Closing the AI Execution Gap With a Top Down Bottom Up Approach
The cybersecurity industry is not suffering from a shortage of AI innovation. Every week brings new announcements about agents, copilots, autonomous workflows, and intelligent automation. Yet despite the excitement, many CISOs are still wrestling with a more fundamental problem. They have more visibility than ever before, but they are not necessarily getting better execution.
That was one of the strongest themes to emerge during a recent conversation with Benny Porat, Co-Founder and CEO of Twine. While much of the market is focused on what AI can detect, analyze, or recommend, Porat believes the bigger challenge lies elsewhere. Security teams are not struggling to identify risk, they are struggling to consistently translate security objectives into action across large and complex organizations.
Boards are demanding measurable outcomes, regulators expect continuous oversight, and budgets remain under scrutiny. The question is no longer whether organizations can identify risk, but rather whether they can actually reduce it.
The Real Cybersecurity Challenge Is Execution
Porat arrived at this conclusion after years spent building security technology. Like many founders with deep technical roots, he initially believed that better technology would solve the industry's biggest problems.
"When I started, it was all about the technology," he said. "Let's build great tech that generates the right context, catches everything, identifies everything, and provides it to customers." But experience changed that perspective. "As a tech person, I realized that the tech is just 30 percent of the thing, and there is so much other stuff that needs to happen in order for it to really solve the problem."
That realization reflects a challenge many CISOs encounter every day. Organizations have invested heavily in tools that generate alerts, identify vulnerabilities, surface misconfigurations, and provide increasingly sophisticated context. Yet risk reduction often moves far more slowly than expected. The reason is that security outcomes depend on much more than technology. They depend on people, business processes, organizational dynamics, and the ability to drive change across teams that do not report directly to security.
Porat describes the role of today's CISO as one of the most difficult jobs in the enterprise. Leaders are responsible for managing risk across sprawling environments while operating with incomplete visibility and limited control over many of the teams responsible for remediation.
"You build strategy and put directives in place, and you literally hope that it will happen," he said. "You are so dependent on people."
Why Security Projects Often Stall
One of the most interesting observations from the discussion centered on the failure rate of cybersecurity initiatives. According to Porat, organizations rarely talk openly about how many projects never fully achieve their intended outcomes. Instead, stalled initiatives often linger in perpetual implementation phases, renewed year after year without delivering the expected value.
"I did a lot of discussions with my CISO friends, and it's a stat nobody likes to speak about," he said. "How many cybersecurity projects do they initiate, and how many of them fail?"
That question becomes increasingly important as organizations invest in AI. Security leaders are under pressure to justify spending, demonstrate outcomes, and prove return on investment. The challenge is not simply whether a technology works, it is whether the organization can operationalize it successfully.
Porat believes the industry has focused too much attention on tools and not enough attention on execution. "You must find a way to bridge execution, to bridge between people, process, and technology," he said.
For CISOs, this may be the most important takeaway from the current wave of AI innovation: Technology alone does not create outcomes. Outcomes occur when organizations can consistently align people, processes, and technology around shared objectives.
The Agent Problem Nobody Talks About
The rapid rise of agentic AI has created enormous enthusiasm throughout the cybersecurity industry. Yet Porat argues that building an agent is not the difficult part.
"It's really easy to build the agent," he said. The harder challenge is building agents that continue to deliver value after the initial excitement fades. Many organizations have experimented with AI agents only to discover that sustaining performance is significantly more difficult than creating a proof of concept. Agents must adapt to changing business conditions, understand context, recognize organizational constraints, and operate within complex environments.
"In order to really build agents that can provide results consistently, you need to understand the business, understand the context, understand what is allowed and what is not allowed," Porat said.
This is where many AI initiatives encounter obstacles. Security environments are filled with exceptions, informal workflows, and institutional knowledge that never appears in official documentation. An agent may understand a policy, but that does not mean it understands how work gets done. For security leaders evaluating AI investments, this is critical. The long-term winners may not be the organizations with the most agents. They may be the organizations whose agents have the deepest understanding of their operating environment.
Why Top Down And Bottom Up Must Work Together
Perhaps the most distinctive idea from the discussion was Porat's emphasis on what he calls a top down, bottom up strategy. The framework is rooted in a simple observation. Security programs need strategic direction, but they also need operational reality. From the top down, leaders must establish objectives, define priorities, and determine how success will be measured. "You must do it top down," Porat said. "You must drive a very specific objective, understand how the agent is supposed to help you get there, and know how to measure them."
That strategic layer is essential because AI without clear objectives often becomes an expensive experiment. Organizations need a defined destination before they can determine whether technology is helping them reach it. But top-down direction alone is not enough.
According to Porat, many security initiatives fail because they overlook the nuances of how organizations actually operate.
"The nuance is what breaks everything," he said. This is where the bottom-up component becomes critical. Organizations must understand not only their policies and procedures but also the reality of daily operations. "Leave aside the policy and the procedure. What actually happens?" Porat said.
That question may sound simple, but it gets to the heart of why so many transformation efforts struggle. Employees develop workarounds, teams rely on tribal knowledge, informal relationships often determine how problems get solved and none of that appears in official process documentation.
"You need to understand who they are calling, who is actually doing that, what are the questions they ask," Porat explained.
For CISOs, this perspective offers a valuable reminder. Effective security programs are built not only on governance but also on understanding how work flows through the organization. Technology that ignores that reality often struggles to gain traction.
The Future Belongs To Organizations That Can Execute
Twine's approach centers on building what Porat describes as a knowledge fabric that captures not only resources and systems but also processes, procedures, policies, and tribal knowledge. The goal is to create agents capable of understanding how organizations actually function rather than simply automating isolated tasks.
Whether organizations pursue that approach or another, the broader lesson extends beyond any individual vendor. The cybersecurity industry is entering a period where success will be measured less by the number of AI capabilities deployed and more by the outcomes those capabilities produce.
Security leaders already possess enormous amounts of data. They have visibility into risks, vulnerabilities, identities, and exposures. What many lack is a reliable way to transform that insight into coordinated action. That is why the concept of the execution gap resonates so strongly. It addresses a challenge that predates AI and will likely remain long after today's technology trends evolve.
For CISOs navigating the next phase of AI adoption, the most important question may not be how many agents they can deploy. It may be whether those agents can help bridge the gap between knowing what needs to be done and actually getting it done.
In a market saturated with AI promises, that focus on execution may be the most valuable innovation of all.