At the 2025 Battery Kick-Off (BKO) in San Francisco, more than a hundred CROs and revenue leaders came together to tackle the most pressing questions facing go-to-market organizations today.

As Battery Operating Partner (and former two-time CRO) Bill Binch reminded the room: “You were hired for the playbook that worked last time, but if you don’t adjust it, you’ll lose credibility fast.”

Here are six takeaways shaping the new, AI-powered CRO playbook, as shared by revenue leaders who’ve built and scaled iconic, industry-leading teams.

1.  AI moves from product feature to sales force multiplier

AI isn’t just transforming what companies sell, it’s reshaping how revenue teams operate.

Leaders are embedding AI into daily workflows to free up time and amplify selling capacity.

At OpenAI, Head of Revenue Ashley Kramer’s team has no sales development reps at all. Instead, an internal workflow agent – nicknamed Taylor – qualifies inbound leads, parses intent and even closes deals. Sellers prepare for high-stakes conversations by role-playing with a simulation agent, while Kramer herself relies on ChatGPT as a “chief of staff” surfacing account history, sentiment and competitive intel before meetings.

Gong* CRO Shane Evans shared that conversational intelligence tools now give each rep back nearly a full workday per week. Instead of losing hours to CRM updates, call notes and forecasts, reps are redirecting that time to higher-impact selling.

Across the board, AI isn’t an experiment or add-on. It’s becoming the backbone of revenue operations.

2.  The “quota question” in the AI era

Quotas have always been the north star of sales teams. But AI is reshaping what they mean, how they’re set and how they’re achieved.

At OpenAI, traditional quota-setting has been scrapped entirely. Targets can expand by billions from one quarter to the next with no corresponding jump in headcount. There’s no variable compensation plan because adoption is too volatile to anchor incentives. As Kramer put it: “I probably have 5x the target with one-fifth the team.”

CRO’s are looking to bend the traditional $1M quota per sales rep into more using AI. Boards are responding by pushing for AI-first strategies anchored to measurable conversion outcomes, not just tool adoption.

3.  Why AI can automate selling, but not trust

For all its sophistication, AI isn’t replacing the human factor in enterprise selling.

Kramer noted that Taylor can close smaller contracts, but multimillion-dollar deals still demand her personal involvement. For those, Ashley personally gets involved and shares her direct cell number. “That kind of trust is not going away,” she says.

It’s a pattern across companies. At Vercel, AI bots qualify inbound leads, but a human still oversees edge cases. At Gong, forecasting tools flag risks, but Evans steps in to coach strategy directly.

Just as system administrators thrived when they embraced the cloud, sellers who embrace AI will thrive, too. But in complex deals, trust, negotiation and empathy remain distinctly human.

4.  Hire for technical curiosity

The sales org chart is being rewritten. SDR-heavy models are fading, while new roles like GTM engineers, RevOps specialists and forward-deployed engineers are on the rise.

At Vercel, sales engineers were redeployed into a dedicated GTM engineering team. Unlike traditional SEs, these hires were former developers who could both sell and code — building internal tools that rewire the sales motion itself. One of their first projects was an inbound qualification bot, built in just six weeks and costing under $1,000 a month to run. The bot improved lead-to-opportunity conversion while freeing SDRs to focus on higher-value outbound work.

Forward-deployed engineers, meanwhile, are being embedded directly with customers in highly regulated industries, where deep domain knowledge is required to fine-tune AI models before scaling.

Michelle Benfer, former CRO at BILL and HubSpot, stressed that intellectual curiosity and coachability now outweigh tenure as predictors of sales success. Dennis Lyandres, former CRO at Procore, added that in leaner, AI-powered orgs, high performers shine while average performers are quickly exposed.

The new hiring bar? Technical curiosity and adaptability over resume pedigree.

5.  Design for change, not static playbooks

Traditional selling frameworks like MEDDICC — which asks reps to qualify deals based on metrics, economic buyer, decision criteria & decision process, ID pain, champion, and competition — or stage-based forecasting, are losing relevance in AI-powered GTM, where sales motions are dynamic, data-driven, and continuously adapted in real time.

At New Relic, usage data is combined with CRM records to highlight patterns invisible to traditional forecasts. These signals shape how reps prioritize accounts, how managers coach and how leadership directs strategy.

Gong is taking a similar approach to forecasting. Instead of relying on rep-entered deal stages, systems now assign stages automatically and prescribe next steps. The question shifts from “What stage is this deal in?” to “What is the system predicting what this customer will do next?”

6.  The evolving role of the CRO

Perhaps the most profound shift is in the role of the CRO itself. Today’s revenue leaders are part sales chief, part product thinker and part analyst.

