As a serial cybersecurity founder who helped build Check Point, Imperva and now Cato Networks, Shlomo Kramer has lived through several waves of tech exuberance. In a recent Business Insider interview, he argued that the current rush into artificial intelligence looks increasingly like a bubble and distilled decades of hits and misses into three rules he uses when backing startups. His comments raise three questions for investors: what exactly has changed in the AI market, why his bubble warning matters for tech and cybersecurity portfolios, and how to navigate the timing uncertainty that always surrounds frothy cycles.
The AI Investment Frenzy: What Changed Now
The launch of ChatGPT in late 2022 turned a long‑running research field into a mass‑market phenomenon, triggering a surge of capital into anything labeled “AI.” In his interview with Business Insider, Kramer described growth rates in AI startup funding as unsustainable, arguing that the speed of valuation increases has outpaced the underlying business fundamentals. Venture reports he cited point to AI startup funding totals that exceeded 50 billion dollars in 2023, a figure he views as a signal that enthusiasm has jumped ahead of realistic revenue expectations and deployment capacity.
Kramer’s concern is not that AI lacks long‑term potential but that the current funding wave is rewarding slideware over substance. He links the flood of capital to a feedback loop in which every high‑profile AI launch prompts more speculative bets, while investors feel pressure not to miss the “next big thing.” In his telling, the result is a market where any company that can plausibly claim to be building on large language models is being valued as if it will dominate its category, regardless of whether it has customers, product‑market fit or a path to profitability.
Kramer’s Warning: Spotting the AI Bubble
Kramer’s skepticism is shaped by his experience co‑founding Check Point in 1993 and Imperva in 2002, periods that bracketed the dot‑com boom and bust. In the Business Insider conversation, he drew a direct line between the speculative excess of that era and what he now sees in AI, arguing that investors are repeating familiar mistakes by extrapolating early success stories into a universal template. He compared some current AI pitches to the vague “internet plays” that dominated late‑1990s prospectuses, with little clarity on how or when they would make money.
Market data supports his sense that valuations have detached from fundamentals. Kramer pointed to coverage in outlets such as TechCrunch highlighting sharp valuation spikes for early‑stage AI startups that have limited revenue and short operating histories. He framed this as classic bubble behavior: more capital chasing fewer differentiated opportunities, with pricing driven by fear of missing out rather than disciplined analysis of cash flows, competitive moats or execution risk.
Why This Matters for Investors and the Cybersecurity Sector
Kramer’s warning carries particular weight because he is not commenting from the sidelines. As the co‑founder and CEO of Cato Networks, he is building a cybersecurity platform that uses AI techniques to help secure enterprise networks, so he has a direct stake in how sustainable the AI boom proves to be. Cato itself has attracted significant investor backing, including a funding round of 100 million dollars in 2023, which Kramer views as validation of a model grounded in recurring revenue and clear customer demand rather than pure AI branding.
For investors, he argues that the AI bubble risk is not just about overpaying for a handful of high‑flying stocks. It also raises the prospect of misallocated capital across the cybersecurity sector, where money may flow to companies that promise “AI‑powered” defenses without demonstrating that their tools reliably stop attacks. Kramer points to real‑world vulnerabilities such as the Government‑maintained record for CVE‑2025‑32711, which describes “AI command injection in M365 Copilot” that allows an unauthorized attacker to disclose information over a network, as evidence that AI features can introduce new security holes if they are rushed to market without rigorous testing.
Rule 1: Focus on Real Problems and Scalable Solutions
Kramer’s first investing rule is to back startups that solve concrete, painful problems rather than chasing fashionable buzzwords. In the Business Insider interview, he stressed that he looks for founders who can articulate a specific customer workflow or risk that their product addresses, and then show how their technology scales beyond a handful of pilot deployments. He contrasted this with AI startups that pitch broad “productivity gains” without specifying which tasks they automate, how they integrate into existing systems or how buyers will measure success.
He illustrated this rule by pointing to his early investment in Palo Alto Networks, which he described as a bet on a clear need for more granular, application‑aware firewalls rather than a generic “next‑generation security” slogan. According to Business Insider, Kramer said that what impressed him was not just the technology but the way the team framed a specific problem that legacy firewalls could not handle and mapped out a route to selling into large enterprises. For him, this kind of clarity is the filter that separates enduring companies from those that merely ride a hype cycle.
Rule 2: Evaluate Team Execution and Market Fit
The second rule Kramer laid out focuses on the people building the startup and the evidence that their product resonates with customers. Drawing on his experience co‑founding Imperva, he told Business Insider that he pays close attention to founder track records, not in terms of pedigree but in terms of shipping products, winning early customers and adapting quickly when initial assumptions prove wrong. He said that in his own companies, the ability to iterate with design partners and respond to real‑world attack patterns mattered more than any initial technical vision.
Kramer also described using simple financial and traction metrics as a sanity check on AI valuations. According to Business Insider, he prefers to see a minimum revenue threshold before he is willing to accept premium pricing, even in hot sectors like AI. While he did not frame this as a rigid rule, he argued that revenue and renewal rates are the best available proxies for product‑market fit, and that investors who ignore these signals in favor of narrative risk repeating the mistakes of the dot‑com era.
Rule 3: Prioritize Sustainable Business Models
Kramer’s third rule is to prioritize startups with business models that can endure once the AI spotlight moves on. In cybersecurity, that often means subscription‑based services with high renewal rates and demonstrable impact on risk reduction, rather than one‑off licenses or consulting‑heavy offerings that depend on constant customization. He told Business Insider that he looks closely at unit economics, such as customer acquisition costs relative to lifetime value, to gauge whether a company can grow without relying on continuous infusions of venture capital.
He also warned about what he called “vaporware” in the AI sector, describing pitches that lean heavily on impressive demos but lack clarity on how the product will be maintained, secured and supported in production environments. Kramer linked this to the broader issue of evolving AI regulations, noting that uncertainty around compliance obligations could expose startups with flimsy business models to sudden cost spikes or liability risks. For investors, his message was to favor companies that treat AI as one tool in a broader strategy rather than the entire value proposition.
What Remains Uncertain and Next Steps
Even as Kramer warns of an AI bubble, he acknowledges that predicting the exact timing and shape of any correction is impossible. Other executives take a more optimistic view, arguing that current valuations reflect the scale of the long‑term opportunity rather than a speculative overshoot. A recent report cited the DBS CEO discussing market turbulence as AI stocks reach what he described as bubble territory, illustrating that even among seasoned leaders there is disagreement over how stretched prices have become and how quickly they might revert.
For investors and operators in cybersecurity, Kramer’s rules offer a framework for navigating that uncertainty without trying to time the market. His own track record, outlined in the official bio that describes him as a network security expert, co‑founder of Check Point and Imperva, and current CEO of Cato Networks, suggests that discipline on problem selection, team quality and business model can help weather both booms and busts. In practical terms, that means diversifying exposure across companies with proven demand, scrutinizing AI features for real security impact rather than marketing appeal, and monitoring how vulnerabilities such as AI command injection in Copilot reshape the risk calculus for enterprises adopting these tools.
More From The Daily Overview
*This article was researched with the help of AI, with human editors creating the final content.
Grant Mercer covers market dynamics, business trends, and the economic forces driving growth across industries. His analysis connects macro movements with real-world implications for investors, entrepreneurs, and professionals. Through his work at The Daily Overview, Grant helps readers understand how markets function and where opportunities may emerge.
