Authors: Elena Vrabie and Adriana Spulber

"Hype doesn't necessarily bring retention." Razvan Costache’s quiet but sharp observation lands differently when it comes from someone who has spent over a decade inside one of the world's leading cybersecurity companies, watching wave after wave of technology promises crash against the reality of enterprise adoption. So this leaves us with the question: Is the race to build and deploy agentic systems accelerating faster than most organizations can responsibly absorb?

The numbers back him up: according to a 2025 MIT NANDA report, 95% of companies report no measurable ROI from their generative AI investments despite collectively spending tens of billions. At the same time, IDC research found that over 80% of AI proofs of concept never reach production. 

Razvan Costache has been exploring the intersection of AI and cybersecurity for over 14 years, first in product marketing, then as Director of Innovation B2C at Bitdefender. The cybersecurity company aims to leverage AI and agentic systems to protect consumers from emerging threats such as online scams and deepfakes, while experimenting with internal innovation programs that shorten the journey from idea to a market-ready product. He also serves as an Advisory Board Member at the Global Anti-Scam Alliance (GASA), contributing to international efforts to protect consumers from fraud.

In this interview, Razvan discusses how cross-functional experience shaped a grounded approach to AI innovation, from internal AI tools to agentic products like Scamio, while emphasizing responsible deployment with privacy, security, and human oversight baked in.

Underline Ventures: You've been with Bitdefender for over 14 years, but you were once a journalist. How has that outsider perspective, rooted in storytelling and user experience, shaped your drive to innovate in a deeply technical company? 

Razvan Costache: My experience is pretty particular. I started at Bitdefender in product marketing, then switched to digital transformation, and ultimately to product management and innovation. I worked on both sides. This helped a lot in shaping innovation and adoption because it's easier for me and my team to put ourselves in the position of any stakeholder within Bitdefender.

When I was working in product marketing, I was closer to the customers, but more involved in the commercial side, guided by financial objectives. Most of the time, I wanted to shape the products to match what I had seen in the market. When I switched to doing product, I had all those questions I wanted someone to answer, but I was answering those questions myself.

Storytelling helped a lot in product marketing, and product marketing helped to understand how we should position the products, not only internally, making sure we are really answering the needs while matching the company's objectives. That's one of the big differences working in a well-established company versus a startup: you always have to stay grounded in overall objectives and always keep an eye on the financial targets.

UV: AI dominates the current innovation narrative, but cybersecurity has been using it for years. From early machine learning to today’s agentic systems, what were the major shifts in how you applied AI to products and adoption inside the company?

RC: We've been using AI in cybersecurity products since around 2008, so this new wave of generative AI was not necessarily a big surprise. We keep a dedicated team of researchers just for machine learning and AI - people not necessarily involved in day-to-day activities - with the full funnel from research to product. They do a lot of theoretical research, and only then does that get applied to R&D and then to products in the market.

Bitdefender has a long history of using AI. We started with the heavy stuff - neural networks and machine learning, especially for threat detection. We are always happy when new technology becomes available. We started early to look into large language models, agents, and agentic ecosystems, because we are suspicious by nature. 

We know that AI isn't used just by security companies or people trying to do good. Malicious actors have access to the same resources. There are a lot of people who don't work in a company and instead choose to open-source their research, and this means everybody can use it. So it was a natural flow, bringing more AI into our products.

The biggest advantage of generative models is making a better experience for users, a more comfortable one. Traditionally, cybersecurity is not a sexy business; it's very hard to sell, like life insurance. So this helped us position ourselves and explain better what's happening. At the same time, it's easier for us to see what the potential risks are, because it's all public now. The explosion of startups and open sourcing around AI brings a lot of clarity and helps us understand how it can be used for good or for bad.

UV: Bitdefender has long used adversarial approaches to improve detection. How do you simulate real attackers today, and what role does AI play in that process?

RC: We have a lot of teams that continuously engage in these kinds of activities, not just internally, but also in competitions and exercises organized by law enforcement. This is one way to keep training systems, generating creative ideas. We participate in competitions organized by Interpol and NATO, where we try to stop live attacks. There are a lot of cases where Bitdefender and other cybersecurity companies have helped bring down networks of hackers. 

UV: Reports show that over 80% of AI pilots fail to reach production, often due to adoption resistance and high costs, especially for big companies, and a lack of clear ROI. What has been your experience with AI implementation for internal use within the organization?

RC: The most difficult thing for my team and me, who also develop applied AI projects, mostly internal ones, to simplify workflows and improve time to market, was to differentiate between ChatGPT and actual applied AI solutions that can help with day-to-day work. ChatGPT was such a popular solution, and they positioned themselves as something that can do everything, so it was very hard to get people outside the ChatGPT paradigm.