Vercel COO Jeanne DeWitt Grosser observed that the best GTM orgs are equal parts revenue generating and R&D. Rather than receiving fully packaged motions, CROs are handed raw product capabilities and must quickly test where they resonate with customers, identify what’s missing, and adapt accordingly. In her words, that means spending “half my job being a product manager”.

Lyandres emphasized that learning velocity is the CRO’s most critical skill. With customer behaviors and AI capabilities evolving rapidly, leaders must set the tone by experimenting, adapting and discarding what doesn’t work.

Where GTM goes from here

The new CRO playbook isn’t humans versus AI, but humans amplified by AI. The leaders who embrace this balance will not only future-proof their own roles; they’ll build revenue teams capable of thriving in the most transformative GTM era yet.

The post The New CRO Playbook: Leading Revenue Teams in the Age of AI appeared first on Battery Ventures.

Enterprise endpoints today run much more than traditional executables. Developers and employees also are running AI coding agents, IDE plugins, open-source packages, browser extensions and even downloaded AI/ML models on these devices or within the browser. On top of that, developers are relying on AI agents and AI models to decide which libraries or packages they should use for a particular feature, refactor or migration. Each component can execute code and access data, yet they often slip past traditional endpoint defenses, creating dangerous security vulnerabilities.

This creates a double-edged sword: Productivity soars as teams self-provision tools, but security teams are left with a vast, unmonitored sprawl of code artifacts and app extensions. Attackers have noticed, and malicious extensions and corrupted packages are now a fast-growing vector for compromise. The attack surface has shifted from operating systems to the software layer. Gartner predicts that by the end of 2025, nearly half of organizations will experience software supply-chain attacks.

Why legacy tools are insufficient

Antivirus, EDR and app-control platforms were built for an earlier era. They excel at catching malware in binaries, but they struggle with non-executable artifacts like VS Code extensions or browser plugins. In practice, these tools lack visibility into what happens inside trusted apps, leaving a blind spot for attackers to exploit. Application allow-listing isn’t practical in this fast-moving environment, where developers, and now AI agents, install thousands of new components each month.

As AI development accelerates and software provisioning decentralizes, these blind spots only widen. Enterprises need security that moves earlier–governing software before it executes, not after.

Koi’s approach: Agentless endpoint artifacts security and governance

Koi* addresses this problem with an agentless platform for endpoint artifacts security and governance. The company’s product continuously discovers every software artifact, including executables and non-executables alike, across endpoints inside an organization. It then applies real-time risk scoring and enforces policies to block unsafe components before they cause harm.

Koi’s proprietary risk engine evaluates each artifact across multiple dimensions: publisher reputation, code behavior, version history, sandbox results and communication patterns. Its continually updated database, the Koidex, tracks extensions, packages,and models across dozens of marketplaces, surfacing threats that traditional tools miss.

The founding team first uncovered this gap by uploading a proof-of-concept VS Code extension, “Darcula Official,” which exfiltrated code and system details. Within a week, it spread into hundreds of organizations, including some of the most sophisticated security shops, undetected. This experiment validated the risk and inspired the creation of Koi’s broader platform.

Policies in Koi can be defined to automatically block high-risk installs, auto-approving safe tools or quarantining gray areas for review.

The super powers of the Koi platform

Koi stands out through:

• Coverage of non-executables: From browser extensions to AI models, Koi, in our view, protects what legacy EDRs cannot, solving a security gap across enterprise developers, employees, and AI Agents alike.
• Continuous, AI-driven analysis: Its risk engine adapts in real time as software versions change.
• Policy-based governance: Granular allow/block/remediate rules give security teams control without slowing developers.
• Low-friction deployment: No heavy agents; enterprises can roll out protection in hours.

In effect, Koi provides real-time supply chain security at the endpoint, bridging the gap between UEM, App Control, and EDR.

From JFrog* to Koi: A New Layer of Artifact Governance

At Battery, we’ve seen this play out before. More than a decade ago, we invested in JFrog, which pioneered the centralized artifact registry for DevOps teams. JFrog codified how organizations store, manage and distribute software components, solving chaos in the CI/CD pipeline.

We see Koi as the next logical step in this process: artifact governance at the endpoint. If JFrog was about managing artifacts centrally, Koi is about enforcing governance on the artifacts that ultimately land on employee machines extensions, packages and AI models. This bridges a gap legacy endpoint tools ignore, ensuring every artifact is monitored, risk-scored, and governed in real time, directly where it executes.

By positioning itself between UEM, EDR, and app control, Koi is not replacing these categories but complementing them, acting as a real-time, supply-chain firewall for the endpoint.

