Sharon Isaaci spent decades in military intelligence before crossing into the private sector, first as an executive at Signia, Israel’s leading incident response company, and now as co-founder and CEO of Tonic Security. The through-line connecting all of it is a problem he kept watching play out the same way: organizations getting breached not because attackers were unusually sophisticated, but because a known vulnerability had been sitting in a queue, detected but never fixed.
Tonic Security is his attempt to solve that at scale using AI. The company was founded in April 2024, the day after October 7th, as it turned out. The conversation with IsraelTech at Google for Startups Tel Aviv covers what the company is building, where the problem comes from, and what it actually takes to make security teams more effective rather than just better informed.
The Root Cause Nobody Talks About
When Isaaci and his team ran forensic investigations at Signia following enterprise breaches, the same pattern kept appearing. The vulnerability that was exploited had already been detected. It was sitting in a backlog somewhere, assigned a score, flagged as important, and never remediated.
This is the problem Tonic Security is built around. The average enterprise today has dozens of security scanning tools, each operating independently, each emitting findings. Across all of them, a typical organization is looking at millions of alerts. The security team’s job is to figure out which of those actually matter.
The answer, most of the time, is very few. Isaaci puts the proportion of genuine, actionable findings at roughly one to two percent of the total. Over 90 percent are noise: false positives, low-risk findings misclassified as critical, vulnerabilities on assets that are not exposed or not critical. But without a way to make that determination automatically and at scale, security teams spend the majority of their time triaging alerts that should never have reached them.
The consequence is that the genuinely critical exposures, the ones that will cause a breach if unaddressed, get lost in the queue. Most industry studies place exploitation of known vulnerabilities as the top one or two causes of breaches. Fix the prioritization problem and you eliminate most of the breaches.
What Tonic Security Actually Does
Tonic Security is an AI-native exposure management platform. It takes the fragmented output from an organization’s existing security tools and applies context-driven analysis to determine what actually poses real risk.
The key word is context. A vulnerability scanner will flag a finding and assign it a technical severity score. What it cannot tell you automatically is whether the affected asset is business-critical, whether it is reachable by an attacker, whether it is protected by compensating controls, whether it is in a geography or environment subject to specific compliance requirements, or who owns it. All of those factors change whether the finding needs to be addressed today, next quarter, or not at all.
Tonic Security automates that contextualization, pulling together information about the asset from across the organization’s environment to produce a prioritized, manageable list of findings that genuinely warrant attention. From there, agentic AI accelerates the remediation process itself.
The productivity case is significant. Security professionals trained to handle complex threats are currently spending most of their time on repetitive triage work that could be automated. Tonic Security’s goal is to reclaim that time and redirect it toward higher-order work.
The Responsibility Without Authority Problem
One detail Isaaci raises that is rarely discussed is the structural mismatch at the core of enterprise security operations. Security teams are responsible for reducing risk, but in most organizations they do not directly control the assets where vulnerabilities are found. The actual fixing is done by IT infrastructure teams, developers, and operations teams who own those assets.
Security identifies the problem. Someone else has to fix it. Getting that coordination right, at speed, across teams with different priorities and different technical vocabularies, is where a lot of remediation programs fall apart. Isaaci draws the parallel to a military principle he applied throughout his career: wherever responsibility and authority are not aligned, problems follow.
Tonic Security addresses this by facilitating the coordination between security teams and the people who actually do the fixing, providing the shared context and workflow that makes the handoff faster and less prone to the friction that typically slows remediation down.
From Military Intelligence to Startup Founder
Isaaci’s career trajectory is unusual even by Israeli tech standards. He served in elite military intelligence units before becoming Chief Intelligence Officer and CISO of the IDF Home Front Command, one of the four regional commands of the Israeli military. The Home Front Command is responsible for emergency response across all of Israeli civilian life: wars, terror attacks, cyber incidents, natural disasters. All of it falls under its mandate.
After retiring from the military he joined Signia as an executive, overseeing enterprise security and incident response for Fortune 500 clients. His co-founder David Rosovsky was his partner on Signia’s executive team, responsible for the enterprise security department, including remediation and offensive security work such as red teaming and ethical hacking. The third co-founder and CTO, Greg, came from Unit 8200’s R&D department, where he was responsible for AI, data, and cloud security.
The founding moment happened when Isaaci and Rosovsky recognized that generative AI finally gave them the tool to solve a problem they had been watching compound for years. The attack surface keeps expanding. The number of findings keeps growing. The teams responsible for dealing with them are not growing at the same pace. Gen AI was the why now.
On Building and What Drives It
Isaaci grew up internationally, landed in Japan in the early 1980s when the Walkman came out, spent time as a teenage DJ at weddings and Bar Mitzvahs in Israel, and later played guitar in a rock band. He is also an amateur carpenter. He describes being fundamentally motivated by creating things, whether that is a product, a business, a piece of furniture, or a song.
His advice to younger founders is pointed: only do it if you feel you have to. Not because it looks good, not because your friends are doing it, not because you think it is a shortcut to wealth. If it is not a genuine necessity, the resilience required to survive the difficult periods will not be there when you need it. If it is, that necessity itself provides half the resilience.
About Sharon Isaaci and Tonic Security
Sharon Isaaci is the co-founder and CEO of Tonic Security, an AI-native exposure management platform that helps security teams cut through alert noise, prioritize genuine risks, and accelerate remediation. He previously served as Chief Intelligence Officer and CISO of the IDF Home Front Command, and as an executive at Signia, Israel’s leading incident response company. Tonic Security was founded in April 2024 and is based in Tel Aviv.
