How startups triage security in a world where even tech giants struggle to keep up

For startup founders, the choice between building fast and building secure carries a different weight. The cyberthreat environment is unforgiving even for the biggest tech players; in just the past few months, major breaches have hit giants like Oracle, Coinbase, and Coca-Cola, exposing millions of sensitive records. Startups face the same threats with a fraction of the resources to protect themselves, forcing a brutal calculus of survival.

Faiyam Rahman is the CEO of YC-backed startup Blaze, a global cross-border payments provider. He argues that for a startup, security isn't a feature; it's a state of constant triage.

As good as the weakest promise: The core security challenge for any startup is that a sense of foundational stability is often built on sand. "It feels like we live in a world where almost everything is hackable except for base mathematics and physics," Rahman says. The temptation is to build fast using third-party services, but that creates a dangerous dependency. "Your system is only as secure as the weakest promise made by another company, versus building on something with better fundamental math guarantees," he warns.

Drawing the line: When it comes to the most critical part of his business, customer funds, that philosophical choice becomes a hard-and-fast rule. "I have heavily advocated for having the strongest math guarantees possible on how our customer funds are held. For that aspect of the system, I haven't made any compromises."

Hacking humans: Even for startups with a solid technical foundation, the most common threat exploits the weakest link in any organization: its people. "My professor in grad school, the former chief scientist of the NSA, burned this into my head: the vast majority of successful hacks aren't complex technical feats. They are hacks through people," Rahman says. He believes AI is set to weaponize this vulnerability at an unprecedented scale. "It used to be you had a bunch of people in a warehouse calling people all day trying to scam them. Now, you can automate that. You can just have your AI people in a warehouse trying to scam hundreds of thousands of people at a time."

A 17-year fix: For founders navigating what may seem like an impossible threat landscape, the ultimate defense may lie in the bedrock of certain technologies. Rahman argues that after years of volatility, governments and societies are finally recognizing the inherent mathematical security of crypto as a foundational security layer. The US in particular is changing tune with legislation like the Genius Act moving its way through Congress. “It took 17 years from the advent of Bitcoin for society to finally catch up to the math and see that this makes sense as an evolution of money," Rahman says. "It's becoming an information product, and we're now just generating the political and cultural will to do this.”