AI-Driven Security Engineering: Proactive Defense Against Evolving Threats

In this conversation, Daniele Perito illuminates the complex, often counterintuitive dynamics of building and scaling technology companies, particularly in the high-stakes realm of security. The core thesis is that true competitive advantage stems not from avoiding difficulty, but from embracing it strategically. Perito reveals how apparent setbacks, delayed payoffs, and the willingness to confront uncomfortable truths are the true engines of lasting success, while conventional wisdom often leads to brittle, short-lived gains. This discussion is essential for founders, product leaders, and investors who seek to build resilient, impactful businesses that can navigate the accelerating pace of technological change and adversarial landscapes. Understanding these hidden consequences provides a critical edge in identifying opportunities and avoiding pitfalls that others systematically miss.

The Unseen Architecture of Advantage: Lessons from Faire, Cash App, and the AI Frontier

The conventional wisdom in business often champions speed, efficiency, and the immediate gratification of solving obvious problems. Yet, in the high-stakes world of technology, and especially security, this focus can be a dangerous blind spot. In a conversation on "Uncapped with Jack Altman," Daniele Perito, a seasoned entrepreneur with formative experiences at Square (Cash App) and Faire, and now co-founder of the AI-native security platform depthfirst, argues for a profoundly different approach. He posits that genuine, enduring advantage is not built on avoiding difficulty, but on strategically embracing it. The most impactful insights, he reveals, often lie in understanding the cascading, non-obvious consequences of decisions, a perspective that systematically eludes those focused solely on immediate results.

Perito’s journey, from architecting fraud systems for millions at Cash App to navigating the intricate marketplace dynamics of Faire, and now confronting the evolving threat landscape with AI at depthfirst, consistently points to a central theme: the power of embracing delayed gratification and understanding systemic feedback loops. The "obvious" solution to a problem, he suggests, is rarely the one that builds long-term resilience. Instead, it’s the willingness to invest in uncomfortable, less visible groundwork, to accept upfront pain for future gain, and to rigorously map the full causal chain of any decision that separates sustainable success from fleeting achievement. This conversation offers a powerful counter-narrative, demonstrating how embracing complexity, accepting epistemic modesty, and patiently building robust systems--even when it’s hard--are the true architects of competitive moats in today’s rapidly shifting technological landscape.

Why the Obvious Fixes Often Create Deeper Problems

The genesis of Faire, as described by Perito, was rooted in a contrarian bet against prevailing market sentiment. At a time when brick-and-mortar retail was perceived as stagnant, Perito, alongside co-founders Max and Marcelo, saw an opportunity to fundamentally improve the wholesale ordering process. The core insight was to de-risk the transaction for retailers by offering Net 60 payment terms and a generous return policy, effectively a "try before you buy" model. This wasn't just a feature; it was a fundamental shift in how brands could reach retailers, bypassing the traditional, arduous sales rep model and the difficulty of getting onto large platforms like Amazon or into major department stores.

However, the path from this insightful concept to product-market fit was far from linear. Perito candidly describes a period of "meandering," experimenting with capital-intensive models like consignment and points programs. The breakthrough, he recounts, came not from a grand strategic pivot, but from a subtle reframing. When Max, at a trade show, began articulating their "try before you buy" concept as exactly that, rather than the more technical "Net terms plus returns," retailers immediately resonated. This highlights a crucial first consequence: the framing of a solution can be as critical as its underlying mechanics. What felt like a minor semantic shift to the founders was, in reality, a profound unlocking of customer understanding, demonstrating that even after identifying a core need, the way it's presented can dictate its traction.

This early experience instilled in Perito a profound sense of "epistemic modesty"--a humbleness about the limits of human knowledge. He contrasts his academic training, which fostered skepticism, with the market's brutal, empirical testing ground. "There is not nothing quite like trying to test your beliefs in the market," he states. The consequence of this is a deep appreciation for experimentation and data, not as validation, but as a continuous process of learning. He recounts launching A/B tests with absolute certainty, only to be blindsided by unforeseen second or third-order concerns that undermined the hypothesis. This humility, born from market feedback, is a powerful defense against the hubris that can derail even promising ventures. It underscores that the market is a truth-seeking machine, but only for the questions it can explicitly investigate.

