Democratizing Cyber Defense: Why CISOs Should Care About Sola Security
Security teams are tired.
Not tired of the mission. Tired of the grind. Tired of knowing what needs to be fixed yet staring at an endless backlog of tickets, tools and technical debt that never seems to shrink.
If you have ever sat in a war room trying to understand how AWS misconfigurations, GitHub exposure and identity drift in Okta fit together into real risk, you already know the feeling. The work is critical. The path to insight is painful.
That pain is exactly what Sola Security is aiming at.
In a recent conversation at Cyber Week 2025 in Tel Aviv, Sola Security co-founder and COO Ron Peled, a long time CISO and security engineer, captured the core problem with a simplicity that should make every CISO pause.
In his words, “we figured out that there are almost no quick wins when you’re in a security team. Everything is so complicated, when you try to solve a challenge, it’s taking you into a long, resource, heavy, complex, budget, heavy process, rather than just focusing on let’s solve the problem.”
That feeling is the starting point for Sola Security’s vision.
The rest is an attempt to answer a question that every modern CISO should be asking:
What would it look like if AI in security was actually practical, contextual and in the hands of your team, not locked inside a vendor’s black box?
From complex programs to practical outcomes
Peled and his co founder Guy spent more than two decades inside security teams. They know the pattern. A new risk emerges. Analysts feel it first. Leadership feels it next. The response quickly becomes a “program” involving new tools, new integrations, new headcount and new dashboards.
What rarely arrives is a fast, tangible result.
Sola’s answer is unapologetically focused on productivity. As Peled explains, their goal is “to bring the benefits of AI into security teams in a contextual and practical way, make it affordable, make it easy, simplify as much as you can, so more people and more security teams will be able to do much more with their budgets, with the resources and so on.”
The key word here is contextual.
Sola is not selling generic copilots or clever chat interfaces. It is trying to let security teams “chat with their stack” in a way that respects the realities of multi cloud, DevOps and SaaS centric environments.
Instead of clicking through AWS, GitHub and Okta consoles separately, the CISO’s team connects these and other sources to Sola, then works through natural language prompts that sit directly on top of their real configuration and metadata.
Self service as the operating model
If this sounds strangely similar to what Stripe, Canva or Wix did in their own domains, that is not an accident.
Peled explains that Sola “created self service platform that we developed for over a year now, and that platform takes the elements of democratization that we’ve seen in other platforms and other industries, such as stripe Canva Wix that disrupted their own industries, and simply let people with very basic knowledge in their industries achieve more.”
Security has historically resisted this sort of democratization.
Many CISOs worry that making it “too easy” for non experts to touch security workflows will create chaos. Sola is betting that the opposite is now true. Your risk is no longer that people try to help. Your risk is that they cannot get anything done without a long queue of scarce experts, so they stop trying at all.
The Sola model is simple.
Connect data sources. Ask questions in plain language. Convert insights into durable assets like dashboards, reports, alerts and workflows. All of it created through prompts instead of tickets, PS hours and custom scripts.
Peled shared a concrete example that every CISO will recognize.
He describes a user who connects AWS, GitHub and Okta, then asks a single plain language question:
“What are my top five risks across those three platforms?”
According to Peled, in that scenario “solar will figure out and aggregate the inputs from all of them and provide you an answer. The top three, or the top five risks are A, B, C and D, with the context of why we think this is the case and what you should do about it.”
This is the heart of the value proposition.
Not just classification. Not just ranking. A ranked set of risks with “the context of why” and “what you should do about it.”
For a CISO who has to constantly defend priorities to boards, auditors and business leaders, that translation layer is the difference between insight and impact.
From chat to building: workflows as prompts
As you would expect, Sola starts with an “Ask me anything” style journey. Once users see that they can interrogate their environment conversationally, expectations shift quickly.
At some point people stop wanting answers and start wanting systems.
Peled describes the evolution this way. After the initial chat experience, “you also want to build something, maybe a dashboard, maybe generate a report, maybe create an alerting mechanism, even a workflow.”
In the traditional model, that is where the trouble starts. You find yourself buying “345, different products” just to get a single recurring task done.
