Build Better Security Product Strategies Using Your AI Tool

Generic AI gives generic product strategy advice. With my domain-specific frameworks and MCP server, you can use your AI agent to develop strategies, stress-test plans against practitioner criteria, and compare competitors side by side.

If you’re building a cybersecurity product, you can now use your AI agent to create, review, and refine your strategy by applying my frameworks. The guidance catches structural issues and provides informed output that generic AI doesn’t deliver. Below I show this in action by profiling this year’s RSAC Innovation Sandbox finalists.

The guidance comes from my guide to creating cybersecurity products and other product management insights I published over the years. Your AI agent applies this practitioner knowledge to what it knows about your product, stage, and market.

A Layer on Top of Generic AI

Ask a generic AI to review your strategy and you’ll get textbook advice. “Consider your target market. Evaluate pricing models.” It won’t catch that your $7,200/yr deal size contradicts your Fortune 500 sales motion, or that per-seat pricing undervalues security products when small teams protect large asset inventories.

But when you guide the AI tool with specific criteria, expectations, and templates, it will identify such contradictions. The AI tests whether your pricing, positioning, go-to-market, and trust readiness actually support each other. The guidance also helps AI agents adjust their questions to the company stage, incorporating insights from the endpoint security startup guide and SMB-specific considerations.

AI-Driven Product Analysis in Action

I used this approach to create structured profiles of the ten RSAC 2026 Innovation Sandbox finalists:

Each profile covers 8 dimensions, from problem clarity and capability depth to funding efficiency and defensibility.
The profiles separate verified facts from marketing claims and score each company on a consistent rubric.
The model identified which startups are more likely to win than others based on their market readiness.

Will this approach predict this year’s winners? Maybe not, because we lack some signals that judges will take into account. Still, it offers good insights into this year’s cohort of startups. Take a look at the assigned scores and the companies, examine the data, and decide for yourself.

The biggest value comes from interactive conversations. You create, review, and stress-test product plans while the AI applies practitioner knowledge to challenge your assumptions. Below is a simulated conversation to demo such capabilities. (You can open it in a new tab).

Codified Strategy Expertise

My MCP server provides capabilities that your AI agent can automatically invoke on your behalf:

Strategy creation from your context: Your AI receives frameworks for building a product strategy that adapts to your situation, so an early-stage startup gets different guidance than a growth-stage company. It covers market positioning, capabilities, pricing, sales motions, delivery, trust, and team planning.
Constructive feedback on strategy drafts: Your AI evaluates an existing plan against specific criteria, including pricing-positioning alignment, go-to-market readiness, trust gaps, and team expertise.
Multi-company competitive analysis: Your AI receives structured comparison frameworks with scoring rubrics for evaluating competitors, market segments, or investment cohorts side by side.
Topic-specific strategic guidance: Your AI receives focused guidance when you need depth on a single area, such as pricing models, compliance readiness, competitive moats, or platform strategy.

Your AI agent doesn’t send your documents or proprietary details to my server, and the server doesn’t log conversation contents.

How to Connect Your AI Tool

To give your AI tool access to these security product frameworks, point it at my MCP server https://website-mcp.zeltser.com/mcp. For example, run this command for Claude Code.

claude mcp add zeltser-website --transport http https://website-mcp.zeltser.com/mcp --scope user

This also works with Claude Desktop and other MCP-compatible tools. The same server provides incident response writing guidance and text search across my website’s security content.

If you prefer to build your own tooling that incorporates my security product guidance, you can also download my product insights as a YAML file, which your software can parse locally and use in a way that fits your needs.

Key Takeaways

The frameworks test whether the company’s pricing, positioning, and go-to-market actually support each other.
Competitive claims get sorted by evidence quality, so you don’t treat marketing language as verified fact.
Guidance adjusts to the company stage and draws on vertical market analysis when possible.
Your strategy data isn’t shared with my MCP server.

About the Author

Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. He has built security products and programs from early stage to enterprise scale. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.

Learn more →