This document is provided for general informational purposes only and does not constitute legal, tax, accounting, insurance, brokerage, risk management, or other professional advice. You should consult your own legal counsel or other qualified professional advisors regarding your specific circumstances, and receipt of this document does not create any client, advisory, fiduciary, brokerage, or other professional relationship with Alliant Insurance Services, Inc. This document is provided “as is” without warranty of any kind, and Alliant Insurance Services, Inc. disclaims any liability for any loss or damage arising out of or relating to reliance on this document.
Podcast
Cybersecurity in the AI Era: How Predictive Security Is Reshaping Threat Detection and Prevention
By Alliant Cyber / June 08, 2026
Cybersecurity risk management is shifting from reactive threat detection to proactive, AI-driven predictive security strategies that help organizations identify and mitigate threats before incidents occur. Brendan Hall, Alliant Cyber, welcomes Paul Jespersen, founder and CEO of PRE Security, to discuss how predictive cybersecurity and AI-powered SecOps are giving organizations greater visibility into risk while reshaping cyber underwriting and incident prevention. They share practical insights on reducing false positives, strengthening cyber resilience and using real-time security intelligence to support smarter risk management decisions.
Find us on Apple Podcasts & Spotify
Intro (00:00):
You are listening to the Alliant Specialty Podcast, dedicated to insurance and risk management solutions and trends shaping the market today.
Brendan Hall (00:09):
Hello, and welcome back to yet another Alliant Specialty Podcast, cyber edition. I am your host, Brendan Hall. I am here today with Paul Jespersen of PRE Security. Paul, welcome to the podcast.
Paul Jespersen (00:26):
Thanks, Brendan.
Brendan Hall (00:27):
Paul, before we dive into the questions, I'm a huge fan of your company. I met some of your colleagues, it would've been in the fall of 2025 at a conference in, of all places, the booming metropolis of Schenectady, New York, which is not a place you would expect to meet other cybersecurity people, but there was a great conference up there called the Tech Valley Cybersecurity Summit. I met some of your colleagues there, and we got to talking. I just was immediately fascinated with what you all are doing. Without stealing any of your thunder, as I said to you, I want you to humble brag about yourself. Please tell me about PRE Security. What is the genesis of the company? Where do you guys come from? What are you doing today? Before we get into the real meat and potatoes of this discussion.
Paul Jespersen (01:13):
Thanks. My co-founder, his name is John Peterson and myself, have both been in this business basically for about 30 years. Matter of fact, our first jobs were together 30 years ago, and we've been working together in multiple companies over our careers and in a wide range of different types of cybersecurity companies. Over that time, we've seen a lot of things, what works, what doesn't work, where the pain points are, what the benefits of different approaches or solutions is. One of the things that we were kind of starting to focus on was that recently, and by recently I call it the last decade or so, a lot of companies have been focused on what we call the detect and respond methodology of cybersecurity. If you're exposed at all to cybersecurity, you'll see things like EDR or NDR or XDR, these are all kinds of detect and respond. That's what the DR in those is for. You have endpoint detection or network detection based approaches. What all of these are doing, and if you think of it, detection by definition means something already happened and you're detecting it. The emphasis in a lot of the cybersecurity world over that last decade is refining those tools to detect things as soon as possible. You'll hear things even in your side of the equation with insurance. If there's an incident and it's being evaluated and things like this, you'll see things like what was the mean time to detect or the time to respond and things like this. All of those are metrics based on that model of detect and respond.
My co-founder and I started talking about the company we were going to found, and the question that we came up with was, how do we get out of being so reactive? Everything in cybersecurity is reactive, somewhat by necessity, but regardless, how do we get out of that and become more proactive in our cybersecurity and in just protecting our businesses in general? As part of that, one of the things that we started asking ourselves was, what if we could actually predict bad actors and incidents before they cause harm to the companies and organizations that we built a solution for? That was kind of the genesis of the company. As we started investigating it, we saw a lot of things in other industries, including in your industry, insurance, where predictive analytics are fairly common. You know, finance, insurance, even manufacturing companies, people are dealing with predictive analytics quite a bit. What is the likelihood of such and such an event, and what's its implications in my organization and so forth? What we realized was nobody's really been asking those questions inside of cybersecurity, and so that's the premise that we started the company on.