Sola’s approach is to treat workflows themselves as outcome oriented prompts.
For example, an analyst might express a need like this. Every day at 7am, go to a set of vulnerability feeds, pull newly discovered CVEs, correlate them against my assets and tell me if anything I own is vulnerable.
Peled points out that “in order to achieve that, you need to buy 345, different products bite a lot of your security budget and with solar, you can simply connect your data sources, create a workflow with a prompt as easy as natural language is with my broken English, and that will work.”
This is not just an efficiency play. It is a power shift.
Instead of filling out a Jira ticket and waiting for engineering support, the security practitioner builds what they need on their own, with AI acting as the compiler between intent and implementation.
Templates, micro applications and a real gallery
Of course, not every practitioner wants to build from scratch. Many want a starting point or even a complete solution.
To bridge that spectrum, Sola ships with a gallery of “fully functional micro applications” that can be imported into a workspace in “within 20 seconds.”
Peled explains that “even if the user does not want to interact in chat or does not, I don’t know, they’re not into building something, they can always take pre built templates of agents or fully functional micro applications that exist in a gallery, and simply import that into their solar workspace, and within 20 seconds it will work.”
Right now, that gallery is curated by Sola’s own research team, with “approximately 25 or so applications” used to showcase what is possible. The long term goal is more ambitious.
Peled describes a vision in which “anyone will be able to develop any template, agent or whatever, import that or export it into the gallery and let anyone else use that.”
For CISOs, that idea should feel familiar.
Security teams already trade Sigma rules, detection queries and Terraform modules inside communities. Sola is essentially betting that the next generation of security content will be shared as AI native “micro applications” that bundle detection logic, correlation, response actions and reporting.
Some of Sola’s early adopters are already asking to publish their own apps. Peled hints at “partnerships that we are currently working on with very large brands” that want “a branded application in sola and release that.”
For a CISO, that means a potential future in which well known security brands and community experts ship ready made AI applications straight into your environment, bound to your data, under your control.
Visibility instead of black boxes
Many security leaders have already experimented with connecting an LLM to logs or cloud accounts. They quickly run into the same two issues.
Hallucination and opacity.
You might get an answer. You rarely get the reasoning.
Peled is explicit that Sola is not willing to leave CISOs in that position. Referring to generic LLM based setups, he notes that “you can set up an MCP, connect your whatever data source, if you have the guts to do it and ask the question, you’ll get an answer, but you will not it’s like a black box. Don’t know why you render that behind the scenes.”
Sola is designed so that when you ask, for example, “What are my top risks,” you can drill into the logic that produced the result.
Peled says that when he asks such a question, he wants to know “Why did you select those five risks? Who said that those are the five risks? What the query looks like, which data points were involved in the process, so you get full visibility, unlike what you get with generic llms.”
For CISOs, this is not just a matter of comfort.
It is a matter of governance. Regulators and boards are already asking how AI driven decisions are made. If your security program rests on a system that cannot explain itself, you are inviting future friction.
A transparent AI engine that can expose which data points, which rules and which correlations led to a recommendation is much easier to defend.
Proactive AI that respects guardrails
One of Sola’s most interesting bets lies in its upcoming “proactive AI” module, expected to roll out in early Q1.
Up to now, most AI in security has been reactive at the interaction level. The user asks. The system answers. Sola wants to flip part of that dynamic.
Peled describes proactive AI as a module that “addresses the user’s needs, which means even if a user on solar never asked a question or never built anything and even didn’t find anything in the App Gallery, solar is going to ask the question for them. Solar is going to build solutions for them.”
For many CISOs, that sentence will immediately raise concerns about alert fatigue and autonomous actions they cannot see. Sola seems painfully aware of that history in the security market.
Peled is clear that they “are not going to swamp the security team with problems. We are going to surface selectively solutions that we either built proactively based on their data or thought that are relevant for their use cases.”
The nuance here matters.
Sola is not promising to auto patch, auto isolate or auto reconfigure. Instead, it imagines a workflow where the system might say, in Peled’s words, “Hey, we noticed that you have Shai Hulu repositories, so we built something to mitigate it. Do you want to use it?”
