CyberVoices - Cybersecurity News

Redefining Software Transparency in a Machine-Led Era

Written by Francois Guay | Jul 25, 2025 7:37:21 PM

In a world increasingly driven by software and now artificial intelligence, knowing what’s inside the code that powers our devices and decisions is no longer optional. That’s where Dmitri Raidman, CTO and co-founder of Cybeats, is making his mark.

Born out of a father’s curiosity and a security professional’s alarm, Cybeats began in 2015 after Raidman received an IoT baby monitor following the birth of his daughter. “I started poking at it,” he recalls, only to find it had an unprotected RTSP stream and default passwords. “Anyone could connect to it and watch the feed.”

That moment revealed a gaping hole in consumer IoT security and sparked a mission: build security that’s embedded, not bolted on. Originally focused on IoT security, Cybeats was forced to pivot during the COVID-19 pandemic, when Raidman says the company was “flying an airplane without engines.” But it was a calculated pivot, one that landed them at the forefront of a rapidly growing domain: Software Bills of Materials (SBOMs). 

From Food Labels to Code Labels

SBOMs are, in essence, the ingredient labels of the software world. Raidman helped shape the field by contributing to U.S. government-led efforts to define SBOMs and later persuaded his team at Cybeats to double down on the space. The timing couldn’t have been better.

In 2021, President Biden issued an executive order naming SBOMs 11 times, a rare nod from the highest level of government. Since then, SBOMs have evolved from best practice to legal mandate. The U.S. Food and Drug Administration (FDA) now requires an SBOM for any medical device seeking pre-market approval. In Europe, the upcoming Cyber Resiliency Act will require SBOMs for nearly all internet-connected products by 2027. “It’s not just a good idea anymore,” Raidman says. “It’s regulation.” Cybeats seized the opportunity by making SBOMs human-readable, turning machine-generated documents of tens of thousands of lines into something decision-makers can visualize and act on. That innovation gave the company a competitive edge as SBOM adoption accelerated across critical industries.

The Next Frontier: SBOMs for AI

But Raidman isn’t stopping at software. His new focus is squarely on AI SBOMs, applying the same principles of transparency and traceability to artificial intelligence models. In traditional software, every line of code is human-authored and auditable. In contrast, AI models operate in a black box, trained on massive datasets whose origins and integrity are often unknown. “If there's a poisoned dataset, it’s the equivalent of a software supply chain attack,” Raidman warns. And with the rise of agentic AI systems that can autonomously interact with APIs, databases, even financial accounts, the stakes are even higher.

Dmitry, alongside Helen Oakley, is helping lead a working group under CISA (Cybersecurity and Infrastructure Security Agency) to define the framework for AI SBOMs. The group is focused on documenting not only model creators and data sources, but also critical attributes like energy consumption and inference behavior. A foundational document is expected soon.

While the U.S. and EU are pushing aggressively on policy, Raidman says Canada risks falling behind. “There’s strong awareness here, but the regulation is lagging. Most Canadian firms are complying with U.S. or European standards, not Canadian ones.”

Hard Truths for Canadian Cyber Startups

Raidman has advice for entrepreneurs trying to build in today’s tighter funding climate.

“Validate your idea. Speak to hundreds of people. Get them to pay, or at least commit—to using it,” he says. But validation alone isn’t enough. Canadian investors and accelerators increasingly expect working prototypes and even early revenues before opening their wallets. His philosophy: show immediate value. “If your solution doesn’t prove its worth in five minutes, it’s too complicated. Even if it only solves 10% of the problem, show that clearly and fast.” And don’t over-engineer it. “Avoid heavy integrations. If it takes weeks to get started, you’ll struggle to scale.”

A Canadian Force in a Global Market

Dmitry Raidman’s story is proof that global leadership can emerge from Canadian innovation, even if it takes navigating a few regulatory gaps. His journey from baby monitor vulnerability to global SBOM authority is a timely reminder that transparency, in both software and AI, is not just technical, it’s a business and societal imperative. In a future where machines make more decisions than humans, knowing what’s inside the black box might be the most important innovation of all.

Dmitry is the CTO and co-founder of Cybeats.