No Priors Ep. 38 | With Material Security Co-Founder Ryan Noon

Cyber Security is going to change significantly in the era of AI, according to Ryan Noon, cofounder of Material Security, a security company that makes cloud-based Google and Microsoft email a safe place for sensitive data. Elad Gil and Ryan talk about how Material Security started to use LLMs, potential security threats from AI hacks, and the role of the government in securing the Internet. Ryan also shares his advice for founders. Ryan co-founded Material Security in 2017 after seeing high profile email hacks in the 2016 Presidential election. Previously, he led various engineering teams at Dropbox after it acquired his first company, Parastructure. Prior to Parastructure, he led engineering at a data analysis company spun out of Stanford by DARPA. He holds both an MS in Computer Networks and Security and a BS in Computer Science from Stanford. 00:00 - How 2016 Election Hacking Inspired Ryan to Start Material Security 05:02 - Generative AI Use Cases in Cyber Security & Fine Tuning 11:50 - Predictions on Effective Threat Levels from AI Hacks 15:39 - Democracy, the Department of Defence, DARPA and Cyber Security 20:17 - Is there room for startups in the Cyber Security industry? 27:13 - New Challenges On Horizon After 7 Years as Cofounder 30:32 - Advice to Founders

Elad GilhostRyan Noonguest

Oct 25, 202336mWatch on YouTube ↗

WHAT IT’S REALLY ABOUT

AI Supercharges Cybersecurity: Material Security’s Ryan Noon On Defense

Ryan Noon, co-founder and chairman of Material Security, explains how the company protects cloud email (Google Workspace, Office 365) by assuming accounts will be compromised and limiting the damage through “defense in depth.”
He describes how generative AI, especially LLMs, has become a powerful tool for security operations, from interpreting messy signals to reading code and analyzing logs, while also amplifying attackers’ capabilities.
Noon argues that AI represents a step-function shift—like moving from bronze to iron weapons—creating an arms race in which intelligence itself becomes commoditized and nations, companies, and attackers all must adapt.
He also discusses the structure of the cybersecurity market, the dominance and acquisition patterns of incumbents, and offers candid advice to founders on markets, teams, and avoiding overcomplicated “shovel-selling” in AI.

IDEAS WORTH REMEMBERING

5 ideas

Design security assuming attackers will eventually get in.

Material’s philosophy is “defense in depth”: treat account compromise as inevitable, then constrain what attackers can access (e.g., redacting stored sensitive email and requiring extra authentication to rehydrate it).

Use off-the-shelf LLMs before over-investing in custom models.

Noon argues that even baseline models like GPT‑3.5 already contain substantial embedded security knowledge and reasoning, so teams should exploit this capability first rather than rushing into fine-tuning or building elaborate AI moats.

LLMs excel at noisy, text-heavy security tasks.

From parsing raw email headers to reading code and scanning for sensitive data leaks, LLMs act like a cheap, partial security analyst that can filter signals, explain patterns, and handle previously hard automation problems.

AI amplifies attackers by lowering skill and scale barriers.

Even simple uses—like grammar-correcting phishing emails or automating social engineering at scale—materially increase threat effectiveness, letting “one jerk with a for loop” do what used to require a roomful of attackers.

Open, liberal societies are structurally more exposed online.

Because Western systems are open, deeply networked, and largely privatized, they adopt digital tech quickly but leave a broad “soft underbelly” in cyberspace, unlike authoritarian regimes that can tightly control platforms and information flows.

WORDS WORTH SAVING

5 quotes

We used to call the company seat belts for email.

— Ryan Noon

It turns out if you feed precisely one internet to precisely a million GPUs, it picks up a thing or two about cybersecurity.

— Ryan Noon

You know that you have like 90% of a human that you can use for like a penny and a half, right? Start there.

— Ryan Noon

Intelligence is now a commodity that we can arms race.

— Ryan Noon

Play the game on easy if you possibly can.

— Ryan Noon

Origin and core products of Material SecurityDefense-in-depth approach to email and account securityPractical applications of LLMs in cybersecurity operationsEmerging AI-driven cyber threats (phishing, voice cloning, automation)Nation-state, infrastructure, and national security implications of AIEconomics of the cybersecurity industry and incumbent vs. startup dynamicsFounder advice on markets, team formation, and AI startup pitfalls

High quality AI-generated summary created from speaker-labeled transcript.

Get more out of YouTube videos.

High quality summaries for YouTube videos. Accurate transcripts to search & find moments. Powered by ChatGPT & Claude AI.