Once I came up with clear solutions to their specific problems and positioned it as a tool, not a replacement, we got better adoption and good feedback. The applied AI direction at Bitdefender is growing at a fast pace, even if media and news outlets like to sell the scary stories first, like "AI will replace us all", which makes people anxious.

So by positioning AI as a tool that, if you learn to control and use it for your work, will bring huge improvements to your quality of life, your work-life balance, and your ability to reach your objectives within a company.

UV: How do you navigate the tension between reassuring people that AI is a tool and not a threat, while also acknowledging the very real pressure to upskill and adapt faster than ever before?

RC: You don't need to learn faster than AI. The objective now is to stay grounded, because there is a new AI solution every day. So finding those use cases that can actually be applied to internal processes, and reducing adoption resistance, is what is going to help.

I'm always keeping up with what's happening, but I don't try to pass that anxiety along. We are working on concepts even when something new comes up, and then based on discoveries, we just adapt. I work a lot with our marketing intelligence team, and some of the stuff we've been working on can be obsolete in a couple of months, but we prove the concept and then adapt.

With startups and what I'm seeing in the market, they shift a lot. There are a lot of startups that are wrappers for other solutions, and many that are trying to solve problems too fast. Moving faster doesn't apply in every case, and you have to think about the adoption process within a company.

For example, for support, we were looking at plenty of AI solutions, like chatbots. I was reviewing around ten providers because we didn’t have the capacity to do it internally at that time, and I think half of them were just rushed, built on hype, not necessarily understanding how a tool like that gets adopted and used at scale within a company. And not just in cybersecurity, where we probably have ten additional compliance, legal, and privacy layers, even in a regular company, the people signing that contract are not enthusiasts.

I would personally buy a subscription to any new product and just test it, but I cannot do that here, and I understand why: not everything has security baked in, and not everybody sees the value of that. So I think the successful solutions that aim to sell to big companies actually understood how the adoption process works, and didn't rely just on the hype. I'm not even using ChatGPT anymore. I'm using Claude because it's more focused and helps me a lot. Hype doesn't necessarily bring retention.

UV: With cybersecurity awareness growing across all generations, are we reaching a turning point where it finally becomes more mainstream and better understood by the general public?

RC: Everybody understands the risks, but not everybody understands the restrictions that cybersecurity brings. For a lot of years, cybersecurity meant restrictions: you had to install something on your laptop, and sometimes, in the beginning, that would have a resource impact. 

Then we fixed that. But people didn't really understand why they had to pay for this, why they had to listen to it, and why it affects their day-to-day activities: ”Why am I being blocked from doing this or that?” So this is one of the many scenarios where we use AI to make it easier for people to understand why we have to intervene, and why they have this solution.

UV: How does your approach to AI products differ when building defensive products like Scamio, versus using agents internally for R&D or operations, and what insights from that balance would you share with the next generation of builders?

RC: Scamio is agentic, and agentic doesn't necessarily mean autonomous agents posting by themselves on forums. Agentic actually means agent-to-agent communication, an agent with tools that help it. Scamio is a collection of models that specialize in different kinds of scams, with a conversational layer on top that makes it a better experience for the user. 

When you chat with Scamio, behind the conversational layer, there's a team of models specialized in scams, some focused on links or emails. We use the conversational layer to understand the customer's problem, summarize it in a language that the models can ingest, and only then return an answer, transforming it back into human language for the user.

The reason we built it this way is that not everything relies on detecting something. Traditionally, security has to detect an infected file, email, or link. But most of the time, people are not aware of what's happening. With Scamio, you can send a screenshot of your phone and ask what's happening, and it will extract the exact information it needs to match it to scam patterns. Or you can just describe it, like "I got an SMS saying I won the lottery", and that information gets matched to all the scam templates in our models and everything we've learned about scams up to that point. When we identify that someone might be a victim of a scam, we can ask follow-up questions: ”Did you actually play the lottery?”, or if it's a delivery scam, ”Are you actually expecting a package?”

This helps because people don't stop and think when they are part of a scam, and if they did, most of the time they would see it as a scam. Most scams are not that good, but they rely on emotion and good timing. So Scamio is agentic and will continue to be developed as agentic, but it's not autonomous. I don't think we are there yet with the technology to put autonomous agents in front of customers, and especially, my user base doesn't need that yet.

