How we’ll use AI in cybersecurity
For years we’ve speculated about how AI might change work: the end of jobs, universal basic income, or a future where “everyone is a prompt engineer.” In 2026, the speculation is over. What’s changing now isn’t just the speed of tasks — it’s the cycle time of entire roles and business models. That uncertainty is real, and it’s worth naming: uncertainty drives stress, and stress makes people less healthy, less creative, and less effective.
But there’s a
calmer way to look at what’s happening. AI is not “the end of work.” It’s the
end of certain containers we’ve wrapped around work: job titles, workflows,
processes, and business models that used to define where value lived.
In other words:
the banks are changing. The river keeps flowing.
A functional kind of AGI is already here
We can argue
endlessly about what counts as “AGI.” Investors, researchers, and engineers use
different definitions. But there’s a practical definition that matters to
leaders: can a system take a goal, plan a multi-step approach, use tools, and
deliver outcomes on a human time horizon — minutes to hours — without being
handheld at every step?
Sequoia’s Pat
Grady and Sonya Huang described this shift with a simple scenario: a founder
asks an agent to find a developer relations lead, and the agent does what good
recruiters actually do — hunts for signal, not credentials — by
cross-referencing talks, engagement, and recent activity. The punchline isn’t
that the agent writes a job description. It’s that the agent produces a
shortlist quickly. “Total time: 31 minutes.” [1]
Two snapshots of disruption
Snapshot #1:
recruiting. If an agent can compress weeks of sourcing, screening, and outreach
into an hour, what changes? Not the need for human judgment — you still need
humans to decide what “good” looks like, to build relationships, and to close
candidates — but the center of gravity moves. The recruiter’s value shifts from
reading resumes to shaping the system: defining criteria, curating signal, and
scaling outreach.
Snapshot #2:
open source business models. Tailwind CSS is a utility-first CSS framework that
became a default choice for modern UI development. It also became a favorite
target for “vibe coding” tools because the documentation is rich and structured
— exactly the kind of corpus LLM-based assistants love. But when users stop
visiting docs (because AI answers replace browsing), business models tied to
doc traffic get punched in the face.
In January
2026, a pull request proposed adding an /llms.txt endpoint: a single,
concatenated, text-only version of Tailwind’s docs optimized for LLM
consumption. In the PR discussion, Tailwind’s co-founder Adam Wathan explained
that 75% of the engineering team had just been laid off, with docs traffic down
about 40% from early 2023 and revenue down close to 80% — despite Tailwind
being “more popular than ever.” [2]
That story
isn’t about Tailwind. It’s about a broader reality: AI can increase usage while
decreasing revenue if your business depends on human attention — especially
attention mediated by search and documentation discovery. When the interface to
the internet becomes conversational, the “toll booths” move.
What I’m seeing as a practitioner
In my day job,
I’m already seeing the healthy version of this shift: AI as a force multiplier.
We’re using agents to accelerate recruiting workflows (resume review, candidate
matching, and pre-screening), so recruiters can spend more time on what humans do
best — defining the role precisely, building relationships, and running a
thoughtful process.
We’ve also
automated a historically human-heavy workflow in security: responding to
employees who report suspected phishing emails. What used to take roughly 30
hours a week can be handled faster and more consistently by an agent that can
reply with speed — and even personalization — without eliminating positions.
The humans didn’t disappear; they shifted to higher-leverage work: tuning the
playbooks, improving detection, and increasing the volume and quality of
reporting.
In a previous
role, we built an AI “office hours” chatbot for application security. It could
read our AppSec documentation and answer questions 24/7 in a Teams channel. We
didn’t reduce headcount. We promoted the engineers who built it — because once
you see one internal workflow transform, you realize there are dozens more
waiting.
Agentic AI in the SOC: swarms, not chatbots
Attackers are
already using AI to scale phishing, social engineering, and malware
development. Defenders can’t respond by adding headcount indefinitely. The
pragmatic move is to treat agentic AI as a new kind of workforce in the
Security Operations Center — not as a magic box, but as a set of specialized
copilots.
