Ido Livneh, CEO and Co-Founder of Jazz – Interview Series

Ido Livneh, CEO and Co-Founder of Jazz, is a seasoned product leader and entrepreneur with a strong track record of building and scaling high impact technology platforms, including leading product at Laminar through its acquisition by Rubrik and helping drive the successful sale of Tapingo to Grubhub for $150 million; his career includes senior roles at Axonius and earlier ventures like KnuPo, and is grounded in a deep technical foundation developed during nearly a decade in the Israel Defense Forces where he advanced from engineering to leading software R&D, experience that now shapes his focus on building AI-native cybersecurity solutions.

Jazz is an AI-native cybersecurity company rethinking Data Loss Prevention by moving beyond legacy rule-based systems and introducing a context-aware platform that understands how data flows across organizations, analyzing user behavior, systems, and workflows to identify real risks instead of generating excessive alerts; by using AI to investigate incidents at their source and provide actionable insights, the platform enables lean security teams to manage complex environments and prevent sensitive data exposure across cloud applications, endpoints, and internal systems, positioning Jazz as part of a new generation of companies rebuilding enterprise security for the AI era.

You have led product at companies like Laminar through its acquisition and held leadership roles at Axonius and Grubhub, while also founding multiple startups. What specific gap or insight from those experiences pushed you to start Jazz, and why was now the right moment to reinvent Data Loss Prevention (DLP)?

I’ve spent the last decade building security products and sitting across the table from CISOs. Three VP Product roles, two exits – including Laminar, which we sold to Rubrik. And if there’s one thing I’ve learned across all of it, it’s this: absolutely no one loves their DLP.

At Laminar, we built the first innings of the DSPM category – data security posture management. Great problem, but we spent three years educating the market before inbound even started. I walked away thinking: next time, I want an old problem. A problem every board already knows about, every CISO already has budget for, and no one has actually solved.

DLP is that problem. It’s twenty years old. Every security organization knows the risk. And the solutions on the market are universally hated – not because the vendors are incompetent, but because the entire framework is wrong. We’ve been asking machines to match patterns and humans to provide context. That model was always destined to break.

The timing was obvious. AI gave us the ability to do something that was literally impossible before – build a system that understands data the way a senior analyst does, but autonomously and at scale. When we saw that, the four of us co-founders – all Unit 81 alumni – knew this was the moment to go back to first principles and rebuild DLP from scratch. And this time, make it work, and easily so.

Traditional DLP systems have long been criticized for generating excessive alerts. What fundamentally breaks in rule-based DLP, and why has the industry struggled to solve this problem?

The problem isn’t that rule-based DLP needs better rules. The problem is that rules were the wrong tool for this job from the beginning.

Here’s how it actually works. You deploy a system that understands patterns – regex, file types, keywords. You write rules. The machine matches data against those rules, and whenever there’s a match, it tells a human analyst: “Come look at this.” The analyst then has to bring in all the context – who is this person, what were they doing, why were they doing it – and make a judgment call.

That second part, the human investigation, never scales. The physics of DLP are just too noisy. Data moves constantly inside any large enterprise. A nine-digit number isn’t always a Social Security number. A file upload isn’t always exfiltration. A letter grade “A” triggers FERPA rules. An internal transfer between departments gets blocked. The system can’t tell whether a sensitive file share is vital business collaboration or your crown jewels walking out the door.

So what do companies do? They add exceptions. Every exception is a moment your tool failed to understand your business. And each one is effectively a sanctioned backdoor. Zoom out after eighteen months and what you’re running isn’t a security program – it’s a ledger of compromises dressed up in a compliance report.

About 30% of the market has a mature DLP program, and even they know it’s best effort at best – satisfying compliance frameworks and no more. We call them “the trapped.” The other 70% either never tried, or tried and failed. Previous attempts to fix this sprinkled a little AI on top of the same rule-based framework. That’s like putting a fresh coat of paint on a car with an engine everyone knows can’t really handle the load. The framework itself is what needs to change.

Jazz positions itself as delivering answers instead of alerts. Can you walk us through how your system investigates incidents and what makes it different from legacy detection workflows?

Legacy DLP gives you a fire alarm and then hands you a magnifying glass. “Something happened in that building. Good luck figuring out which floor.”

Jazz doesn’t do that. We built an autonomous investigator, her name is Melody, that does the work a human analyst would do, but at superhuman scale.

When a data transaction occurs, Melody doesn’t just flag it. She runs a full investigation across four dimensions. First, the data itself – not with regex and patterns, but deeply understanding what this data is, who owns it, what the risk of losing it actually means for this specific company. Second, the systems – where is the data coming from, where is it going, and critically, which tenant. There’s a massive difference between uploading a file to a corporate Google Drive versus a personal one, and Melody understands that distinction.

Third, the people – we learn how individuals operate, how they use data over time, what’s normal for their role. And fourth, the business process – why is this transaction happening? Is it part of a known workflow, or is it something we can’t explain?

