could play out across other security verticals as well. Today’s leading LLMs can already match entry‑level analysts in certain domains, and even outperform them outside their core specialties. As a security foundation model builds deeper expertise, it will tackle the simplest verticals first, then advance steadily into increasingly complex and specialized areas.

The Cambrian Moment in AI Security

When Anthropic Claude can breeze through a Capture The Flag (CTF) — a timed, team-based hacking competition that challenges both aspiring and seasoned security professionals, using only a general-purpose model (source), it’s worth considering just how far a model purpose-built for security could go.

The real winners will fuse frontier AI capabilities with deep security expertise — marrying cutting‑edge LLM techniques with the domain insight required to solve tangible problems for demanding, real‑world buyers.

The landscape is shifting fast. Founders who move decisively can define the next category leaders; CISOs who embrace this shift can set new industry benchmarks.

The question isn’t if a security foundation model will emerge — it’s who will build it first.

Portfolio
Portfolio
Research
Research
Team
Team
Read our FAQs

© 2025 Basis Set Builders. All rights reserved

Basis Set Ventures®, BSV® and the Basis Set Logo are registered trademarks of Basis Set Builders, LLC