The Valuation Trap
Why AI Security Startups Are Hiring Services Teams They Can't Admit Exist
Last month, I had a call with a VP of HR at an AI security company. They’d just raised significant funding and were on a hiring sprint. The mandate was clear: aggressive ARR targets with minimal operational overhead, powered by AI automation. Two weeks later, the same VP called back with a different request. They needed to hire “forward deployed engineers”, people who would embed inside customer environments to guide them through implementation. When I asked how this squared with the lean operating model, there was a long pause. “We’re doing the Palantir thing,” he said. “It’s not services, It’s strategic deployment.”
I’ve been a recruiter in cybersecurity for long enough to recognize professional services when I see them, regardless of what they’re called. But this wasn’t an isolated conversation. Across dozens of calls with AI security companies over the past twelve months, I’ve watched the same pattern emerge: companies that raised money on replacing human operators are quietly hiring those exact operators, just under different titles.
The numbers behind this pattern are staggering, and they suggest we’re watching a fundamental misalignment between how AI security companies are funded and how they actually need to operate to survive.
The Pattern
The AI Security space exploded last year. Massive amounts of venture capital flowed into the category, but revenue is slow. The numbers only make sense if imminent displacement of existing security operations is at play.
But something else is happening beneath the surface. One of the category leaders in AI SOC, recently hired someone who previously ran global SOC operations at a major managed detection and response provider. Another AI security company I work with told me their renewal rates were disappointing because their tool wasn’t being adopted. Incident response teams with 15-20 years of experience simply weren’t prepared to change their workflows. The solution? Deploy engineers into customer environments to guide the transformation.
When I talk to the MDR providers that everyone has been writing off as dinosaurs, they’re not worried. A product leader told me they’re building AI capabilities too, but with a crucial advantage: “We have 20 years of customer data and operational experience. These startups are great at building tools. They’re not great at deploying them into messy real-world environments.”
The Data
The valuation math explains why AI security companies are caught in this bind. According to March 2025 data from Jackim Woods, privately held cybersecurity product companies sell at revenue multiples around 8.5x, while their public counterparts command 14.2x multiples. Services companies, by contrast, trade at median multiples of just 1.3x revenue, based on analysis of over 600 M&A transactions in the IT services sector from 2015 to mid-2025 by Aventis Advisors.
That’s a 6.5x to 10x valuation gap depending on whether you’re private or public. If you’re a founder who raised money as a product company and then build out a services organization, you’ve just destroyed 85% of your valuation basis. The incentive to avoid the word “services” isn’t about semantics, it’s about survival.
The market reality, however, doesn’t care about your cap table. A December 2025 study by the Ponemon Institute found that just 18% of organizations have fully adopted and enacted AI cybersecurity tools. Sixty-five percent of security teams report challenges integrating AI security solutions with legacy systems. These aren’t simple product-market fit problems. These are implementation problems that require human expertise to solve.
Job posting data reveals how companies are responding. According to February 2026 analysis, postings for “forward deployed engineer” roles spiked 800% in 2025, fueled specifically by companies needing to integrate AI solutions. As one hiring analysis noted, these roles “require stronger communication and consulting skills” and “focus on solving customer-specific challenges”, job descriptions that sound remarkably similar to implementation consultants or professional services engineers.
Compensation data from Levels.fyi shows these aren’t junior roles either. Palantir’s Forward Deployed Software Engineers, the model everyone is copying, earn between $171,000 and $415,000 annually, with a median of $215,000. One analysis compared FDE responsibilities to “those of a startup CTO.” These are expensive hires that represent significant operational overhead, exactly what you’re not supposed to have in a capital-efficient software business.
The funding announcements tell the other half of the story. AI security funding hit $6.34 billion in 2025, nearly tripling from $2.16 billion in 2024, with average deal sizes jumping from $34 million to $54 million. 7AI alone raised a $130 million Series A, the largest cybersecurity Series A in history (until it was beat last week by Mr Mandia rolling his sleeves back up). Yet none of these funding announcements mention building services organizations or professional services teams. They talk about expanding engineering, deepening channel partnerships, and accelerating product development.
What This Means for Your Career
If you’re a security analyst, detection engineer, or SOC operator watching this unfold, the opportunity isn’t where most people think it is. The common wisdom says get into AI or get left behind. But the real career leverage right now is in understanding both worlds, traditional security operations and AI implementation, because these companies desperately need people who can bridge that gap.
The “forward deployed engineer” roles these companies are hiring for pay like senior engineering positions ($170,000 to $415,000 based on Palantir’s model) but require a different skill set than pure product engineering. You need to understand customer environments, translate between technical and business stakeholders, and guide organizations through workflow changes. If you’ve spent the last decade in a SOC or doing incident response, that experience isn’t becoming obsolete, it’s becoming more valuable, just under different job titles. The question is whether you can articulate that value in the language these AI companies use: transformation enablement, deployment strategy, adoption acceleration.
For those already at established MDR providers like Expel, Arctic Wolf, or ReliaQuest, the picture is more nuanced than the “MDR is dead” narrative suggests. These companies have two decades of operational data and customer relationships that AI startups can’t replicate overnight. They’re building AI capabilities too, but from a position of understanding what actually works in messy production environments. The risk isn’t that your job disappears, it’s that your company fails to evolve fast enough or that leadership makes a strategic mistake like SecureWorks did in 2017 when they tried to abandon services for a pure software play.
The uncomfortable truth is that both sides need each other more than either wants to admit. AI companies need experienced operators who can make their tools work in the real world. Traditional security companies need AI capabilities to stay competitive. The professionals who position themselves at that intersection, who can operate in both paradigms, are the ones who’ll command premium compensation and have actual job security over the next five years.
What to Watch For
The clearest signal will be in how these companies describe their headcount growth over the next 12 months. When a $130 million Series A company announces they’re hiring, pay attention to the ratio of “engineers” to “forward deployed engineers” or “customer success engineers.” If the latter category is growing faster, it means the implementation reality is hitting harder than the product vision anticipated. That’s not necessarily bad, it’s just honest.
Also watch for rebranding at the company level. Some of these AI security startups will eventually embrace a hybrid model openly, positioning themselves as “AI-enabled managed services” or similar formulations. The companies that do this successfully will be the ones whose investors are sophisticated enough to see past the valuation multiples to the actual market need. The ones that don’t, that continue insisting they’re pure product companies while quietly building services teams, will face increasing tension between their cap table story and their operational reality.
Last week, I placed a former Mandiant consultant into a “Strategic Deployment Lead” role at an AI security company. The hiring manager spent twenty minutes explaining how it wasn’t a services position. I spent five minutes explaining to the candidate that it absolutely was, just with better equity and a more interesting technical stack.
The valuation trap isn’t really about valuations, it’s about the stories we tell ourselves about how technology creates value. AI will transform security operations, but not by eliminating the need for human expertise. It’ll transform it by changing what that expertise looks like and where it’s applied. The companies that figure out how to build that honestly, even if it means lower multiples, are the ones that will still be here in five years. The ones that don’t will make for interesting case studies about what happens when venture narratives collide with market reality.
I've always told people that before you join cyber startups make sure you feel comfortable with the revenue scale and valuation of the company today! Treat it just like you are being asked to invest in it with your own cash. It can still be a great company but not worth your time investment in joining!