Innovator Spotlight: Airrived – Cyber Defense Magazine

Airrived: Turning AI Lego Blocks Into A Security Operating System

If you have spent the last few years being pitched “AI copilots” for every corner of your security stack, you could be forgiven for rolling your eyes when you hear about yet another AI company in cyber. That is exactly the kind of fatigue Anurag Gurtu understands, and it is exactly the space his company, Airrived, is trying to rewire from the ground up.

Gurtu is the cofounder and CEO of Airrived, and he has been living in the AI trenches long before it became the marketing buzzword of choice.

“We have been in the AI space, but I personally have been in this space for over 13 years,” he explains early in our conversation. “My journey moved into classical ML back in 2013… our company was acquired by Splunk… 2017 I moved from classical ML towards natural language processing NLP.”

Since then he has built and exited multiple AI companies, including one focused on conversational systems for customer and IT support that was acquired by Automation Anywhere, and another building “virtual analysts” for security operations teams long before “AI SOC” became the hype term of the year. Along the way he noticed a problem that every CISO, security architect, and SOC leader will recognize.

Modern AI is incredibly powerful. It is also incredibly inaccessible for the people who actually own risk: business and security leaders who do not have an army of PhD level data scientists on staff.

Airrived is his answer to that gap.

Anurag Gurtu, CEO, Airrived

From Copilots To An Operating System For Agentic Security

If you listen to how Gurtu talks about Airrived, it becomes clear he is not interested in building yet another chatbot on top of ChatGPT or Claude.

“Right now, we’re not talking about things like where you would connect to ChatGPT or Gemini or Claude and type in a question and ask a question. That’s very basic, that’s already democratized,” he says. “We are talking about very advanced capabilities.”

By “advanced,” he means the kind of work that would normally require experienced AI engineers: fine tuning models, building multi step reasoning agents, and operationalizing them against messy, high stakes security workflows.

He frames it in practical terms, using his interviewer, Pete, as a stand in for any business user.

“What if we can let, let’s say Pete, fine tune a language model… If I ask Pete to do it today, it might be very difficult, right? He will not know what to do, how to do it. But what if we gave a platform to him and showed him that all you have to do is two or three clicks and it’s done, and you can solve a very complex problem and completely adapt [a] language model to your knowledge and then solve that problem?”

Then he takes it further.

“Or if we tell Pete, right, Pete, how about we give you the power where you can create deep reasoning agents that will be able to think exactly how you think and operate exactly how you operate. All you have to do is give an objective, click a few things, and then you have another variant of Pete ready to go.”

This is the core of Airrived. It is not a point product. It is what Gurtu repeatedly calls an operating system for “agent tech,” his term for agentic AI that can reason, act, and automate within governed enterprise environments.

The analogy he likes is VMware.

“Think of it like going back in time to 2004 when VMware introduced VMware ESXi, their operating system to democratize use of CPUs to the fullest potential. It’s the same thing that we are doing.”

Where ESXi abstracted and orchestrated compute, Airrived wants to abstract and orchestrate agents: powerful, policy aware AI workers that can be deployed across security, IT, and eventually other business functions.

And like VMware back then, Airrived does not want to be just another app sitting on the stack. It wants to be the layer you run your AI powered apps on.

AetherClaw, Agent Tech, And The First Hyperscaler Powered By Airrived

Airrived has already started rolling out concrete capabilities under this “agent tech” banner.

“Two weeks ago at RSA, we announced AetherClaw,” Gurtu says. He describes it as “a capability very similar to OpenAI” where “you could give very complex objectives to an agent tech system, and it will reason on that objective, figure out how to solve that objective and then perform it end to end.”

The punchline is not that AetherClaw can reason. A lot of vendors will happily tell you that. What Gurtu emphasizes is that Airrived built this stack from the ground up with security controls baked in.

“The fundamental difference was that we built this technology ground up. But while we were building this technology, we incorporated governance, compliance and auditability built into the system so that you cannot compromise this reasoning system. You can fully get full auditability and traceability, and it’s governed.”

For CISOs, that language matters. “Agentic” AI that can touch critical systems without a compliance story is a career limiting move. Airrived is very consciously trying to build in the controls that let you say yes to advanced automation without throwing your governance framework in the trash.

