Jiri Fiala on the break in the chain: when data becomes exposed

Jiri believes sensitive data should not have to be exposed in plain text in order to be useful. For Jiri, the issue is not just another breach, another failed vendor, or another compliance gap. It is architectural.

After years of trying to protect his own data, he came to an uncomfortable conclusion. Most modern systems still expose sensitive information at the moment it needs to be processed. Data may be encrypted at rest and in transit, but when a system needs to read, verify, approve, analyze, or act on that data, it is decrypted.

That moment may be brief. Sometimes it lasts only fractions of a second. But for automated attacks and AI-enabled tools, that is enough.

“The pipeline is secure,” Jiri says. “Getting information from point A to point B is not usually the problem. The issue is the moment the information needs to be used. That is when it becomes exposed, and that is the window of opportunity.”

In Jiri’s view, the cybersecurity industry has spent decades improving the tools around the same basic assumption: at some point, data must be revealed so a system can do something with it. “They put a nice bow on it and change the interface every so often,” he says, “but underneath, the bones are still the same.”

JIri’s work challenges that assumption. He combines cryptographic approaches to reduce or remove the need for plaintext exposure inside a workflow. The goal is not simply to protect the pipe, but to change what happens when data is used.

For security teams, that means fewer exposed points, fewer systems that need to see sensitive information, fewer sensitive logs, and fewer opportunities for an attacker, insider, or automated tool to exploit the moment of exposure.

“Data can be encrypted in motion and at rest,” Jiri says, “but if it has to be decrypted to be useful, then it is still vulnerable. That fraction of a second is the problem. That is all you need.”

The rise of AI makes this more urgent. Human attackers are limited by time, latency, and manual effort. Automated systems are not.

“People can’t think that quickly,” Jiri says. “Humans can write the code, but the attack itself does not move at human speed.”

That is why Jiri believes the industry needs to stop treating plaintext exposure as a necessary inconvenience. In his view, it is a structural point of failure. That issue is becoming more important as quantum computing, data sovereignty, and cross-border data control move from abstract concerns into operational realities. Organizations are being asked to prove not only where their data is storedbut also who can access it, when it becomes visible, and under what legal or technical conditions.

For Jiri, the digital world was built on assumptions about trusted environments, trusted vendors, trusted administrators, and trusted intermediaries. That model no longer holds.

The new baseline, he argues, has to be verification without unnecessary exposure. That refusal to accept inherited limits shapes both his company and his personal approach. Jiri traces part of that mindset to a lifetime spent in martial arts and freestyle mogul skiing.

“It gives you a level of discipline,” he says. “Even when other people stop, you keep going. In competition, you expect to get hurt. You tape it up and continue.”

That persistence has been central to his career path.

“I just kept pushing,” he says. “We were too stubborn to stop.”

Jiri speaks publicly because he wants people to question assumptions that have become too comfortable. His motivation is not simply to promote a product, but to spark a conversation about why modern systems still depend on exposing sensitive data to function.