The team behind Koi

Founders Amit Assaraf (CEO), Idan Dardikman (CTO) and Itay Kruk (CPO) each bring a rare combination of deep cybersecurity, devtools and research pedigree. Prior to starting Koi, the three collectively spent decades in offensive security research and building developer-focused software. In fact, Koi’s genesis came directly from the team’s research experience: It took the team only 30 minutes to craft a malicious browser extension that bypassed top-tier enterprise defenses and compromised several billion-dollar companies. This eye-opening demonstration of marketplace risk–and  the realization that organizations had “shockingly little control” over such self-installed software–is is what sparked the idea for Koi. The founders then leveraged their expertise to architect a solution that could operate at the scale of modern enterprise IT. Their backgrounds include work in elite military cybersecurity units and leading security roles in industry, as well as firsthand understanding of developer workflows. This cross-domain experience has been crucial in designing a product that resonates equally with CISOs and developers. We’ve also been impressed with how Koi’s leadership has recruited talent around them: The company’s research arm regularly publishes findings on novel threats (demonstrating thought leadership in the space), and its engineering team comes with strong enterprise SaaS credentials. All of this gives us confidence that Koi not only has a great idea, but the team to execute on it.

Why we’re excited to partner with Koi

At Battery, we’ve long believed DevSecOps and modern software delivery are reshaping enterprise security. Each transition in the development lifecycle, from cloud to containers to CI/CD, has required new guardrails. The rise of AI-driven development is no different.

Koi embodies this next frontier. By governing the software ecosystem on endpoints, Koi enables organizations to embrace developer autonomy and AI-powered workflows without sacrificing security. We believe Koi is positioned to define a new category of endpoint protection, and we’re thrilled to partner with the team as they scale.

Want to make your regain control over every extension, MCP server or artifact in your workstation? Give it a try: https://www.koi.security/

The post Redefining Endpoint Security in the AI Era: Why We Invested in Koi appeared first on Battery Ventures.

But this proliferation of non-human identities (NHI) presents a looming cybersecurity challenge for enterprises: Each of these virtual identities needs access privileges and credentials, yet managing and securing those credentials at scale has outgrown the capabilities of legacy tools. It’s against this backdrop that Battery Ventures is excited to announce our new investment alongside YL Ventures in Hush Security*, a company helping to pioneer a secretless approach to identity and access management for cloud workloads.

The Identity Challenge in Cloud-Native, AI-Driven Environments

By “secretless”, I mean an approach that doesn’t require systems to permanently retain sensitive machine identities aka credentials. It’s important because modern organizations are grappling with a dangerous identity sprawl unprecedented in scale. As businesses embrace microservices architectures, serverless functions, and machine learning pipelines, the number of machine-to-machine interactions is skyrocketing. There are now 82 machine identities for every human within organizations, according to CyberArk’s 2025 Identity Security Landscape report. Yet most enterprises remain unprepared, leaving these machines dangerously privileged and ungoverned.

Every new SaaS integration, every Kubernetes deployment and every AI service account introduces a new non-human identity that must be authenticated and authorized. Traditional Identity and Access Management (IAM) solutions, originally designed for humans logging into apps, are ill-equipped to handle this volume and velocity of machine identities. Likewise, software engineering teams have relied on credential vaults and secret management tools (like HashiCorp Vault, Cyberark Conjure or cloud secret management solutions) to store API keys, certificates and passwords. But simply storing secrets isn’t enough when the sheer volume of credentials is doubling faster than teams can manage. Unmanaged credentials can sprawl across code, config files and CI/CD pipelines, creating a fertile ground for security breaches.

The consequences of this gap are already apparent. Stolen and leaked credentials remain a leading cause of security incidents, and compliance standards are beginning to reflect the urgency of better machine identity controls (for example, PCI-DSS 4.0 explicitly heightens requirements around identity and secrets management). In short, today’s cloud and AI-centric environments demand a new approach to identity and access – one that treats machines and applications as first-class identities and secures them proactively. Current tools that merely scan for hard-coded secrets or require manual secret rotation can’t keep up with the dynamic, ephemeral nature of modern infrastructure.

The call to action is clear, and several startups have begun answering that call by providing visibility into how these identities are being used across cloud and on-premise environments. Visibility alone, however, is only the first step.

Hush Security’s Secretless Access Platform:

Hush Security offers a fundamentally new approach: a platform that makes machine identities secretless. In simpler terms, Hush enables applications and services to authenticate and communicate without embedding long-lived secrets in code or configuration files. It does this through an agent and agentless deployment. Hush’s sensor runs with minimal overhead while watching relevant system calls and network requests in real time. This vantage point provides continuous discovery of when and where applications are attempting to access resources. When an app needs to connect to a database or API, Hush can just-in-time inject a short-lived secret (credential) for that session, then revoke it, rather than relying on a developer having stored a password or key somewhere in advance. The result is powerful: Even if an attacker somehow intercepts a credential, it’s ephemeral and likely useless moments later.

