There’s a growing consensus in cybersecurity that AI will render the old platform vs. point product debate moot. That’s wrong, badly wrong, perhaps even perilously wrong. Understanding why is essential, and lays the groundwork for a deeper conversation about what our industry is getting right (and wrong) about AI adoption in general.

AI to the rescue?

The background to the point product vs. platform discussion can be summed up pretty quickly.

The cybersecurity vendor market (and thus, the average security team’s stack) has become unreasonably complex. Purchasing, integrating, and managing dozens of separate cybersecurity point solutions is time-consuming and expensive, not to mention exhausting and unsustainable.

Integrated security platforms offer an end to tool sprawl and integration challenges, along with corresponding gains in efficiency, affordability, and security outcomes. Platforms, and greater integration in general, are undeniably the right approach for the industry moving forward.

But the counterargument to platforms has always been that they can’t do everything they promise, and deliver second-rate capabilities when compared to dedicated point solutions. That critique has merit, considering the half-baked approach to platformization at many large vendors.

Until recently, this seemed like an intractable debate. But then…the great deus ex machina of our time arrived on the scene: generative AI. Swooping in to deliver seamless integration of best-in-class capabilities, GenAI will now give every team the benefits of a unified platform with none of the drawbacks.

MCP servers, the thinking goes, will allow point vendors to offer high-quality, differentiated capabilities in a way that AI can understand and, more importantly, interact with. CLI tools like Claude Code, Gemini CLI, and Codex will give teams easy and reasonably affordable access to AI, helping them leverage point products directly without requiring a human to know how to interact with those tools, understand the intricacies and quirks of each one, or manually integrate them with the rest of the stack.

Sounds great in theory. Breaks down, very, very quickly, in practice.

The four shaky premises of the “AI can fix this” argument

The fundamental problem with the thesis above is that it’s based on several faulty premises. These comprise four mistaken assumptions, both technical and operational:

Assumption #1: Every point product has a mature MCP server.

This one is easily disproven. Take a casual survey of the tools in your stack, and you’ll see that MCP server availability and maturity vary wildly between point products. Some point vendors don’t have an MCP server at all (not even on the roadmap). Many others have MCP servers that are little more than an imperfect, early attempt to help teams leverage AI in their workflows.

Assumption #2: Point product MCP servers support all point product capabilities.

Again, simply not true. Most point solutions expose only a fraction of their capabilities through their MCP servers. Why? Because it takes significant engineering effort, and thus expense, for a point vendor to support a capability through an MCP server. Point products thus offer AI support for only a small subset of their capabilities: usually the bare minimum needed for co-pilot functionality.

Assumption #3: AI will move seamlessly between tools and easily interpret data across point products.

Higher-end generative AI models can translate concepts accurately and consistently. But there is always a cost when models are actually deployed in complex systems. The presence of MCP servers will carry some kind of overhead: e.g., the prompts needed to explain how to translate different concepts or how to move from one system to another. AI effectiveness degrades quickly. Latency creeps in. Context windows are overrun and important data is lost.

Assumption #4: AI allows SecOps teams to maintain and provision point products effortlessly.

Perhaps the most obviously wrong of all. AI does nothing to change one basic fact: namely, that the point products it helps to integrate/manage are still separate products. Every tool still means another tool vendor. Those vendors have to be onboarded individually, and require separate contracts and contract negotiations, regular compliance checks, deployment work, and the like. At best, AI takes some of the pain out of tool sprawl. It doesn’t eliminate the underlying problem.

Back to square one?

Given the current state of things, consider what it would actually mean for a SecOps team to try to solve stack fragmentation challenges using AI.

Many point products in the stack won’t even have well-developed MCP servers. The most likely result is a quasi-platform that offers inconsistent functionality across core capabilities—with numerous unintegrated point products thrown into the mix. Sound familiar?

Best case, even if by some luck all of your point products have functional MCP servers, the stack will incur translation costs, hampering effectiveness and degrading security outcomes. Just as importantly, the “unification” offered by generative AI will only extend over a limited subset of your stack’s functionality, because again, most point products will only expose a small portion of their capabilities through that MCP server.

So when, for example, teams are doing basic alert triage, they will get some relief. Great! But all of that tool sprawl comes in through the back door as soon as it’s time to do anything else with the stack: onboard new organizations, deploy detection rules in multi-tenant environments, engage in proactive threat hunting, create compliance reports, perform remediation work, or any of the other myriad things that SecOps teams need to do with their tools. That hardly sounds like “problem solved” to me.

AI as the right way forward (and the wrong one)

I want to be really, 100% clear about one thing here. This is not an anti-AI-in-cyber post. I firmly believe that some form of AI enablement is the future of the SOC. But what form that will take is another matter. And to be frank, I think that where we are today vis-à-vis AI adoption in our industry is…not great.

I suspect that the problem is more philosophical than technical. It’s the predictable result of tool vendors still not understanding what modern SecOps teams really need: abstraction, interoperability, automation, scalability, flexibility, and control. In the past, we tried to describe a possible solution in terms of a “hyperscaler for cybersecurity.” But today, we’d have to expand the discussion to include the absolutely fundamental need to help teams leverage AI across the full spectrum of security operations.

Unfortunately, legacy vendors and AI startups alike seem to be mired in an outdated conception of tool provisioning and of their own relationship to security teams. Nowhere is this dynamic more apparent than in the current approaches to AI—either the AI bolt-ons offered by the incumbent mega-platforms or the so-called “AI SOCs” being sold by the challengers—both of which are dead ends. But that’s a topic for another post…