These multiple agents come together and reconstruct the full story: what happened, why it happened, and the intent of the actor. By the time a human sees it, it’s not an alert – it’s a pre-investigated narrative with evidence, context, and a verdict. In a typical deployment, Jazz processes about 2 million signals per month for every thousand employees, investigates hundreds of thousands of potential events, and surfaces roughly 80 incidents that actually need human attention. That’s a 20,000-to-1 signal-to-noise ratio. That’s how we put an end to inactionable alerts and to alert fatigue.

Your platform analyzes context across data, systems, people, and business. How do you technically unify these dimensions, and what role do AI agents or reasoning systems play in that process?

The architecture is built around multiple specialized AI agents, each analyzing a single data transaction from a different perspective.

One agent focuses on deeply understanding the data – its content, sensitivity, ownership, and relevance to the business. Another looks at the system landscape – not just the names of the applications, but the specific tenants, the trust level, whether it’s enterprise or personal. A third builds and continuously updates profiles of how individuals operate and use data, so it can assess whether a given action is consistent with someone’s role or completely anomalous. And a fourth maps business processes – connecting data transactions to known workflows and identifying the ones that can’t be explained.

These agents then converge and synthesize their findings into a unified investigation – a complete narrative of what happened, why, and whether it’s a genuine risk.

All of this sits on top of two foundational innovations. First, what we call endpoint context vaults – a new type of signals we’ve patented specifically for DLP. These capture not just the data transaction itself but the full story around it: what happened before, what happened after, which applications were involved, the complete user activity chain. These signals are incredibly rich context, and allow us to deliver not just what happened but also why it happened, and the actor’s intent, which were always elusive for machines to understand at scale.

Second, a natural language policy engine that replaces the traditional rigid rule sets. Instead of writing technical rules with regex and thresholds, security teams describe what’s acceptable and what isn’t the way a human would – in plain language. Melody uses that to make nuanced judgment calls on situations that may not be explicitly mentioned in any policy. Because the reality of day-to-day business practices in an organization often differs massively from what’s actually written in a vanilla policy document. We bridge that gap, and to those with long standing experience with DLP programs, this feels like magic.

Many enterprises are now deploying autonomous AI agents that interact with sensitive data. How does this shift change the threat landscape, and why does it require a new approach to DLP?

This is a ticking time bomb.

The SaaS explosion was already overwhelming security teams – every week, five new tools appear in the environment, many adopted by employees without IT approval. We’ve had customers discover over 400 GenAI tools running across their organization that nobody knew about. Now layer autonomous AI agents on top of that.

AI agents don’t just passively handle data – they actively pull it, transform it, send it to other services, make decisions about where it goes. An employee connecting an AI coding assistant to a company’s codebase, using a personal account, and then pushing outputs to a personal repository – we’ve seen exactly that in the field. Or someone pasting proprietary strategy documents into a personal ChatGPT session because the company hasn’t provisioned an enterprise account. Even something as simple as a personal Grammarly plugin reviewing everything you type, including bank transfer details and customer data.

Rule-based DLP was built for a world where data moved through a few known channels – email attachments, USB drives, maybe a web upload. The AI era blew that model apart. Data now flows through dozens of vectors that legacy systems can’t even see, let alone understand. You need a system that can comprehend what’s happening contextually – not just that data moved, but why, through what, and whether the destination is sanctioned.

That’s fundamentally why the old framework can’t be patched. You need an approach that understands business context natively, because the attack surface isn’t a list of channels anymore, it’s every interaction between humans, AI tools, and sensitive data.

Explainability remains a major barrier to adopting AI in security. How do you ensure that your system’s decisions are understandable and trustworthy for security teams operating in high-stakes environments?

This is something we thought about from day one, because the last thing a CISO needs is another black box.

Every investigation Melody produces is a narrative – not a score, not a color code, not a cryptic risk number. It reads like a briefing from a senior analyst. Here’s what happened. Here’s who was involved. Here’s why we think they did it. Here’s the evidence. Here’s the policy it maps to. Here’s our assessment.

The natural language policy engine is critical to this. Because the policies themselves are written in plain language, security teams can see exactly which policy a decision maps to and why. If Melody flags something, the team can trace the reasoning chain from the raw signals through the contextual analysis to the policy match. And if they disagree, they can refine the policy in natural language – not by debugging a rule set.

We also show the evidence directly, the full activity chain. It’s not “trust the AI”, it’s “here’s what the AI saw, here’s what it concluded, and here’s the raw data so you can verify.” Our customers tell us it feels less like reviewing AI output and more like getting a briefing from a really thorough colleague.

That’s the bar. Security teams operate in environments where a wrong decision can mean regulatory consequences, legal exposure, or an employee’s career. The system has to earn trust by being transparent about how it reaches its conclusions.

Jazz describes its system as behaving more like a human investigator than a rules engine. What does that mean in practice, and how close are we to truly autonomous security operations?

When I say Melody behaves like a human investigator, I mean it literally.

A great DLP analyst doesn’t just see that a file was uploaded. They look at who uploaded it, what was in it, where it went, whether this person normally handles this type of data, whether there’s a business reason for it, and what happened before and after. They use in-context judgment – not just rules – and that requires contextual understanding of their business. That’s exactly what Melody does, but across every data transaction in an enterprise, continuously, and at scale.