In the first
phase, the target is simple: agents that can do Tier 1 and Tier 2 work at
machine speed — triage, enrichment, correlation, and drafting — and then hand a
clean, evidence-backed recommendation to a human analyst. Over time, that
becomes a swarm: specialized agents for malware analysis, forensics, threat
intel lookups, documentation, and case management, all coordinated to produce a
single coherent incident narrative.
This doesn’t
eliminate the SOC analyst. It elevates the SOC analyst. The job becomes less
“stare at alerts” and more “lead a response system” — set priorities, validate
conclusions, manage risk, and make hard decisions under uncertainty.
The guardrails matter more than the agents
Here’s the part
leaders can’t skip: agentic systems can take destructive actions if
misdirected, and they are exposed to prompt-injection risks — especially when
they read untrusted content on the internet or in messages. Anthropic
explicitly calls this out in its Cowork research preview: agent safety is still
an active area of development, and prompt injections remain a real risk. [3]
Anthropic has
also published practical research on prompt injection defenses for
browser-using agents — a useful reminder that, in an agentic world, the content
your tools consume becomes part of your attack surface. [5]
So the goal
isn’t “let the agent run wild.” The goal is a controlled operating model where
humans stay accountable and agents stay bounded. In practice, that means:
·
Evidence
trail over “train of thought”: show what the agent observed, which tools it
ran, what artifacts it produced, and why it recommends an action.
·
Least-privilege
tool access: an agent should not have admin-by-default or unrestricted ability
to change state in production.
·
Two-person
rules / approvals for destructive actions: containment, account disables, and
endpoint isolation require explicit human approval (or staged automation with
clear rollback).
·
Sandboxed
execution: run untrusted content analysis and “computer use” tasks in isolated
environments by default.
·
Prompt-injection
resilience: treat emails, tickets, chat messages, and web pages as hostile
input; validate instructions and sanitize tool outputs.
·
Continuous
evaluation: replay real incidents and known-bad corpora against the agent
workflow, and red-team it like you would any other control.
This isn’t
theoretical. The same class of risk shows up in consumer-grade agents too.
TechCrunch’s reporting on the viral personal assistant Moltbot (formerly
Clawdbot) highlights a core truth: an agent that “actually does things” is
powerful precisely because it can execute commands — and that power makes
prompt injection through content a serious concern. [4]
PLAID: People Led, AI Driven
The mantra I
keep coming back to is PLAID: People Led, AI Driven. It’s simple but
operationally useful:
·
People
Led: humans own accountability, ethics, escalation, and risk acceptance. Humans
decide what “good” is.
·
AI
Driven: agents handle throughput — triage, enrichment, correlation, drafting,
and repetitive steps — at a scale humans can’t match.
·
The
result: humans do judgment and leadership; agents do coverage and speed.
The river is not the banks
Technology has
been reshaping work forever. Typewriters gave way to word processing. Phones
became mobile computers. The internet rewired how we buy, sell, learn, and
communicate. AI is the next — and possibly the biggest — bend in the river.
When the banks
change, it can feel like the river is disappearing. It isn’t. The banks are the
structures we built around work: the titles, processes, and business models
that made sense in an earlier era. AI will change those banks — sometimes
abruptly. But the river of work continues: creating value, taking
responsibility, serving people, and solving real problems.
Remember: the river is not the
banks.
References
1.
Pat
Grady and Sonya Huang.
“2026: This is AGI.” Sequoia Capital. January 2026. https://www.sequoiacap.com/article/2026-this-is-agi/
2.
tailwindlabs/tailwindcss.com Pull Request #2388
discussion; comment by @adamwathan (Jan 7, 2026) on layoffs, docs traffic, and
revenue impact. https://github.com/tailwindlabs/tailwindcss.com/pull/2388
3.
Anthropic. “Introducing Cowork (Research
Preview).” Claude blog. https://claude.com/blog/cowork-research-preview
4.
Anna
Heim. “Everything you
need to know about viral personal AI assistant Clawdbot (now Moltbot).”
TechCrunch. January 27, 2026. https://techcrunch.com/2026/01/27/everything-you-need-to-know-about-viral-personal-ai-assistant-clawdbot-now-moltbot/
5.
Anthropic.
“Mitigating the risk of prompt injections in browser use.” Anthropic Research. https://www.anthropic.com/research/prompt-injection-defenses
