AI is making cyberattacks cheaper, faster, and easier to run at scale. At the same time, many security teams still rely on static playbooks that struggle to adapt when attackers change their methods.
In this episode, Andreas Munk Holm speaks with Ahmed Achchak, Co-founder and CEO of Qevlar AI, and Réza Malekzadeh, General Partner at Partech, an investor in Qevlar AI.
Together, they explore how AI is reshaping both sides of cybersecurity, why organisations should assume that breaches will happen and how security teams can move from manual triage towards faster, more adaptive defence.
From static playbooks to dynamic AI
Qevlar AI was founded by Ahmed and his co-founder, Hamza Sayah, who came from machine learning rather than traditional cybersecurity backgrounds. That outsider perspective helped them question how security operations were being run.
At the time, security operations centres relied heavily on either manual investigation or static playbooks. These systems followed predefined rules, but attackers rarely repeat the same path in exactly the same way. As Ahmed explains, that meant teams had to keep updating the playbooks or accept limited automation.
Their idea was to replace that static logic with a dynamic AI system capable of taking actions sequentially, adapting as new information appeared, and mimicking parts of the investigation process carried out by human analysts.
Ahmed sees his ML background as one of the strongest advantages. “It’s easier to think out of the box when you don’t have a box at all to start from,” he says.
Instead of inheriting the industry’s assumptions, they learned from first principles by speaking directly with security leaders from large organisations.
AI has changed the economics of attack
As an investor, Réza sees AI not only as a new threat vector, but also as a major opportunity for a new generation of security platforms.
He has watched cybersecurity evolve through previous technology shifts, including the move from on-premise infrastructure to the cloud. In his view, AI represents another significant transition.
The cloud changed where applications lived and made the traditional perimeter model less effective. AI now changes who can attack, how often and at what scale.
As Réza explains, attackers previously had to use tools manually and were more likely to focus on large targets. AI lowers the cost of attacking many organisations at once. That makes smaller businesses more exposed too.
Ahmed agrees that the increase in risk may be even greater for small and medium-sized businesses than for large enterprises. Bigger companies have faced sophisticated attacks for years and often have established security teams. Smaller organisations may not have the same protection, yet are now easier to target at scale.
This shift means security can no longer be treated as something to add later. Réza puts it plainly: “Security can no longer be an afterthought.” The longer an organisation waits, the more it may have to fix once the risks become real.
Assume breach, then respond faster
A recurring theme in the conversation is the decline of the fortress model of cybersecurity. Organisations can no longer assume that every attacker can be kept out.
Réza argues that companies need to accept that “it’s not a matter of if, it’s a matter of when”. Someone may click on a phishing email, a vulnerability may be missed or an attacker may find an unexpected route into the system.
For Ahmed, this is where AI can help on the defensive side. Security teams receive large volumes of alerts, but only some represent real attacks. Qevlar AI investigates those signals, connects to different security tools, and presents the security team with the facts behind its conclusion.
Rather than asking analysts to begin each investigation from scratch, the system can show what happened, why it believes the case is malicious, and what action could be taken next.
The aim is not to remove humans from the process. Human teams still understand the context of their organisation better than any generic system. But AI can take away much of the repetitive work and reduce the time between detection and response.
Governing automated defence
Allowing AI to make security decisions creates its own risks. Ahmed is particularly focused on false negatives, where an attack happens but the system fails to detect it.
Qevlar AI is designed for a collaborative mode with analysts. If the system does not have enough information, it can stop and ask for human review rather than reach an unsafe conclusion.
The same principle applies to remediation. Qevlar AI may suggest or automate certain low-risk actions, such as resetting a password under agreed conditions. Higher-risk actions, such as reimaging a payment server, remain under human control.
Ahmed distinguishes between automated and fully autonomous remediation. Customers decide which actions can run automatically, which require approval and where the system should only raise an alert.
“There's no case for a black box with Qevlar AI,” he says. The product explains the steps behind its reasoning and leaves the final level of control with the customer.
How a young company earns enterprise trust
Selling cybersecurity software to major enterprises tends to be difficult because the consequences of failure are high. Ahmed says Qevlar AI remained grounded in what its technology could do.
Prospective customers were invited to test it rather than trust a sales presentation.
“Trust is not something that you win by showing slides,” Ahmed says. “Trust is something that you win by demonstrating it.”
Réza agrees that credibility is built over time by doing what you said you would do. In a fast-moving market, established companies cannot always wait for incumbents to develop the right solution. That creates an opening for startups, provided they make the product easy to test and execute consistently.
Ahmed Achchak (Qevlar AI) & Réza Malekzadeh (Partech): When AI attacks, can AI defend?
EUVC · Episode
Europe’s cybersecurity opportunity
Réza believes Europe has the engineering talent to build major cybersecurity companies. The region has strong technical education, deep research capabilities and a new generation of founders who understand the importance of go-to-market.
Ahmed sees another advantage in Europe’s greater sensitivity to data use and control. That mindset influenced how Qevlar AI was built, including transparency around integrations, permissions, and customer data.
But he is also clear that European companies need global ambition. Serving only Europe will not be enough to create the next generation of cybersecurity champions.
“The pain is global,” Ahmed says. “The winners will be the ones that just dare to reimagine the space, dare to be hungrier maybe than others, and dare to just move fast.”