This secret-injection approach is paired with real-time policy enforcement and inspection. Hush’s sensor not only injects credentials on the fly, but it can also verify at runtime that the access is legitimate and conforms to security policies – essentially performing an adaptive access control check in the moment. This gives security teams granular control to allow or block actions based on context (for instance, blocking an unusual access attempt even if the correct credentials were presented). Importantly, all of this happens inline, which means Hush isn’t just observing and alerting; it’s capable of active mitigation, closing the loop from detection to response.

Few solutions today provide this level of integrated visibility and control at the workload level. Traditional secret vaults keep credentials safe at rest but don’t govern their usage, and pure monitoring tools might flag anomalies after the fact. In addition, vaults are not aware of where secrets are used, by whom, and if a large number of secrets never make it into secret stores due to huge backlogs of tasks on the engineering team. From my own experience leading large engineering groups, I saw firsthand the high coordination costs of secret and certificate lifecycle management (“it’s about to expire!” / “it leaked!” / “it’s audit time!”). Hush’s innovation is to combine visibility, analysis and remediation in one platform, reducing both security risk and the operational burden and cost of legacy secret vaults.

Backing a Team Built for This Mission

At Battery, we strive to invest in both big ideas and the people capable of executing them. In Hush, we see both. The founding team behind Hush Security has a remarkable history of collaboration and success in the startup world. CEO Micha Rave, CTO Shmulik Ladkani, VP of R&D Alon Horowitz and CCO Chen Nisknorn all previously worked together as co-founders or key leaders of Meta Networks, an Israeli cloud security startup that was acquired by Proofpoint in 2019. At Meta Networks, they tackled the challenge of zero-trust network access (ZTNA) by building a cloud-native network security platform. So, this is a team deeply familiar with the intricacies of enterprise security software. Their years of experience building secure networking products (including integrating with enterprise IT environments and scaling a security business globally) give us confidence about the path ahead for this new venture.

The team’s passion for solving the machine identity problem is palpable. They’ve lived the pain points of managing secrets and service identities in previous roles, and we believe they bring the perfect mix of domain expertise and pragmatism to attack this problem.

In Hush, we see a company charting a new course for how machines authenticate and communicate—one that could redefine best practices for cloud security. We couldn’t be more excited to partner with this talented team on the journey to make secretless, adaptive access a reality for every forward-looking organization. Just as the last decade saw a revolution in human identity management (SSO, MFA, and zero-trust for users), we believe the next decade will see a revolution in machine identity management, and Hush is poised to be at the forefront of that movement.

Want to make your workloads secretless? Give it a try: https://www.hush.security/

The post The Best Way to Keep a Secret in the Cloud Is Not to Have a Secret at All: The Birth of “Secretless” Cloud Workloads appeared first on Battery Ventures.

And now, we are thrilled to introduce our investment in one of those legal AI applications we consider potentially transformative: Bench IQ*.

Bench IQ’s founders blend both a deep technical and legal DNA: CEO Jimoh Ovbiagele and CTO Max Isakov previously pioneered one of the first legal AI tools at ROSS Intelligence, while CCO Jeff Gettleman spent two decades litigating bankruptcies as a partner at Kirkland & Ellis. Jeff was looking for a leg up in court that would allow him to tailor his argument and strategies specifically to how a judge thinks – a task he knew would be prohibitively time-consuming and costly without the help of AI. Coupled with Jimoh’s and Max’s experience at ROSS Intelligence, the three set out to challenge the status quo for preparation, strategy, and confidence in the courtroom.

The need is clear. Selective legal publication rules result in the majority of judicial opinions going unpublished across the Court of Appeals and U.S. District Courts. As a result, lawyers don’t have access to the judicial reasoning and background that can be extremely informative to them as they try future cases before the same judges. Bench IQ replaces hunches and memory recall with hard intelligence and tailored insights.

Already, four of the top five Am Law 200 firms rely on Bench IQ when the stakes are highest, because understanding how a judge tends to rule can tilt an argument from persuasive to winning. It’s not just about shaving hours off research; it’s about showing litigators possibilities they haven’t had before.

We’re excited to be co-leading Bench IQ’s $5.3M seed financing round alongside Inovia Capital to arm litigators with the kind of intelligence that could decide lawsuits worth billions of dollars.

The post Judicial Intelligence for High-Stakes Litigation: Why We’re Backing Bench IQ appeared first on Battery Ventures.