But the bigger announcement is yet to come.

“Very soon we are about to announce our agent tech operating system that’s going to power the first hyperscaler data center,” he says. There are “about 4000 data centers in the world, which are becoming sovereign clouds,” and every country wants its own.

The challenge those data centers face is familiar to anyone who has gone shopping for GPUs lately. You can buy hardware. Turning that hardware into consumable AI capacity for enterprises, without expecting each customer to hire their own AI team, is a different problem.

Airrived wants to be that abstraction layer.

“The question is, how we can make access of these GPUs in a really easy way for any customer to be able to use it, without hiring any AI talent.”

That agent tech operating system, he says, is already live.

“It’s out there now, yes, we have very large customers in production, [the] largest insurance company in United States for supplemental health, the fifth largest fast casual restaurant, [the] fifth largest telecom infrastructure provider in the world… Some of the top tier banks… one of the very large data center provider, the hyperscaler, is now using our platform.”

Airrived is not playing in a lab. It is already operating in large, regulated environments across North America, the Middle East, and Africa.

A Marketplace Of Apps, Built In 30 To 40 Seconds

So what does this look like for a CISO or security team that wants to use it?

Gurtu describes Airrived as having a marketplace of pre existing apps, structured much like an app store.

“Think of it like an Apple App Store, and customer can go into that app store and then based on their persona.”

If you are a security operations persona, you find apps that help with triaging and enriching alerts, drafting reports, or running threat hunting exercises. If you are in threat intel, you find apps that handle kill chain analysis, consume threat reports, and push preventive controls. Identity teams can review roles and permissions, understand associated risks, and automatically recommend revocation or remediation. Third party risk teams can profile suppliers and highlight inherited risk and real time mitigations.

Then there is the IT side. Gurtu rattles off apps for firewall management and auditing, certificate management, and resource planning.

So far this could still sound like “yet another AI marketplace.” The twist is what happens when those apps are not enough.

“The beauty of a platform is that the customer can create apps in 30 to 40 seconds through our platform,” he says. “And when I say create apps, I don’t mean they are creating chat interfaces. The full fledged product gets generated on the fly.”

He compares it to Lovable, a system that can generate full user interfaces in real time, except Airrived is doing it in service of agentic, governed security and IT apps.

“Our product has a capability of like a Lovable that generates full fledged UIs on the fly in about 30 to 40 seconds without a user writing any prompts.”

That “without writing prompts” piece is important. Airrived is not expecting your SOC analysts or identity team to become prompt engineers. It is trying to let them describe problems, break them down, and assemble solutions visually.

Gurtu leans into analogies here. One of his favorites is Ikea.

“A lot of companies, they would go with point product strategy. We decided to build that underlying infrastructure through which you can generate point products. Think of it like we became the supplier to an Ikea, and Ikea started creating different SKUs by saying, okay, here are some nails, here are some blocks, and then this is the furniture that you can create.”

Airrived is the supplier, building the “nails” and “two by fours” of AI components. Your teams, or your partners, become Ikea, assembling those into the exact furniture your environment needs.

Then he switches metaphors again, this time to Lego and 3D printers, to explain how problems get decomposed and solved.

“If you have any problem that you would want to solve, and you can see that AI technology can help you solve it, break that problem into small pieces like Legos. Break that problem to small Legos. And then our technology comes because we have 3D printers, and then you explain that problem, and one specific 3D printer will come in front of you and it will create that Lego block. Then another different type of 3D printer will come to you and create a different type of Lego block, and so on.”

Once you have those blocks, Airrived lets you assemble them “within seconds” into a production app.

For CISOs used to 9 to 12 month deployment cycles and brittle point solutions, the idea of a platform where your own teams can build outcomes in under a minute, without a single line of code, is both attractive and slightly suspicious. That is where Airrived leans on its production references and its focus on business practitioners rather than developers.

Competing With Agent Categories, Not Just Vendors

In security, everyone claims to be unique. Gurtu is at least honest that Airrived has competitors, but he frames competition more as categories than specific logos.