For example, the applied AI team has been working for the last year on agents that monitor various market signals to alert us when there is a problem with the product, even before we are aware of a particular bug. We monitor all the chatter around app stores, social media, forums, and everything. We have specialized agents to understand market sentiment and spot problems before they reach a huge number of users. These are automated; we just get the reports. And these agents can work in teams: a research agent can work with a product export agent, adding a possible solution to a reported issue. We are exploring all of these possibilities.

In R&D, things are even more advanced, trying not to rely 100% on human security analysts, not because they aren't good, they are the best, but the volume of malware, scams, and everything cybersecurity-related is so big. So in R&D, we are leveraging this at a much bigger scale, trying to understand and correlate how each type of attack looks.

As for internal processes, we are getting there. At first, I was saying, "Hey guys, I made something. Who wants to test it?" Now, after one year, I get "Hey Razvan, we want an agent too, here's our scenario, here's the problem we're trying to solve." We started by solving real problems, for example, automating the process of going through uninstall surveys, understanding the problems, creating reports, and calculating NPS (Net Promoter Score).

To sum it up: for R&D, the agentic part has no pushback. But autonomous decision-making agents are not the solution for everything. We will get there, but we are not there at this moment. Claude is a very good experiment that we have been observing from the start and learning a lot from, but human-in-the-loop is still a necessity at this moment.

UV: We ask everybody in this agentic series for their take on what "agentic" actually means. We've had people come up with long lists of criteria, and if it misses one, it no longer qualifies. Others said three characteristics are enough. There's also this contradictory debate around autonomy: for some, being autonomous is a core criterion, while others push back and say you can have a human in the loop and still be agentic. So what is "agentic" in your opinion?

RC: I think it's a team of agents being orchestrated. A project manager, a spokesperson, if you want, because you can have MCP (Model Context Protocol) servers and agents related to anything. They can bring information, they can solve tasks, but you always have to have someone interpreting that and communicating it, whether to a chatbot talking to the user, or a whole system bringing that answer to where it's needed.

We are working now with a team of agents that analyzes new product ideas. You have an orchestrator that collects the input from the user, me, and then decides who can pitch in and solve the problem. You have a product management specialized agent trying to solve the problem, and at the same time, you can have a synthetic consumer agent that acts like your buyer persona and tries to see if they would actually use that product. Together, they talk and answer. But ”Gregory”, our synthetic consumer, thinks it's too hard to install. This is just a basic example, but in big agentic systems, there are plenty of scenarios where you can use agents and control interfaces, among other things. 

OpenClaw has provided a good glimpse into the future of agentic usage for consumers. The principle is the same: you have one agent that has access to tools giving it access to your computer, your accounts, and your emails. It takes that information, compiles it, and gives it meaning for you to understand. But of course, it can do all that without asking you.

If you want to talk about risks and why, at this moment, I don't think they should be unsupervised: having them make decisions based on just instructions is risky, because OpenClaw, without Claude, ChatGPT, Mistral, or whatever model is being used, without the underlying model, it's nothing. Those models have a particular set of training embedded into how they respond to every query, which you cannot control as a user. That's why I keep this in mind when working with autonomous agents: at this moment, if you are using someone else's models, especially in the cloud, you are relying on the training they did on that model, the biases, and everything else.

UV: This is the hot debate now: how much should we rely on these systems? As agentic AI becomes more accessible, the risks are going to grow. What is your strategy for staying ahead in this AI landscape?

RC: I think we manage to stand out as a company by splitting research and innovation into two tracks. One track focuses on the current state of threats and delivering value now, not just putting something to market and hoping for the best, but bringing innovation and growth to existing solutions that are being used today. The second track is more research-focused, looking at what we think the threats will be in the future. There, you can have more experiments to understand the effect of new models.

For example, we don't think a system like OpenClaw is going to be consumer-ready for mass adoption soon. But at the same time, we were keeping an eye on it, and when it blew up, and we saw the community starting to create tools and skills for OpenClaw - not just the creator offering tools, but people creating and publishing their own skills - we saw trouble coming. 

We were able to shift pretty fast and come up with a solution in a couple of days. We met on Tuesday, and on Thursday, we launched the Bitdefender Skill Checker for OpenClaw. Our teams were ready because they always kept part of the research focused on future threats and trends. We saw that there were skills literally exfiltrating information from OpenClaw, which basically has full access to your whole digital life. That's why I love Bitdefender, and I'm so fortunate to work in innovation: I know I'm going to find people who have the knowledge to actually do something about a threat.

OpenClaw might be a fad; we don't know, but while working on a solution to scan skills for agentic systems, that was a very good learning experience. We are not going to make money from it; it's actually free, and we can't scale it right now because there's no market for it. But the learning that came from it was all valuable. 