The operational rigor required for a marketplace business like Faire further illustrates the consequence of embracing complexity. Unlike high-margin software businesses that can absorb some level of error, a marketplace operates on tighter margins (often around 50% gross margin, Perito notes) and relies on intricate balancing acts between supply and demand. Decisions are made within a "highly recursive" system where small changes can ripple unpredictably. This necessitates a culture of constant testing and data analysis, not just to optimize, but to simply maintain equilibrium. The constant need to ensure retailers discover products, brands receive orders, and risk is managed, creates a feedback loop where intellectual rigor must be paired with intuition. The consequence of neglecting this rigor is systemic instability.

The Cash App Mindset: Impact at Scale Through Paranoid Optimism

Perito’s experience at Square, particularly on the founding team of Cash App, provides a stark contrast and a foundational lesson in how to operate within a larger organization to create outsized impact. His initial mindset upon joining Square was not one of impostor syndrome, but a bold belief: "Individually, in a company of a few hundred people, there has to be a way for me to two X the value of this entire business." This wasn't arrogance; it was a self-fulfilling prophecy fueled by a relentless pursuit of the biggest leverage points.

This mindset manifested acutely when Cash App was a "hack quick project" relying on a precarious email-based transaction system. While others at Square worried about security implications, Perito saw an opportunity. He volunteered to tackle the security challenges, driven by the belief that he could implement it correctly. The immediate consequence of this proactive stance was ensuring the project’s viability.

Later, when faced with high fraud losses, Perito again applied this belief, approaching his boss with the conviction that he could make a significant dent. The result was the implementation of a system, combining rules and machine learning models, that reduced risk losses by an astonishing 80%. This allowed Cash App to "thrive and survive," ultimately becoming a multi-billion dollar revenue business. The downstream effect of Perito’s proactive, impact-driven approach was not just problem-solving, but enabling the very survival and subsequent explosive growth of a major product.

This mindset, Perito explains, is deeply intertwined with security. Hackers operate by suspending disbelief, constantly searching for a way in. Perito’s own inclination towards being "anxious [and] paranoid," always seeking how things can go wrong, is a powerful asset in this domain. It allows him to identify vulnerabilities that others miss, mirroring the hacker’s approach but channeling it towards defense. He articulates this as a "suspension of disbelief" being necessary for both attackers and defenders: "There has to be a way to create value... there has to be a path for me... a piece of code that I can write... that will inflict the business." The corollary for defenders is that "no matter who you are and whatever company you work at, there is a way for you to have just an outstanding impact." The consequence of this perspective is a proactive, almost adversarial approach to problem-solving, which is particularly potent in security and fraud prevention.

depthfirst: Securing the Future from AI Bears

The current venture, depthfirst, is a direct evolution of these hard-won lessons, amplified by the seismic shift of artificial intelligence. Perito’s motivation is mission-driven: "Without much better computer security, we do not get to play the AI safety and control game." He argues that as AI becomes increasingly integrated into software, the security of that underlying software becomes paramount. A compromised AI system, or an AI system operating on insecure code, poses existential risks.

The AI security landscape, as Perito describes it, is rapidly transforming. Traditional security tools, relying on heuristics and rule-based systems, are increasingly inadequate. These methods generate high false positives and miss subtle vulnerabilities, especially those involving complex reasoning or misconfigurations in cloud infrastructure. The consequence of relying on these outdated methods is a false sense of security, leaving organizations exposed to threats that older systems cannot detect.

depthfirst aims to build an "AI security engineer"--a swarm of agents that deeply understands code, business logic, and infrastructure. This AI can identify vulnerabilities that require human-like intuition and judgment, such as a specific code bug allowing unauthorized access or a cloud misconfiguration that opens a security gap. The immediate benefit is a significant reduction in false positives and a dramatic increase in detection rates for complex, previously undetectable issues. The downstream effect is moving beyond merely identifying problems to providing actionable fixes within developer workflows, thereby bridging the gap between security and productivity.

