
The rise of AI coding assistants has handed engineering teams the ability to write software at unprecedented speed, spinning up autonomous agents that act on behalf of their creators. These agents inherit the same access privileges held by the humans who build them, pulling the chief information security officer into territory that did not exist two years ago. Speaking at the Span Cyber Security Arena conference, Hrvoje Englman, CISO at Span, said the shift is fundamentally changing what defenders worry about most.
Span’s workforce includes a substantial number of developers alongside an even larger group of engineers. The engineers, once focused on hardware or infrastructure, are now using AI-assisted coding to build applications and personal agents that automate parts of their own jobs. Each new agent inherits the identity of its creator, and those identities are typically over-provisioned. Least privilege remains an aspiration that is hard to enforce in production environments, especially when temporary agents are spun up for short tasks and then discarded, leaving access trails that are rarely cleaned up.
The Bus-Factor Problem Multiplies
The risk extends well beyond access control. When a single engineer automates a business process using five interacting agents and then leaves for another job, the organization inherits an undocumented system that nobody understands. Englman called this an inversion of the traditional bus-factor problem. Previously, a key person leaving created a knowledge gap because their undocumented processes were lost. Now the agents they built keep running, and the company has no record of what they do or why. This creates a hidden operational debt that can grow silently until an incident reveals the fragility of the automated setup.
Organizations that embrace agentic AI without rigorous lifecycle management risk creating shadow IT at a scale that makes previous shadow IT problems look trivial. Each agent is a potential entry point for attackers, and because agents often communicate with each other through APIs, a compromise of a single low-privilege agent can cascade across multiple systems. The lack of observability into agent behavior further complicates threat detection. Traditional security tools focus on human user activity, not on machine-to-machine interactions operating under human identities.
Defender’s Leverage Is Real, with Limits
AI has produced concrete gains in defensive work. Englman pointed to log analysis as one area where the value is immediate. Feeding hundreds of megabytes of log files into an AI tool and asking it to surface anomalies or pivot on an IP address compresses work that previously took analysts hours. Policy drafting is another use case. Generating a first draft from internal context can cut a three-day task to a single day, and the time savings compound across a workforce that handles dozens of policies annually.
He drew a sharper line on the vendor pitch for autonomous AI-driven security operations centers. The idea of defensive AI battling offensive AI in real-time, with no humans in the loop, does not match what is achievable now. Log ingestion remains the hardest part of running a SOC, and detection engineering still depends on people who can explain why an alert fired. “You get an alert, but your analyst doesn’t understand the alert,” Englman said, describing the failure mode he sees in teams that lean too heavily on automated tooling. “And you have two million alerts, and then what?” Autonomous isolation of systems remains out of reach because the current generation of AI does not understand the business process behind a given service. Decisions about when to shut down a critical service get escalated to senior leadership during real incidents, and that judgment stays with humans.
He also pushed back on the industry framing of breaches. Most of the largest incidents trace back to phishing and credential theft. Vendors selling AI-powered SOCs as a defense against nation-state actors are addressing a smaller part of the problem than their marketing suggests. The real threat, Englman argued, remains the human error that leads to credential compromise. Overhyping AI defense capabilities can lead organizations to underinvest in basic hygiene such as multi-factor authentication, conditional access policies, and user awareness training.
The Threat Model for a Services Provider
Span sells IT services to enterprise clients, which doubles its exposure. The company is a target in its own right and a target for attackers seeking access to its customers. A typical end-user organization can absorb a breach and recover. For Span, the response itself becomes the product on display. Englman said the company has to be able to demonstrate that controls were in place, that the failure was contained, and that the incident was handled with the same discipline it offers customers. Reputation is what gets sold, and negligence would end the business.
This dual exposure forces Span to maintain a security posture that is both effective and transparent. Every control, every incident response playbook, and every post-mortem must be documented to a standard that would satisfy a rigorous customer audit. For service providers, security is not just an operational requirement—it is a core differentiator in a competitive market. The ability to showcase a mature security program can win contracts, while a single high-profile breach can lose them overnight.
Skills Shortage, Restated
The widely discussed cybersecurity talent gap, in Englman’s view, is misframed. Entry-level applicants are abundant. Senior practitioners with five or more years of operational depth are scarce, and that gap cannot be closed quickly through training programs. The Span Cyber Security Center has trained more than 3,000 people, and Englman said the pipeline matters precisely because the industry’s push toward automated tooling threatens to eliminate the junior roles where future experts get built. If organizations replace junior SOC analysts with AI tools, they will have no one left to train into senior roles. The result will be an even more acute shortage of the very professionals who can understand complex threats and design resilient systems.
His measure for a SOC analyst centers on whether they can explain what the alert means and how the conditions that triggered it came about. Without that understanding, an analyst rolling a fifty-fifty guess on relevance is no better than a model doing the same. Security operations need people who can think critically about context, business impact, and attacker motivation—skills that are hard to automate because they require a holistic understanding of the organization.
Englman also emphasized that the talent gap is not only about hiring but about retention. The best security professionals want to work where they feel their skills are valued and where they have opportunities to grow. Over-reliance on automation can alienate analysts who see their roles reduced to “alert triage machines,” leading to burnout and turnover. A balanced approach that leverages AI for efficiency while preserving meaningful human work is essential to building a sustainable security team.
The Wisdom He Has Discarded
Asked which piece of conventional security wisdom he has stopped believing, Englman named the framing of humans as the weakest link in the chain. He called it lazy and a form of blame culture. The responsibility, he said, sits with the CISO to build systems where a user clicking a malicious link does not bring the environment down. Brittle defenses that depend on perfect human behavior are a design failure. Modern security architecture must assume that humans will make mistakes and build in layers of defense that contain the damage. User education remains important, but it is not a substitute for robust technical controls such as network segmentation, endpoint detection and response, and zero-trust principles.
This shift in mindset has practical implications for how security teams allocate budget and attention. Instead of spending heavily on phishing simulations that may only marginally improve user behavior, organizations should invest in preventing credential theft from being exploitable. For example, implementing just-in-time privileged access, requiring phishing-resistant multi-factor authentication, and deploying automated threat response that can isolate compromised endpoints without human intervention can significantly reduce the risk posed by human error.
Englman also acknowledged that his own understanding of risk has evolved with the rapid adoption of AI. Two years ago, the primary concern for most CISOs was ransomware and business email compromise. Today, the emergence of agentic AI forces them to consider entirely new attack surfaces, including prompt injection, model poisoning, and the abuse of agent-to-agent communication channels. The CISO role is expanding beyond traditional IT security into areas that blend data science, software engineering, and governance.
Source:Help Net Security News