Innovation is not just about people in labs and offices; if you have something good, share it with the world. It helps the brand, attracts talent, engages customers, and has benefits all over the place.

UV: What are you passionate about right now? Is there something that your team knows you're particularly obsessed with?

RC: Right now, I'm the agent guy. I've tried to push the usage of AI within internal processes. Sometimes I think I was a bit boring, and sometimes I stressed everybody to actually try new solutions to improve whatever we can internally.

And if someone doesn't have time to listen to me, I just make a video - everybody has time to watch a five-minute video, we don't have to stay in a meeting. I can present the deck, make a video with an avatar talking about what I'm trying to present, and then we just meet for feedback. We can be so much faster.

For innovation ideas that are not particularly part of the current portfolio or strategy, we also work like a startup. We pitch it, explain it, and bring all the data needed to validate the initial hypothesis without actually having a PoC first. Then we go to a PoC, bring in the researchers, and take it to market. Using AI has dramatically shortened the journey from idea to validation and building the product.

UV: You mentioned earlier that agentic AI is not quite there yet, especially in cybersecurity, where you still need that human in the loop, and where explainability remains an issue: where has the agent gotten its data, and how has it made its decisions? When do you think we are going to get there, and what signs are you waiting for?

RC: We're going to get there soon, because the big challenge is what the agent has access to. Going back to Scamio, for example, it never makes assumptions. It only relies on the threat intelligence that Bitdefender provides. An agentic system that is allowed to make decisions, and by decisions, I mean something like sending a message to the user that they're in danger, those agents will just have to think about how to address that user, because the quality of the data shaping that decision is so good that we are relaxed about it.

At this moment, the challenge is getting clean data so that you are not worried when agents make a decision. Because if the data is good, the instructions are clear, and you don't rely on the creativity that's inherently embedded into AI models, then it's going to be easier. And of course, cost: AI is pretty expensive at this moment.

It's hard for me to make a prediction, because if we talk again in a week, things are going to be different. But I think no more than a year to have surface-based agentic interactions with customers: everything related to detection engines, threat engines, and so on that we already have. 

AI for threat detection is not new, and agentic interactions around the heavy stuff are already there. But actually having autonomous agents deliver messages and make decisions that could impact the user's digital life, like blocking a page, that still needs a bit of work, but no more than a year, or even sooner.

UV: Do you think the tech ecosystem is prepared for what will come from building with agents and building agents, security-wise, given that we are still in the adolescence of AI?

RC: I don't think so at this moment, because everybody is looking at the shiny part. It's good to be excited, but this is what I was talking about: being grounded and understanding what an experiment is and what the real value you can bring now. The risks of automating different operations within your company with agents are not completely well-known or documented, especially from a security perspective. And I think most people don't care right now, they just want to ship more, and fast.

At some point, people are going to ask. You'll get to someone in a company to ask: " Is this safe? Is this private? Is this legal? So I don't think people are ready. I wouldn't say be blocked by these possible risks, but be aware of them, don't just focus on delivering fast, because at the end of the day, the successful startups are those 20% that get to ship to market. And people are always going to ask about safety at some point.

Internally, there are probably 20% of tools I want to test, and I discuss them with legal and privacy first. We decide together whether to proceed, because there's no proof that many of these tools have taken privacy and security into consideration, and you can see this in the contracts they send. Even an AI paralegal would flag those contracts, because a lot is missing from the privacy part. And by relying on OpenAI, Anthropic, Google, or whoever, you bring all of their issues into your own product.

UV: Things are moving so fast that we can't even ask people the classic "where do you see yourself in two or three years" question anymore. But we’re going to give it a try: where do you see yourself and your work in the next six months?

RC: If you look two or three years ahead and base your answer on what we see today, I think cybersecurity is going to be completely contextualized. Every aspect of your digital life is going to be easier, and cybersecurity will be much less intrusive. Prevention is going to surpass hard detections.

I'm saying this because we are seeing a drop in traditional malware, ransomware, for example, and a huge growth in scams. Scams are social engineering, and social engineering cannot be blocked. But you can intervene while it's happening and help users.

So I think in two or three years, but probably sooner, cybersecurity is going to be able to stop much more before it actually happens, and have an impact on the user's digital life without rude interruptions.

Don't be afraid of AI. I think it's here to stay, and things are never going back to what they were a couple of years ago. Consumption has already changed. Try to stay grounded; you don't need to change everything you do. People are afraid of being replaced or being exposed to additional risks by AI; that's the actual problem. I wouldn't say jump in headfirst, but definitely try to integrate it into your day-to-day activities, try to test it, and understand how it can be leveraged.