Perito frames the attacker-defender dynamic not as a static race, but as a constant, dynamic interplay. He uses the analogy of a bank vault: security is a function of how difficult it is to attack (cost, equipment, expertise) and the likelihood of getting caught (enforcement, disincentives). In the digital realm, enforcement is harder, making cost the primary factor. With "abundant intelligence" (AI), the cost of attack is bound to decrease, leading to more frequent attacks. The consequence is a coming wave of increased organizational attacks.

However, Perito believes defenders can tilt the scales. While attackers need to find just one vulnerability, defenders have the advantage of full context. depthfirst’s AI spends hours analyzing a customer’s codebase, mapping ingress and egress points, inputs, outputs, and interdependencies. This deep understanding allows defenders to secure their systems proactively. Attackers, in contrast, must "fly blind." The crucial insight here is that the advantage lies with those who can invest the computational resources to gain comprehensive context, a task that AI is uniquely suited to perform at scale.

Perito also challenges the perceived dichotomy between security and productivity. He argues that AI can enable a "great reunification," allowing security teams to achieve robust defenses without impeding developer velocity. By analyzing code in pull requests in near real-time, AI can provide rapid feedback, eliminating the days-long delays that previously hampered development cycles. The consequence of this integration is not just improved security, but a more efficient and collaborative development process.

The Fantasy World of Security: Where Intellectual Rigor Meets Adversarial Ingenuity

Perito’s perspective on security as a "fantasy world" is particularly illuminating. He contrasts the mundane perception of security (password resets, phishing emails) with the reality at the technological frontier: "Ocean's Eleven," daring incursions into high-level government agencies. This "fantasy" aspect stems from the highly adversarial nature of the field, where ingenuity and creativity are paramount for both attackers and defenders.

He explains why security often feels like its own "ecosystem" or "macro chamber." Unlike categories like observability or databases, where a buyer can directly test claims, security is characterized by profound information asymmetry. "It's worse than a market for lemons," Perito states, because neither the buyer nor the seller truly knows the full extent of vulnerabilities. A vendor might claim to find issues, but are they real (true positives), or are they false positives? Even if the vendor finds nothing, is it because the system is secure, or because the vendor lacks the capability? This makes it difficult to assess value and build trust.

AI, Perito believes, can fundamentally alter this dynamic. The reasoning capabilities of advanced models can provide a more objective assessment of vulnerabilities. By detailing the assumptions made and the work performed to verify findings, AI can bring transparency and trust to the security market. The ability of AI to "double verify their work" and present this process to customers is a key differentiator. The consequence of this AI-driven transparency is a more efficient and reliable security market, where genuine value can be more readily identified and exchanged.

The development of depthfirst’s technology reflects this understanding. The team, comprising expertise from Databricks (infrastructure), DeepMind (AI research), and seasoned security professionals, is building a robust AI infrastructure. This "scaffold" or "harness" allows them to repurpose AI technologies across various security problems, making each subsequent application easier. At its core is the belief that "reinforcement learning plus large language models will allow us to create a superhuman hacker for defensive purposes." This involves teaching LLMs to go deeper, combine seemingly minor vulnerabilities, and discover complex attack chains that human analysts might miss. The outcome is a system that can find a higher percentage of real problems, moving beyond the shallow analysis of older tools.

Perito also emphasizes the importance of context in security. A vulnerability in a social network (public profiles) is different from one in a corporate messaging platform (private profiles). depthfirst’s AI spends extensive time analyzing codebases, including historical commits, to build a comprehensive repository of an organization’s security posture. This deep contextual understanding is what allows the AI to identify vulnerabilities that are specific to the organization's unique operating environment.

