Jonathan Jaffe, CISO at Lemonade, argues that AI narrows the window of exploitability, not widens it. Yes, AI writes more vulnerable code. But that code gets reviewed, pen-tested, and patched faster than any human pipeline. The fear narrative ignores that every vendor in the stack is also shipping AI-powered defenses simultaneously.
At Lemonade, every security person is an engineer. They built their own AI platform with specialized agents: one reads threat intel, another checks whether a vulnerable method is actually called in production. Jaffe's framing is blunt: automation is the only viable response to the scale and speed of modern attacks.
The hardest unsolved problem is agent identity and governance. On a single endpoint, you could be running 200 to 10,000 agents, and current IAM systems are not built for that complexity. Jaffe's full conversation with Tomasz Tunguz gets specific on what policy control actually looks like at that scale, and why the security professionals who survive this shift are the ones who learned to build.
[READ ORIGINAL →]