Garrett Hamilton & Todd Graham on How AI Agents Change the Way We Think About Security

Garrett Hamilton, CEO and Co-Founder of Reach Security, sits down with Todd Graham, Managing Partner at Microsoft’s venture fund M12, to discuss why modern cybersecurity programs struggle to reduce real risk — despite massive spending on tools.

Recorded at Black Hat, the conversation explores how misconfigurations, unused controls, and operational blind spots create exposure long before attackers need advanced techniques.

Topics covered in this interview:

Why most organizations are “over-tooled but under-protected”

How misconfigurations and configuration drift quietly drive cyber risk

What Microsoft M12 looks for when investing in cybersecurity startups

Why AI in security must focus on outcomes, not dashboards

The difference between buying security tools and operationalizing them

How Reach helps organizations understand what they already own — and turn it on

Why efficiency, automation, and prioritization matter more than adding headcount

The role of Microsoft E3 vs E5 security capabilities in real-world environments

Why compliance alone does not equal security

Todd shares his perspective from decades across startups, large enterprises, Cisco, and venture capital — and explains why Reach stood out as a platform focused on security hygiene, configuration awareness, and measurable outcomes, rather than more alerts.

This conversation is essential viewing for CISOs, security leaders, IT teams, and anyone evaluating how AI and exposure management can actually reduce risk inside complex enterprise environments.