“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness,” - Charles Dickens' 1859 novel A Tale of Two Cities
The engineering and security world is in an unprecedented time. Never have we had it so good yet so much uncertainty with a lack of knowing what’s next. We have tools that have made any (software) dream come true through simple prompts. Teams are going from ideas to POCs in minutes vs weeks previously. We’ve removed code creation as the limiting factor for new platforms and products.
But with all change comes side effects and unintended consequences. The security community has long tried to create tools and processes to secure deterministic systems with mixed results and developer push back. Now we’re trying to secure non-deterministic systems making decisions and executing actions at a scale never seen before. We hear from teams that even shifting left into pipelines is too slow and too late. Security must become part of the creation of the code like never before. The maker-checker paradigm of writing code and security checking is falling to the speed of creation.
For security teams, this means two things:
They now have the ability to shape their own ecosystem of platforms and tools; they can create what they used to have to buy. They can utilize agent teams to act as an extra pair of hands to perform reviews, create documents, and triage alerts even before they have had their coffee. Security teams are now teams of teams of agents and models doing more work than ever before.
At the same time, security teams must reason about all the new tooling and ways of working that are being developed. They must understand and quickly define the security models for these tools in order to have some guardrails. They have to meet the demand from the business to move even faster and ensure they’re not being beaten by their competitors by not adopting AI tooling. Security teams are being asked to do more with more but at much higher speed than ever.
Security teams are now not only securing their apps, their network, their cloud, their SaaS apps, and a myriad of other things but now must also secure AI infrastructure and agents!
This is already having an impact on people’s work life.
“What looks like higher productivity in the short run can mask silent workload creep and growing cognitive strain as employees juggle multiple AI-enabled workflows.”
The Harvard finding is a warning that the security community should take seriously. Productivity gains that quietly redistribute burden don't scale; they burn out the people we can least afford to lose.
The path forward isn't simply adopting AI tools and absorbing the consequences. It's being intentional. Defining where agents augment your team versus where they add invisible overhead. Setting security models for AI before the business has already moved past you. And remembering that speed without sustainability isn't a strategy.
Security has always been a discipline of thinking several moves ahead. The teams that approach this moment with the same mindset, not reactive, not paralyzed, but deliberate, are the ones who will shape how the industry navigates what comes next.
Stay in the loop.
Subscribe for the latest in AI, Security, Cloud, and more—straight to your inbox.
