Defense Wins Championships: The Second Mover Opportunity in AI
The first wave of AI Apps minted shiny stars. The next wave will be won by the teams building the defensive infrastructure that makes it all sustainable.
Growing up on the East Coast, “Spring season” was almost synonymous with lacrosse. And while the combination of a cute skort and a wicked check certainly had its appeal, it’s the lessons of the field that have stuck with me 15 years on. The most important one? Championships aren’t won by the flashiest attackers alone; they’re won by the teams who can defend. And right now, as the AI app landscape matures around us, I can’t think of a better time to be playing defense.
Like the opening breakaway in an early season game, the first wave of AI applications was nothing short of electric. Legal, codegen, design … just to name a few. Each category proved to be a thirsty market, flush with early adopters eager for new capabilities, whether driven by a genuine love of technology’s unbounded potential or the more pressing reality that their jobs, squarely measured in productivity and throughput, depended on it. Phenomenal businesses were built and funded in this first wave. And in many of these categories (though certainly not all) the next-gen winners have since been crowned, fortified with rampant user love and bank accounts overflowing with venture capital.
So where is an AI Apps investor to look next?
The opportunity set isn’t as obvious as it was 12 months ago. Claimed markets have narrowed. The labs themselves are accelerating at a pace that seems to take down entire waves of startups (or at least shave off a few billion in public market caps) with each new model rumor or release. And yet, I remain deeply optimistic. Because while the offense has had its moment in the sun, the next great chapter of AI Apps won’t be written by those building the shiny new attack tools. It will be written by the defenders — the second movers who emerge precisely because the first wave was so successful.
Who are these defenders?
Defenders emerge to counterbalance the explosion of AI applications around them. For every powerful new offensive capability unlocked by AI, there is a corresponding vulnerability, seam in the system, new attack vector, or ballooning cost that creates an equally large (and often more durable) market opportunity on the other side. The defenders are the ones who step up to meet it — and in doing so, they may well build some of the most defensible businesses of the entire AI era. If history is any guide, they’re the ones who will shape what comes next.
Across industries, the pattern is already emerging — and the markets are enormous.
Consider Healthcare.
The proliferation of AI across provider groups and health systems has made it easier than ever to bill for every CPT code and to submit and resubmit and resubmit a claim with machine precision. The result? The same volume of appointments paired with materially higher billing volume. For providers, this new normal presents like a dream. But for payers, it’s a P0 problem. With medical costs relentlessly rising, insurers are being backed into a corner with few good options except to fight back with the same tools that put them there in the first place.
Enter AI-powered payment integrity, or the process of ensuring that healthcare payments are accurate, appropriate, and compliant with contracts, regulations, and medical policies. Payment integrity has always been a brutally complex problem — one that requires cross-referencing clinical documentation, coding guidelines, contractual terms, and claims history across a ballooning number of transactions simultaneously while necessitating heavy human oversight to function end-to-end. However, the step change in reasoning models and the emergence of longer-running agents capable of navigating multi-step, logic-dense workflows is changing that in a meaningful way. What was once a people-heavy, error-prone process — ie: one that simply couldn’t be automated at any meaningful level of accuracy — is quickly becoming one of the most compelling AI opportunities in all of healthcare.
Or Compliance.
Today, compliance remains one of the last truly manual functions in the modern enterprise, and one that is quietly becoming untenable. The same AI capabilities arming bad actors with sophisticated new tools for fraud, manipulation, market abuse, and data exploitation are making it nearly impossible to hire enough law school-educated compliance officers to keep pace. These roles demand expensive, highly trained talent to perform what is, frankly, rote and repetitive review work — work that AI agents can do faster, more consistently, and around the clock.
The same transformation that moved development work toward AI-assisted execution with human oversight at the margins is coming for compliance. And where human-led compliance could only ever be reactive, the best AI-native tools will screen continuously, keeping pace with an enterprise landscape increasingly flooded with AI-generated content and autonomous agent activity that no team of compliance officers could monitor alone. These next-gen systems can go even further to identify attack vectors before they’re exploited and adapt dynamically as the threat landscape evolves. Thus, the firms building this always-on compliance layer for regulated industries aren’t just filling a gap; they’re replacing an entire operating model that was never built to scale.
Or Cybersecurity.
AI hasn’t just changed the economics of software development. It’s fundamentally altered the threat landscape. Automated vulnerability discovery, AI-generated phishing at scale, deepfake-enabled social engineering, and autonomous exploit generation are no longer science fiction. They’re in the wild. And yet the security stack at most enterprises was largely designed for a pre-agentic world. As AI agents proliferate inside organizations, accessing data, executing workflows, communicating externally, the attack surface expands in ways that legacy tools simply weren’t built to monitor or contain. The next generation of cybersecurity companies, built from the ground up for an agentic threat environment, represent one of the most pressing and best-funded investment opportunities of the next decade.
…and these three examples are only the start. Across every industry where AI is creating new offensive capabilities, a corresponding defensive opportunity is likely just taking shape — most still waiting for the right team to come claim them.
On the field, the offense gets an outsized share of the glory. They’re fast, they’re fun to watch, and they generate the kind of highlight-reel moments that bring the crowd to its feet. But anyone who has played the game long enough knows it’s just as much on the defense to determine the outcome.
Like the leading scorer of your favorite team, the builders and backers who shaped the first wave of AI apps are undoubtedly brilliant. But as the AI era matures and the downstream consequences of that first wave come into full view, a new class of category-defining companies is stepping onto the field. My money is on the defenders to control the next quarter. And I can’t wait to back the teams who answer the call.
Building in this space? Find me on LinkedIn or subscribe for more on how AI is reprogramming reality.