“We do compete with categories of products. So for example, if a customer has a pain point regarding SecOps, then agent tech SecOps, agent tech SOC will be the category that we will compete against. If customers have problem with vulnerability and exposure management, then the agent tech vulnerability and exposure management technology we will compete with… same thing with agent tech identity governance.”

In other words, if you are evaluating a SecOps solution, Airrived is going to be considered against other SecOps tools. Where things get interesting is when you zoom out from use case to platform.

“The real competition is who are the platforms that help create agent tech apps and agents,” he says. “When we look at that specific core, then there are companies like, for example, LangChain… these are now AI first companies. These are not cyber security companies. These are like real AI first companies, which is how we are.”

He name checks LangChain and “Lang” and “TruEra” style platforms, and makes it clear that Airrived is much closer to that world than to traditional cyber vendors. The critical difference, he argues, is who the platform is for.

“These companies are focused on developers. We are focused on business practitioners, because we don’t expect them to write code. We expect them to explain what the problem is and point and click and have an app ready to go in 30 to 40 seconds.”

He also claims that the type of agents Airrived can generate is more sophisticated, and that Airrived uniquely offers built in capabilities like language model fine tuning without forcing you to touch low level ML knobs.

The vision is ambitious: an ESXi like operating system for agentic AI, sitting underneath a portfolio of apps that span SecOps, vuln management, identity, IT operations, and eventually HR, finance, and beyond. You choose the apps you need, or you build your own, but everything shares a common intelligence, reasoning, and governance layer.

Why CISOs Should Care

If you boil it down, Airrived is betting on a future where:

• AI agents are first class citizens in the security and IT stack, not just bolt on copilots.
• Those agents are designed, operated, and governed by the same people accountable for risk, not hidden in a developer sandbox.
• Creating and evolving those agents is as easy as assembling Lego blocks, not commissioning a multi year software project.

It is worth being candid. Every year, security leaders are promised “no code,” “AI powered,” and “platform, not product.” Most of those promises eventually look suspiciously like the point solutions they were supposed to replace.

Airrived stands out in a few ways that might make it worth a closer look:

1. The company has real lineage in both AI and security, with prior exits and deep exposure to SOC, SecOps, and enterprise IT realities.
2. The platform is already in production with large insurers, banks, telecoms, restaurants, and a hyperscale data center provider, across multiple regions.
3. The design center is explicitly the business practitioner, not the developer, with an emphasis on speed to outcome and tight guardrails around governance, compliance, and auditability.

For CISOs, that combination might be the difference between yet another “AI pilot” and a genuine operating layer for the next decade of security operations.

Call To Action For CISOs

If you are a CISO or senior security leader, here are practical next steps to evaluate what Airrived is doing:

1. Identify one or two high friction workflows in your environment where AI agents could realistically help today. Think triage and enrichment in the SOC, identity and access reviews, or supplier risk profiling.
2. Engage with Airrived to see how quickly those workflows can be modeled using their “Lego blocks” approach, and how much your practitioners, not your developers, can do on their own.
3. Probe the governance story. Ask to see how audit trails, controls, and policies are enforced when agents touch production systems, and how that aligns with your regulatory environment.
4. Talk to reference customers in your industry segment. If an insurer, bank, or telecom with similar constraints is already running Airrived in production, their lessons learned will be more valuable than any roadmap slide.

The question is not whether you will adopt agentic AI in your security stack. That train has left the station. The real question is whether you will have an operating system that lets you harness it safely and at scale, or whether you will be stitching together another generation of one off tools.

Airrived is betting that the future looks a lot more like VMware than a drawer full of SaaS point products. If they are right, the companies that move early and define their own Lego sets will be the ones setting the standard for AI enabled security operations in the decade ahead.

Author’s Note

The author sat down with Anurag Gurtu, cofounder and CEO of Airrived, at the 2026 RSAC Conference in San Francisco, held March 23rd to 25th, 2026, to discuss how Airrived is rethinking agentic AI for security and IT leaders.

For more information, please visit www.airrived.ai.

 About the Author

is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.

Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Sales Engineer, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, Virtual/Fractional CISO, and CISO.

Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.

He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.