When considering the future, Perito acknowledges that while customer data remains isolated, the patterns of issues discovered inform the development of the AI. By analyzing open-source software and identifying common vulnerabilities, depthfirst can train its models to become more effective. This creates a virtuous cycle: as more customers use the platform, the AI learns from a broader range of real-world security challenges, leading to a more robust and capable system for everyone.

Platform vs. Pipeline: Navigating Company Building in a Shifting Landscape

Perito draws a distinction between platform businesses (like marketplaces) and pipeline businesses (those that produce and sell a service or good), referencing the book "The Platform Revolution." He notes that platform businesses, due to their interconnected nature, often require tighter operational control to manage cascading second and third-order effects. In contrast, a pipeline business, like depthfirst, allows for a more experimental "let a thousand flowers bloom" approach, provided appropriate guardrails are in place.

This distinction influences Perito’s approach to decision-making. While he leverages the deep context accumulated at Faire, he is careful to apply only the "good lessons," recognizing that depthfirst, as an enterprise security SaaS company utilizing AI, is a fundamentally different business. This allows for greater experimentation, particularly in testing the AI's problem-solving capabilities. He champions "two-way door decisions"--those that can be easily reversed--advocating for rapid experimentation to gain insight. His philosophy is to make "390 confidence decisions every week rather than one 99 confidence decision every quarter."

A consistent theme across Perito's career is the value of deep intuition derived from data. He encourages spending time with "30 data points on a spreadsheet," whether customer issues, chargebacks, or search results. This hands-on engagement, he argues, builds invaluable intuition and helps overcome the tech industry's tendency to rely solely on "big data." While large datasets are important, Perito stresses that even a small, curated set of anecdotes can reveal whether a metric is "roughly good or roughly bad," enabling decisive action. The consequence of this approach is not just data-driven decision-making, but a more nuanced, intuitive understanding of complex systems.

Key Action Items

• Embrace "Epistemic Modesty" in Decision-Making: Actively seek out and acknowledge the limits of your knowledge. When forming strong opinions or making critical decisions, articulate your confidence interval and be prepared to test your hypotheses rigorously, especially in market-facing or complex systems. Immediate Action.
• Prioritize Contextual Understanding in Security: Invest heavily in understanding the full context of your systems, codebases, and infrastructure. For security, this means going beyond surface-level scans to map interdependencies, historical changes, and operational nuances. This deep context is a significant advantage over attackers. Ongoing Investment; Pays off in 6-12 months.
• Challenge Conventional Wisdom on Security vs. Productivity: Recognize that AI can bridge the gap between robust security and developer velocity. Advocate for integrating security feedback loops directly into development workflows rather than treating them as separate, conflicting priorities. Immediate Action.
• Cultivate "Paranoid Optimism" for Impact: Adopt a mindset that actively seeks out potential failures and vulnerabilities, but channels this into a proactive, optimistic pursuit of solutions. Believe in your capacity to create significant impact by identifying and solving the hardest problems. Mindset Shift; Ongoing.
• Leverage AI for Deep System Analysis: Explore and adopt AI-powered tools that can perform in-depth analysis of code, infrastructure, and business logic. This moves beyond static analysis to dynamic, context-aware vulnerability detection that mimics human intuition but operates at machine scale. Investment over the next 6-12 months.
• Embrace "Two-Way Door" Experimentation: For non-critical decisions, prioritize rapid experimentation and learning over slow, high-confidence choices. This allows for faster iteration and adaptation in dynamic environments, especially in product development and market exploration. Immediate Action.
• Invest in "Delayed Gratification" Moats: Identify opportunities where upfront investment in difficult, less visible work (e.g., robust infrastructure, deep system understanding, foundational research) creates significant, durable competitive advantages that others are unwilling to pursue due to the lack of immediate payoff. Strategic Focus; Pays off in 12-18+ months.