Rewiring Cyber Risk Management for the AI Era: Why We’re Investing in SAFE

Cyber threats are advancing faster than most organizations can respond. AI-generated attacks, growing digital ecosystems, and mounting regulatory pressure have exposed the limitations of legacy cybersecurity frameworks. Despite significant investment in security tools, many CISOs still struggle to quantify their risk exposure and communicate it in business terms, only exacerbating the difficulty of mitigating it.

That’s why we at Sorenson Capital are excited to double down on our investment in SAFE, the category leader in Cyber Risk Quantification (CRQ) and the first company to deliver fully autonomous capabilities across Third-Party Risk Management (TPRM) and Continuous Threat Exposure Management (CTEM).

The Problem: Legacy Tools Built for a Simpler Time

Security leaders face growing complexity across every layer of their organizations, especially with regulatory compliance requirements, yet the majority are still managing risk using frameworks rooted in manual inputs and periodic assessments. Reputable third-party evaluations are costly and can take months to complete, often becoming stale before the final report is delivered. These tools were not designed for today’s dynamic environments… or for real-time decision-making at the executive level.

Legacy platforms surface vulnerabilities, but they rarely explain which risks matter most, or how they impact the business. They operate in silos, lack business context, and fall short of delivering clarity that boards and regulators now expect.

The issue is not just a matter of outdated technology. It is a structural problem. Most cyber risk tools were built around rigid templates that cannot evolve alongside today’s fast-changing threat environment, or map risk back to financial and operational outcomes.

The Solution: AI-Native Risk Intelligence That Scales

SAFE’s platform represents a complete rethinking of how cyber risk should be understood, measured, and managed. SAFE has built a unified, AI-native system that operates continuously and adapts in real time, leveraging frameworks that risk and security practitioners already know and use.

Its agentic AI architecture functions like a 24/7 team of expert analysts. The platform continuously monitors risk across internal systems and third-party relationships, then quantifies business impact using financial metrics. The result is a dynamic, prioritized, and fully contextualized understanding of cyber risk, ready for both operational response and board-level decision-making.

SAFE’s three integrated modules work together through a single interface:

• Cyber Risk Quantification (CRQ): Converts technical vulnerabilities into measurable financial impact, enabling clear, data-backed decisions at both the tactical and executive levels.

• Third-Party Risk Management (TPRM): Delivers fully autonomous risk assessments, enabling third-party risk teams to manage vendor risk in real-time for the first time.

• Continuous Threat Exposure Management (CTEM): Deploys a network of autonomous AI agents that evaluate the entire attack surface and recommend prioritized mitigation actions in real time.

With SAFE One, organizations can shift from static reporting cycles to continuous, intelligent risk management.

Solving for Speed and Simplicity

One of the most powerful aspects of SAFE’s platform is its ability to deliver value immediately. While traditional platforms can take months to implement and often require dedicated teams to maintain, SAFE deploys in minutes and requires minimal configuration by leveraging native, agentless API connections.

This simplicity has not come at the expense of depth. SAFE is already trusted by global enterprises such as Google, Fidelity, T-Mobile, Chevron, and IHG. The company has posted triple-digit revenue growth for three consecutive years and was recently recognized as the leader in Forrester’s 2025 Cyber Risk Quantification Wave.

The Market Opportunity

Cyber risk has become a board-level priority. Regulatory expectations are rising, with new disclosure requirements pushing organizations to quantify and report on cyber risk using language the business understands.

Yet most companies remain reliant on manual processes or costly third-party evaluations. SAFE addresses this gap with a platform that translates cybersecurity signals into real business insights, enabling teams to prioritize resources and measure the effectiveness of security investments in real time.

Its API-native design and modular architecture make it scalable and accessible, removing the barriers that have traditionally kept advanced cyber risk management out of reach for all but the largest organizations.

Why This Team, Why Now

The SAFE team has consistently executed at a high level, moving from category creator in automated CRQ to market leader in TPRM and now CTEM. Co-founder and CEO Saket Modi brings deep vision and clarity to one of the most complex problems in enterprise security. His focus on building agentic AI solutions, which can reason, prioritize, and act in real-time, reflects a broader industry shift toward autonomous systems that augment human expertise.

“We’re not building another security tool, we’re pioneering AI-first risk management that will fundamentally reshape how organizations understand and respond to cyber threats,” explains Saket Modi, Co-Founder and CEO of SAFE. “Our agentic AI approach doesn’t just automate existing processes, it creates entirely new capabilities for autonomous risk assessment, prioritization, and mitigation that were impossible with traditional methods.”

The company’s roadmap toward CyberAGI, a fully autonomous model for understanding and managing cyber risk, positions it to define a new standard for how enterprises secure their digital environments.

Looking Ahead

As AI reshapes the threat landscape, organizations need more than detection and response. They need a foundation for managing risk that is intelligent, adaptive, and aligned with business strategy.

SAFE is building that foundation. Its platform enables CISOs and boards to move from reactive firefighting to proactive risk governance, backed by real-time insights and measurable outcomes.

“SAFE represents the next evolution of cybersecurity, moving from reactive tools to proactive, AI-driven risk intelligence,” shares Burke Davis, Partner at Sorenson Capital. “What has impressed us most was their AI-first approach that doesn’t just identify risks, but autonomously reasons about business impact and continuously adapts to evolving threat landscapes. This has become a must-have in today’s environment.”

At Sorenson Capital, we back ambitious teams that are creating category-defining systems of intelligence. SAFE’s technology, momentum, and execution make it one of the most compelling platforms in cybersecurity today.