Shachar Hirshberg is a cybersecurity entrepreneur and the CEO of Artemis, an AI-native security platform. He previously led product management for Amazon GuardDuty and helped build the security automation category at Demisto. This profile curates his ideas on modern threat detection, the inevitable breach mindset, and how to manage engineering teams.

Visual summary of operating lessons from Shachar Hirshberg.

Part 1: The AI vs. AI War

  1. On modern threats: "In, at most, five years, cybersecurity will be a fully automated digital war zone where a company's best defense is technology that truly understands their unique operating environment." — Source: Crowdfund Insider
  2. On machine-speed attacks: "As AI allows adversaries to conduct thousands of concurrent attacks at machine speed, organizations must move beyond a focus on perimeter prevention." — Source: Morningstar
  3. On legacy systems: "You cannot fight an AI-driven adversary with static, rule-based legacy frameworks." — Source: Calcalistech
  4. On asymmetrical warfare: Artemis frames the new security fight as AI against AI, where defenders need machine-speed adaptability as attackers move faster than rule-based systems can respond. — Reference: Artemis stealth launch on AI-powered attacks
  5. On threat volume: "When attacks arrive in thousands per minute, manual triage isn't mathematically possible to sustain." — Source: AlleyWatch
  6. On autonomous defense: "The future of security is human-on-the-loop, supervising autonomous systems." — Source: Podcast Republic
  7. On adapting to AI: Hirshberg argues that starting from scratch with AI lets a security company reimagine old workflows instead of bolting new models onto legacy assumptions. — Reference: First Round In Depth episode on Artemis
  8. On attacker innovation: "Adversaries don't have to worry about false positives; they iterate until they find a crack." — Source: Artemis Security
  9. On defensive scaling: Artemis is built around autonomous investigation because fragmented tools and manual context assembly do not scale when attacks unfold in seconds. — Reference: AlleyWatch interview on Artemis autonomous investigation
  10. On the nature of the fight: "The question isn't whether this model wins, but who builds it best." — Source: Morningstar

Part 2: The Inevitable Breach Mindset

  1. On shifting focus: Hirshberg's Artemis thesis shifts security operations from static prevention toward continuous detection, correlation, investigation, response, and remediation. — Reference: AlleyWatch interview on the Artemis platform
  2. On the reality of perimeters: "The idea of a secure perimeter vanished the moment the cloud became standard." — Source: Calcalistech
  3. On containment: "If you accept that attackers will get in, the game entirely changes to how quickly you can restrict their lateral movement." — Source: AlleyWatch
  4. On false confidence: "Zero trust is a good architecture, but it is not an absolute guarantee against compromise." — Source: BeInSure
  5. On response time: "The metric that matters most is dwell time. Everything else is secondary." — Source: Tamradar
  6. On designing for failure: The First Round conversation ties Artemis to a market where attackers move faster and software complexity keeps raising the bar for defensive response. — Reference: First Round In Depth episode on AI-era security operations
  7. On continuous investigation: "Security must be a model of continuous, autonomous investigation rather than reactive alerting." — Source: AlleyWatch
  8. On resilience: "A resilient organization doesn't prevent all attacks; it ensures no single attack is fatal." — Source: Artemis Security
  9. On attacker advantage: Artemis describes AI-driven attacks as adaptive and non-repeating, which forces defenders to close the speed gap with contextual automated response. — Reference: Artemis launch release on adaptive AI-driven attacks
  10. On alert fatigue: "When every alert is high priority, nothing is, and real breaches hide in the noise." — Source: Calcalistech

Part 3: Knowing vs. Understanding

  1. On signal generation: "The cybersecurity industry has become very efficient at generating signals, but remains poor at interpreting them." — Source: BeInSure
  2. On business context: "Data without context is noise; understanding requires mapping alerts to business logic." — Source: Crowdfund Insider
  3. On attack stories: "Our goal is to create coherent attack stories rather than isolated alerts." — Source: Calcalistech
  4. On logging: "Collecting more logs does not equal better security if you cannot connect the dots automatically." — Source: Morningstar
  5. On dynamic modeling: "True understanding means the system learns the unique operating environment of the company." — Source: Crowdfund Insider
  6. On false positives: "A false positive is essentially a failure of context." — Source: Artemis Security
  7. On alert correlation: "Security analysts spend too much time manually stitching together what an AI should present as a unified timeline." — Source: Podcast Republic
  8. On behavioral logs: "Fusing behavioral logs with deep business context is the only way to spot a sophisticated adversary." — Source: Calcalistech
  9. On raw data: Artemis tries to turn telemetry into business-aware context by mapping users, machines, cloud workloads, identities, and applications before surfacing detections. — Reference: AlleyWatch interview on Artemis data modeling
  10. On analyst workload: Hirshberg says Artemis is meant to move analysts from data assembly into decision-making by generating coherent attack stories and plain-language investigations. — Reference: AlleyWatch interview on analyst workflow

Part 4: AI-Native Defense

  1. On foundational design: "We built Artemis as an AI-native defense system from the ground up." — Source: Morningstar
  2. On bolt-on AI: "Adding an LLM to a legacy dashboard does not make a product AI-native." — Source: Crowdfund Insider
  3. On system architecture: Artemis's core architecture is a dynamic data model that fuses customer telemetry with business context before generating and investigating detections. — Reference: Artemis launch release on dynamic data models
  4. On dynamic thresholds: "Static thresholds fail because business environments change daily; AI-native systems adapt in real-time." — Source: AlleyWatch
  5. On automated remediation: "The next phase of AI-native defense is taking safe, autonomous actions to contain threats." — Source: Calcalistech
  6. On data pipelines: Artemis relies on federated queries against existing cloud storage and log sources so detection quality is not limited by up-front data ingestion economics. — Reference: Artemis launch release on federated telemetry
  7. On vendor claims: "Look past the marketing; test whether the AI actually reduces workload or merely generates summaries." — Source: BeInSure
  8. On generative models: "Generative AI is great for explainability, but predictive AI is what actually stops the breach." — Source: Artemis Security
  9. On future platforms: "The successful security platforms of the next decade will look nothing like the SIEMs of today." — Source: Morningstar