From there, the team can inspect the mitigation, understand exactly what Sola is proposing and decide whether to adopt it.
Peled emphasizes that “we’re not doing anything. Again, security company not doing anything in a fully automated way. There are a lot of guardrails, a lot of controls, so it will be moderated.”
This sets up a model that feels more like a very talented internal engineer who comes to you with a completed solution and a pull request, not a system that secretly modifies your environment without consent.
A CISO mindset toward AI adoption
If there is a consistent thread through Peled’s story, it is empathy for the CISO’s dilemma.
On one hand, “they get the directive from their upper management to introduce AI and to be enablers and show me how you save resources and show me how you do whatever you do faster and in more accurate way bring AI into the company or to the organization so budgets are allocated already.”
On the other hand, security leaders “love innovation, but we are scared to do too much of it. We need to balance and so on. So we need to control everything.”
Sola is trying to live in that tension.
Self service, but with visibility. Proactive, but with guardrails. AI driven, but rooted in real data sources that you already trust, such as AWS, Azure, GitHub and Okta.
The company’s rapid funding trajectory reflects how compelling that story is for investors. Peled notes that “solar was founded a year and a half ago, and we have a very big vision, the vision that we have, and that’s why we also raised a lot of money. Our seed was $30 million and followed by a recent land a of an additional little bit more than $35 million backed by. Microsoft and other strategic investors.”
The crucial point for CISOs is that this level of investment is not just chasing hype.
As Peled puts it, “The reason for that large investment is not because guy or myself are smart or beautiful, it’s because we’re building something really transformational to the industry. And in order to do that, you need to build big aim, big and execute.”
Where CISOs fit in the next split of knowledge
Peled offers an observation that should challenge how leaders structure their teams in the coming years.
He believes we are heading toward “a split in knowledge.” In his view, “90% of the population is going to be operators. I would say they just need to get things done. They don’t really care about the length of it or the complexity behind it and so on.”
The remaining 10 percent are the people “who really cares about what’s happening behind the scenes,” who want to see how things work and understand the details.
Sola is intentionally built for both.
Operators can use templates, prompts and pre built micro applications to accomplish concrete tasks. The deeply technical 10 percent, including many CISOs and senior architects, can examine logic, inspect queries and verify that AI assisted workflows behave exactly as intended.
For a CISO, this suggests a new kind of security operating model.
Give your broader team safe, opinionated self-service tools that let them act as high leverage operators. At the same time, cultivate a smaller group of AI fluent security engineers who treat platforms like Sola as programmable surfaces, not magic.
In effect, you are building an internal ecosystem where AI is the fabric, not the feature.
A practical call to action for CISOs
Sola’s story is not a theoretical vision. The company has already spent six months in open beta, offering the platform for free. During that period it attracted “nearly 5000 users that are prompting the system, asking questions, building dashboards, building automations, building a lot of things.”
Now, as the company introduces a formal pricing model, Peled’s call to the security community is direct.
As he puts it, “Super easy. Anyone can give it a try. Start free.”
He is not asking for blind faith. He is asking for engaged participation. His real call to action is to “invite any security practitioner to help shape the future of cyber security using solar and I’m sure that there will be a lot of positive feedbacks and a lot of negative feedbacks. And that’s the beauty of being an early stage company, we can take that feedback into consideration and maybe build the next big thing.”
For CISOs, the strategic question is no longer whether AI will reshape security workflows. That part is settled.
The real question is whether your team will be passive consumers of opaque AI tools, or active shapers of transparent, self service platforms that you understand and influence.
Platforms like Sola Security are one concrete path into the latter.
You do not have to commit your whole stack. You do not have to automate your most sensitive workflows on day one. You can start with a limited set of data sources, a handful of use cases and a clear experiment: can my team answer better questions, faster, with context we can explain, if we let AI sit closer to our real world environment?
If the answer is yes, you will have found something that every CISO is searching for.
Not another dashboard.
Actual quick wins.
Author’s Note: This article is based on an exclusive live interview with Ron Peled, co founder and COO of Sola Security, conducted for the 2025 Cyber Week conference in Tel Aviv, Israel.
Learn more about them at Sola Security | AI for cybersecurity | Create security apps
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