When we started the company, this was back in 2023, was just at the time when things like ChatGPT were kind of coming into the public consciousness, exploding onto the environment there. What we found was it was a good time to combine our experience with this notion of predictive, proactive cybersecurity and with these new kind of AI-based tools to help us achieve that. That's kind of where we came from and how we got there.
Brendan Hall (04:27):
Really cool. No, I love it. It's such an interesting thing because, as you say, people have always just assumed this reactive stance because that was all we could do. Now technology's advanced, where now it's like, you can keep doing that, but now we do have tech and we do have some intelligence available to us that would allow us to stop these things before we even have to respond to them. Really cool. One of the things that really just got my brain working when I first met with some of your folks and thought, this is a really interesting, this is definitely different. I wanted our clients and our listeners to know about it. One of the things we wanted to ask you, because obviously as an insurance broker, we're talking to clients constantly and working with them through applications, which are now similar to the Iliad in terms of how long they are. But many of our insurers feel like, hey, we're pouring all this money into our risk posture, but then our insurance underwriters asking us questions that aren't always necessarily correlated into the places where we feel they need to be. There's a disconnect. How does PRE give a carrier or broker a quantifiable visibility into a potential insured's realtime security posture, so that their underwriting isn't just this one-time questionnaire, but ongoing data-driven view that can justify better terms and lower premiums when the risk is truly reduced?
Paul Jespersen (05:47):
Yeah, there's a couple of things. We asked a lot of these questions in building the platform as well, not from an insurance provider's perspective, but literally from the operator's perspective, because we don't feel like they really have an understanding of what their risk profile is either. One of the models that we have in our system that we're always trying to figure out is, what is an individual company's risk profile? We actually have something in our product we call security posture report, which is kind of our top-level view. It's a little bit like a weather report, like weather reports are somewhat predictive. We also are being predictive in how we see the customer's environment based on the factors that we know and how we kind of infer that things would happen going forward based on that. We have that kind of risk profiling and security posture scoring built into actually the usability of the product right from the beginning. Underlying that, one of the things also that we tried to do is identify and help the user understand what they are even able to detect and predict based on the data that they have.
Without getting too far down into the weeds, a lot of people are operating with the assumption that they have the information they need to make detections and predictions, but they really don't. It's one thing to fill out a questionnaire and say, here's the log sources that I have or the solutions that I deploy, but it's another to have it evaluated in terms of what is my real coverage here. One of the things that we also have built into the platform is something called a security readiness scoring or data diversity scoring, where we can actually map the data we have coming into the platform and identify areas where we aren't seeing enough data to make detections and predictions. All that feeds into those types of scoring and posture reports that we're providing.
Brendan Hall (07:46):
Really interesting stuff. Wow. So if you're not getting enough data, you can sort of go back and say, hey, listen, this is sort of a dark area, right?
Paul Jespersen (07:54):
Yeah, even more than that. The reality is that one of the biggest problem operators have in cybersecurity is something that's called false positives. False positives are when those security tools you have are making detections that, maybe they're made typically because there's lack of context or lack of information available to distinguish and identify it as an important or non-important event. One of the reasons that that happens is because of lack of data diversity and things like that. There's a whole bunch of reasons why people don't have that data, but we help identify it and make it obvious in case they do want to shore up their data coverage.
Brendan Hall (08:30):
From a security perspective alone, I can't even imagine how much time and millions, tens of millions of dollars spent a year chasing down ghosts, false positives, things that are nothing and will never be anything, but they come up as a flag and people have to chase them down.
Paul Jespersen (08:48):
It's actually worse than that. It's not just chasing the false positives, it's actually also chasing detections. The whole industry focus on detect and respond has gotten to the point where people are essentially chasing alerts. A security operator comes in at the beginning of the day, he's got a list of alerts, and he has to go chase down each one of those alerts, identify which ones are important, not. He doesn't necessarily even know which ones are truly important, which ones are false positives, on and on and on, but he's just chasing alerts. In our world, where we're trying to change the model and become more proactive, we're trying to think of the entity, their story going on, not just individual words or alerts. You can chase individual words, but unless you have the context and know more about what the story that's being told is, the words don't really mean anything. If I chase down and do a search for every instance of the word "him" in a book, it doesn't tell me anything about what the book's trying to tell me. It just tells me there's 400 instances of the word him and which pages they're on. Those kinds of things we're trying to change and what we had to figure out as we worked on achieving the ability to do predictions.