Part 5: Security Automation and SOAR

  1. On early automation: "At Demisto, we realized that security operations were fundamentally constrained by manual processes." — Source: Tamradar
  2. On playbooks: "Automating a bad process makes it fail faster; you have to fix the playbook first." — Source: Podcast Republic
  3. On orchestration: Hirshberg's background connects Demisto's SOAR category with Artemis's broader push to coordinate detection and response across modern security tooling. — Reference: Artemis founder bio
  4. On integration: "Security teams don't want more tools; they want their existing tools to talk to each other." — Source: Calcalistech
  5. On human limitations: "You cannot scale a SOC linearly by hiring more people; automation is a requirement for growth." — Source: AlleyWatch
  6. On operational efficiency: Artemis pitches efficiency as fewer disconnected alerts and faster mean time to detect and respond, not just more automation for its own sake. — Reference: AlleyWatch interview on response-time reduction
  7. On category creation: "Defining the SOAR category meant educating the market on why scripting wasn't enough." — Source: Crowdfund Insider
  8. On measuring success: "The ROI of automation is measured in Mean Time To Respond." — Source: BeInSure
  9. On the evolution of SOAR: "What we called SOAR five years ago is now becoming hyper-automated through AI." — Source: Artemis Security

Part 6: Cloud Threat Detection

  1. On building at scale: "Leading GuardDuty taught me what it means to build threat detection at cloud scale." — Source: Morningstar
  2. On shared responsibility: "The cloud provider secures the infrastructure, but the customer must secure the configuration." — Source: Tamradar
  3. On cloud native: "You can't take an on-premise security appliance and port it to the cloud; the architecture is fundamentally different." — Source: Calcalistech
  4. On metadata: "In the cloud, metadata is often more valuable for threat detection than the actual payload." — Source: Crowdfund Insider
  5. On frictionless deployment: Artemis can start from existing customer data sources and expand alongside legacy tools, reducing the need for a heavy rip-and-replace deployment. — Reference: Artemis launch release on existing security tools
  6. On visibility gaps: "Most cloud breaches occur simply because organizations don't know what assets they have spun up." — Source: BeInSure
  7. On ephemeral workloads: "Threat detection must be as fast and ephemeral as the containers it is trying to protect." — Source: AlleyWatch
  8. On configuration drift: "A secure environment on Monday can become vulnerable by Tuesday through a single IAM misconfiguration." — Source: Podcast Republic
  9. On default security: Hirshberg's GuardDuty background gives him firsthand experience building cloud threat detection at large scale before founding Artemis. — Reference: Artemis founder bio on GuardDuty

Part 7: Customer Obsession

  1. On product philosophy: Hirshberg describes working backward from customer problems and using deep customer knowledge to shape the product roadmap. — Reference: First Round In Depth episode on customer-led product building
  2. On early adopters: "Design for the customer who is willing to take a bet on you, and build exactly what solves their hardest problem." — Source: Podcast Republic
  3. On feedback loops: The Artemis team says its AI-native development process lets it move quickly from concept to prototype, customer feedback, and product iteration. — Reference: First Round In Depth episode on rapid AI-native iteration
  4. On simplicity: "Security practitioners are overwhelmed; if your UI requires a manual, it will not be adopted." — Source: Calcalistech
  5. On solving the right problem: "Customers will tell you what they want, but you have to dig deeper to build what they actually need." — Source: AlleyWatch
  6. On trust: "In cybersecurity, trust is your only real currency with a customer." — Source: Artemis Security
  7. On onboarding: "Time-to-value must be measured in minutes, instead of months." — Source: Crowdfund Insider
  8. On customer support: "Support isn't a department; it's a product feature." — Source: Tamradar
  9. On prioritizing features: "If it doesn't reduce mean time to detection or response, it goes to the bottom of the backlog." — Source: Morningstar

Part 8: Founder-Market Fit and Team Building

  1. On founder-market fit: The episode frames founder-market fit as critical, with Hirshberg's AWS, Palo Alto Networks, and Demisto experience giving him a differentiated view of security operations. — Reference: First Round In Depth episode on founder-market fit
  2. On AI fluency: "When interviewing engineers today, we screen heavily for AI fluency alongside traditional coding skills." — Source: Podcast Republic
  3. On hiring early: "The first 10 hires dictate the DNA of the company for the next decade." — Source: AlleyWatch
  4. On managing engineers: Artemis's early hiring focused on a team that could build with AI-native tools and keep learning from those workflows as the product evolved. — Reference: First Round In Depth episode on AI-native hiring
  5. On co-founders: "A strong co-founder relationship is built on complementary skills and absolute transparency." — Source: Calcalistech
  6. On resilience: Artemis grew to roughly 30 people within seven months of founding, a pace that made the company-building system itself part of the operating challenge. — Reference: First Round In Depth episode on building Artemis in stealth
  7. On domain expertise: "Having worked at Demisto and AWS gave me the blueprint of what the enterprise buyer expects." — Source: Tamradar
  8. On building culture: "Culture isn't what you say in meetings; it's how your team acts when a critical system goes down." — Source: Crowdfund Insider
  9. On scaling a team: "You transition from building the product to building the machine that builds the product." — Source: BeInSure