At FII Institute’s #FIIPRIORITY Miami, I had the pleasure of moderating a fascinating discussion with Orlando Bravo, Founder & Managing Partner of Thoma Bravo, on the intersection of AI and cybersecurity. With Thoma Bravo managing $170 billion in assets and having acquired over $250 billion in software companies, Orlando offered a sharp perspective on how AI is reshaping security threats and defenses.
AI is fundamentally changing cybersecurity, acting as both a force multiplier for cyber threats and a critical defense tool. Orlando put it plainly: “AI just makes the bad guys worse.” He highlighted how generative AI has supercharged cyberattacks, particularly in phishing. Proofpoint, the world’s leading email security company and part of Thoma Bravo’s portfolio, has seen a 400% increase in AI-generated phishing attempts. Attackers now use AI to create near-flawless fraudulent emails that mimic trusted institutions. “The days of spotting typos and bad grammar in phishing emails are over,” Orlando noted. “Now, these emails look completely real.” This shift has elevated cybersecurity from an operational concern to a boardroom-level risk.
At the same time, AI is proving to be a formidable tool for defense. Companies like Proofpoint use AI-driven threat detection systems to analyze vast datasets, detect attack patterns, and neutralize threats before they reach inboxes. AI is also transforming identity management, a key vulnerability in corporate security. “You can have the best firewall in the world, but if your identity systems are weak, you’re still exposed,” Orlando said. Solutions from firms like SailPoint and Ping Identity enable zero-trust security models, ensuring only authorized users—human or AI—can access critical systems.
The conversation naturally turned to AI regulation. Policymakers worldwide are grappling with how to control AI’s risks without stifling innovation. Orlando was clear: “Regulate the outcomes, not the technology.” He suggested focusing on real-world consequences like fraud, data security, and AI-driven misinformation rather than restricting the technology itself.
For business leaders, cybersecurity is no longer just a technical issue—it’s a business-critical concern. Orlando outlined three fundamental questions every executive should ask their security teams: “What are our most valuable digital assets? Where are we vulnerable? And what’s the plan to protect them?” Cyber threats are only increasing as businesses digitize more of their operations. “This isn’t a cost. It’s an investment in survival,” he emphasized.
AI is permanently altering cybersecurity, both for attackers and defenders. The companies that thrive in this new landscape will be those that treat security as seriously as their core business. It was a privilege to lead this conversation at #FIIPRIORITY Miami, and I look forward to continuing discussions on how law, technology, and security must evolve in response to AI’s rapid advancement.
Watch our full conversation here.