Brendan Hall (09:56):
Sure. When I think about the insurers, and what they're interested in, what they care about, the biggest drivers for them of payouts or frequency and the severity of these incidents, can you walk us through specific ways that PRE's AI-driven SecOps reduces the likelihood and impact of events like ransomware or business email compromise, which are the two most frequent types of incidents we're seeing, and how that translates into fewer claims and smaller loss amounts for carriers?
Paul Jespersen (10:23):
Sure. Again, it really goes to the nature of detecting versus predicting. Detecting means it already happened, or at least some of the components leading up to it happened. Predictions are saying this is what's most likely to happen based on the information that we have to date and hopefully doing it before critical paths are met. We're still doing, of course, the detections and everything else, but we're trying to get ahead of the equation and offer up the predictions based on, again, what are the vulnerabilities, what are the anomalous user behaviors that are going on and kind of stitch together overall what the posture is. What's the risk of these things and then what are specific indicators where we can infer, hey, a ransomware event is likely based on specific vulnerabilities, based on specific user behaviors, based on different data points that we do have. iI we can get that information ahead of time, now all of a sudden we can also offer up suggested remediations and how to shore things up before the actual damages even gets done. It's a lot easier to block those things than it is to recover from them.
Brendan Hall (11:30):
I spent a lot of time doing business development and in the insurance world we're always looking for ways to differentiate beyond just cutting fees or commissions because it is a somewhat commoditized place. How could Alliant use PRE to help a client earn preferred pricing or expand their coverage? How might that partnership help carry us, so we're more comfortable with offering lower deductibles or higher limits?
Paul Jespersen (11:58):
There's a number of things. Again, if you can equip the company or the organization with tools to help them become more proactive, that's kind of an obvious win. Now instead of chasing always, what's your time to detect something or time to respond, you get into preventative measures instead of response measures, you get into prevention measures. There's value in that, the value of completely avoiding the cost of an event as opposed to paying for a little bit of prevention. One of the things too that we see a lot is in the detect and respond world, you'll have different vendors claiming how fast they can do various detections and things like that. The reality is, as you know, most customers, especially sophisticated users, they have complex environments. They're not working in labs. They have multiple tools. They have multiple different things going on. In the real world, those hybrid environments, a lot of companies still have time to detects in the range of closer to a year than to minutes. I think the latest numbers are something like 280 days or something like that, average time to detect a data breach. A lot of times those signals exist in the company's environment already, but there's nothing that's collecting those signals and inferring what's the next event in the story that's going to happen. That's how you get ahead of that. By reducing the likelihood of the event ever getting to the point of causing the damage, you decrease the likelihood of a breach and of the cost associated with the breach.
Brendan Hall (13:26):
How are things like Project Glasswing with Anthropic impact the industry writ large and assuming all of this checks out and is actually as good as they say it is?
Paul Jespersen (13:39):
All the models over the last three or four years have been getting consistently better and better and better. Of course, the highlighting that's been done around Mythos and Glasswing is largely related to application security. One of the things right now is everybody's overwhelmed with what are people even talking about when they're talking about AI security? Are they talking about security of the AI, or are they talking about the security from the AI? Are they talking about application security?
Brendan Hall (14:03):
All of the above.