In practice, our customers describe Melody as another member of their team. She shows them situations that are outside of policy, provides the full investigation with evidence, and asks for their judgment on cases that genuinely need human input. She learns the organization over time – the business processes, the exceptions, the things that are technically a violation but operationally normal.

As for truly autonomous security operations – we’re closer than most people think, but I want to be precise about what that means. Melody already operates autonomously in the investigation phase. She takes raw signals and produces fully investigated, contextualized verdicts without human involvement. For high-confidence, high-risk scenarios, she can also take prevention actions autonomously – blocking an exfiltration before it completes.

The human stays in the loop for judgment calls, and for the human-in-the-loop learning process. And that’s by design. The goal isn’t to remove humans from security, it’s to remove the tedious, repetitive work that burns them out and let them focus on the decisions that actually require human judgment. That’s where we are today, and it’s already transforming how our customers run their programs.

From a product and engineering standpoint, what were the most difficult technical challenges in building an AI-native DLP platform from scratch instead of iterating on existing architectures?

The hardest part was resisting the temptation to take shortcuts.

When you start from scratch, there’s always pressure to borrow pieces of the old architecture because they’re proven and fast, and are more aligned with existing customer expectations. But every time you do that, you inherit the limitations of the old model. We made a deliberate decision to go back to first principles – think about the basic physics of the problem and rebuild.

The endpoint agent was one of the biggest challenges. We needed to rethink the signals collection challenge and hit high enough context, and not take the tested path of legacy signals – while also maintaining low impact to system performance. Building that across all operating systems, was a serious engineering effort. We ended up with a patented approach that gives us visibility no one else has.

The multi-agent AI system was another major challenge. Getting multiple specialized AI agents to analyze the same transaction from different perspectives and then converge on a coherent, accurate narrative – that required a lot of architectural thinking. It’s not just throwing an LLM at a data feed. The orchestration layer, the way agents share context, the way they resolve conflicting signals – that’s where much of the challenge lives.

And then the natural language policy engine. Translating human-language descriptions of what’s acceptable and what isn’t into something an AI can reliably apply to thousands of edge cases – that’s a fundamentally hard problem. Day-to-day business practices often diverge significantly from written policies. The system has to bridge that gap, and it has to get it right, because the consequences of getting it wrong in DLP are serious.

We chose every one of those hard problems intentionally, because they’re the ones that make the difference between incrementally better DLP and something fundamentally new.

In each of those challenges and many more, there are still open obstacles to overcome, and quite unique problem sets for the right talent to take on. Solving DLP well is a truly thought provoking and tantalizing journey.

Jazz was selected as the winner of the 2026 Cybersecurity Startup Accelerator backed by CrowdStrike, AWS, and NVIDIA. What did that experience validate about your approach, and how has it influenced your roadmap going forward?

A thousand startups applied. Six made the finals. We won.

I’ll be honest, the moment before you walk up on that stage, your brain reminds you of everything that could go wrong. And then you start talking about the problem we’ve been working on, and it all goes quiet. Every late night arguing about how Melody should work, every hard architectural decision, every customer conversation that shaped the product, it all compressed into those minutes.

The judges, George Kurtz, CJ Moses, Bartley Richardson, and the legendary shark, Robert Herjavec, they saw it. They called out the agentic investigation model specifically, as well as our fast customer adoption. For us, the industry leaders’ validation mattered more than the trophy. These are people who’ve built and run security programs at the highest level, and they recognized that what we’re doing is fundamentally different from what’s been tried before – and that our traction speaks for itself.

In terms of the roadmap, the accelerator reinforced what our customers were already telling us – the market is ready for this, and they want us to move fast. We’re doubling down on expanding the investigator’s capabilities and getting the product in front of as many security teams as possible.

Looking ahead, do you believe DLP evolves into a fully autonomous, agent-driven system, and what does the long-term future of data security look like in an AI-native enterprise?

I believe DLP will become fully autonomous in stages. The investigation layer is already there – Melody does that today. Prevention for high-confidence scenarios is happening now. Over time, the system gets smarter about the organization, learns its workflows, understands its people, and the surface area that genuinely requires human judgment shrinks.

But I want to be clear – “autonomous” doesn’t mean “unsupervised.” It means the system handles the work that humans shouldn’t have to do, so they can focus on the decisions that actually matter. The CISO of the future isn’t drowning in alerts. They’re reviewing strategic risk assessments from an AI that understands their business as deeply as their best analyst does. They take surgical actions that are relevant for their organization, based on aggregated insights on their landscape of active data loss, and not guesses. This allows them to reduce data risk, without slowing down their business.

The bigger picture is this: in an AI-native enterprise, data is moving faster, through more channels, in more complex ways than any human team can track. The organizations that win will be the ones whose security systems can understand context at the speed of AI, not the ones still writing regex rules and hoping for the best.

Thank you for the great interview, readers who wish to learn more should visit Jazz.