Paul Jespersen (14:04):
Yeah, exactly. Our solutions focused mostly on an individual enterprise's security operation. How do they protect themselves from attacks and environments, not from the security of applications that they've built or those kinds of things. A lot of the focus from Mythos specifically is on those vulnerabilities, but the reality is all these models are increasingly more powerful and and more useful. It's kind of a two-edged sword. You get both of them at the same time. They can be used for good, and they can be used for bad. One of our slogans is fight AI with AI. We believe very strongly that people who aren't using AI are exposed to risks that they can't keep up with because of AI. Hackers can use AI. They can use AI to obfuscate their attacks, to hide from their existing detection tools. Unless you're using AI techniques to also detect those types of things, to look beyond the simple kind of pattern matching detections that we've been doing for a long time, but using AI in a generative way to identify novel and obfuscated attacks, you're really falling behind. That's one reason we believe that even traditional tools, even from legacy providers without naming names, but any of the big SIM providers or a lot of the cybersecurity tools, they're using AI maybe for automation, but still not in the detection phase. There's a lot of concern about companies keeping up with the velocity of attacks that are enabled by AI to the organization, not just to applications and not just to their AI.
Brendan Hall (15:38):
We talk with clients all the time, and we just say the bad news is bad guys are using AI, the good news is so are the good guys. We're all fighting this to like tap on tap battle. I went from never not using Chat at all, ChatGPT, for like business context and use and to using it every day, multiple times a day. Everything I go to do, I think first, wait a minute, can I do this better or faster with some AI-enabled technology, whether I'm creating a presentation deck or responding to an email or sending out a net-new, there's so many use cases for it. I think you're right. If you're not using it in your security posture, in your security stack, I just feel like the transformation is all of a sudden, like it's on and it's happening faster than we can possibly keep up with probably.
Paul Jespersen (16:28):
Pretty much. Our company is an AI native company, building an AI native solution, and we have a hard time keeping up. People who are not totally immersed in it, for better or worse, have a major challenge in keeping up. I don't envy a lot of people in those situations because where do I apply my budget? Which tools do I leverage and trust? It's not a simplistic answer. It's moving very quickly.
Brendan Hall (16:53):
Bcause most companies, you can't cover every single base. You're doing the best. You're putting money, you're putting your chips where the likelihood of your attacks are mostly going to come from. If they come from somewhere else they haven't thought of in particular, if there's this deep, deep software vulnerability that Glasswing or one of these AI tools is only going to find and human beings actually can't see and have missed for a decade. We're all very vulnerable, but sort of in closing here, so looking ahead, what is an ideal insurance plus security bundle look like to you? So for example, if Alliant were to offer PRE-enabled SecOps as part of a cyber program, how could that help do things like lower the total cost of risk, help carriers see more predictable, lower severity losses and for brokers to build revenue streams tied to measurable risk mitigation rather than just seeing more limit?
Paul Jespersen (17:42):
That would be kind of a happy scenario.
Brendan Hall (17:47):
Zanadu! Zanadu of insurance!
Paul Jespersen (17:47):
Exactly. Again, we can arm the user and the insurer with information. What is the actual risk profile? Our risk profiles are generated effectively by AI, looking at everything it knows about the individual's environment. For better or worse, again, I've been in that industry and building these other solutions as well. Most risk scoring and things like that are based on simplistic mechanical formulas and are not really dynamic or attuned to specific environments. What we're trying to do is provide a more dynamic, more informed scoring and risk profile security posture, if you will. Then building on that, to enable the user to operate in a more proactive, predictive way where hopefully they can completely avoid major scenarios as much as possible.
Brendan Hall (18:38):
This has been a great conversation, Paul. I really appreciate it. Like I said, I'm a huge fan of your company and what you guys are trying to do. I think you're out there well ahead of some of the major players that have been doing this for a long time, and you're disrupting what is in a best effort by a lot of really cool and smart folks.
Paul Jespersen (18:57):
We're trying to.
Brendan Hall (18:58):
You're trying to, yeah. I hope for nothing but the best for you guys. I think our clients should, would and could know more about what PRE Security is doing. If you have any questions if you're listening to this, please email the Alliant Cyber team. It's very easy, AlliantCyber@Alliant.com, and we can get you connected with the folks from PRE if you just want to have a chat or are interested in seeing a demo of their tech. Paul, really appreciate your time. Thank you for cutting this out of your very busy schedule talk here.
Paul Jespersen (19:31):
No problem. My pleasure.
Brendan Hall (19:32):
Wish you all the best in the continued growth of PRE.
Paul Jespersen (19:36):
Likewise, and thanks for all the support from Alliant.
Thanks for your message.
We’ll be in touch shortly
News & Resources
