Sunday, February 01, 2026

The Age of AGI

How we’ll use AI in cybersecurity

For years we’ve speculated about how AI might change work: the end of jobs, universal basic income, or a future where “everyone is a prompt engineer.” In 2026, the speculation is over. What’s changing now isn’t just the speed of tasks — it’s the cycle time of entire roles and business models. That uncertainty is real, and it’s worth naming: uncertainty drives stress, and stress makes people less healthy, less creative, and less effective.

But there’s a calmer way to look at what’s happening. AI is not “the end of work.” It’s the end of certain containers we’ve wrapped around work: job titles, workflows, processes, and business models that used to define where value lived.

In other words: the banks are changing. The river keeps flowing.

A functional kind of AGI is already here

We can argue endlessly about what counts as “AGI.” Investors, researchers, and engineers use different definitions. But there’s a practical definition that matters to leaders: can a system take a goal, plan a multi-step approach, use tools, and deliver outcomes on a human time horizon — minutes to hours — without being handheld at every step?

Sequoia’s Pat Grady and Sonya Huang described this shift with a simple scenario: a founder asks an agent to find a developer relations lead, and the agent does what good recruiters actually do — hunts for signal, not credentials — by cross-referencing talks, engagement, and recent activity. The punchline isn’t that the agent writes a job description. It’s that the agent produces a shortlist quickly. “Total time: 31 minutes.” [1]

Two snapshots of disruption

Snapshot #1: recruiting. If an agent can compress weeks of sourcing, screening, and outreach into an hour, what changes? Not the need for human judgment — you still need humans to decide what “good” looks like, to build relationships, and to close candidates — but the center of gravity moves. The recruiter’s value shifts from reading resumes to shaping the system: defining criteria, curating signal, and scaling outreach.

Snapshot #2: open source business models. Tailwind CSS is a utility-first CSS framework that became a default choice for modern UI development. It also became a favorite target for “vibe coding” tools because the documentation is rich and structured — exactly the kind of corpus LLM-based assistants love. But when users stop visiting docs (because AI answers replace browsing), business models tied to doc traffic get punched in the face.

In January 2026, a pull request proposed adding an /llms.txt endpoint: a single, concatenated, text-only version of Tailwind’s docs optimized for LLM consumption. In the PR discussion, Tailwind’s co-founder Adam Wathan explained that 75% of the engineering team had just been laid off, with docs traffic down about 40% from early 2023 and revenue down close to 80% — despite Tailwind being “more popular than ever.” [2]

That story isn’t about Tailwind. It’s about a broader reality: AI can increase usage while decreasing revenue if your business depends on human attention — especially attention mediated by search and documentation discovery. When the interface to the internet becomes conversational, the “toll booths” move.

What I’m seeing as a practitioner

In my day job, I’m already seeing the healthy version of this shift: AI as a force multiplier. We’re using agents to accelerate recruiting workflows (resume review, candidate matching, and pre-screening), so recruiters can spend more time on what humans do best — defining the role precisely, building relationships, and running a thoughtful process.

We’ve also automated a historically human-heavy workflow in security: responding to employees who report suspected phishing emails. What used to take roughly 30 hours a week can be handled faster and more consistently by an agent that can reply with speed — and even personalization — without eliminating positions. The humans didn’t disappear; they shifted to higher-leverage work: tuning the playbooks, improving detection, and increasing the volume and quality of reporting.

In a previous role, we built an AI “office hours” chatbot for application security. It could read our AppSec documentation and answer questions 24/7 in a Teams channel. We didn’t reduce headcount. We promoted the engineers who built it — because once you see one internal workflow transform, you realize there are dozens more waiting.

Agentic AI in the SOC: swarms, not chatbots

Attackers are already using AI to scale phishing, social engineering, and malware development. Defenders can’t respond by adding headcount indefinitely. The pragmatic move is to treat agentic AI as a new kind of workforce in the Security Operations Center — not as a magic box, but as a set of specialized copilots.

In the first phase, the target is simple: agents that can do Tier 1 and Tier 2 work at machine speed — triage, enrichment, correlation, and drafting — and then hand a clean, evidence-backed recommendation to a human analyst. Over time, that becomes a swarm: specialized agents for malware analysis, forensics, threat intel lookups, documentation, and case management, all coordinated to produce a single coherent incident narrative.

This doesn’t eliminate the SOC analyst. It elevates the SOC analyst. The job becomes less “stare at alerts” and more “lead a response system” — set priorities, validate conclusions, manage risk, and make hard decisions under uncertainty.

The guardrails matter more than the agents

Here’s the part leaders can’t skip: agentic systems can take destructive actions if misdirected, and they are exposed to prompt-injection risks — especially when they read untrusted content on the internet or in messages. Anthropic explicitly calls this out in its Cowork research preview: agent safety is still an active area of development, and prompt injections remain a real risk. [3]

Anthropic has also published practical research on prompt injection defenses for browser-using agents — a useful reminder that, in an agentic world, the content your tools consume becomes part of your attack surface. [5]

So the goal isn’t “let the agent run wild.” The goal is a controlled operating model where humans stay accountable and agents stay bounded. In practice, that means:

·       Evidence trail over “train of thought”: show what the agent observed, which tools it ran, what artifacts it produced, and why it recommends an action.

·       Least-privilege tool access: an agent should not have admin-by-default or unrestricted ability to change state in production.

·       Two-person rules / approvals for destructive actions: containment, account disables, and endpoint isolation require explicit human approval (or staged automation with clear rollback).

·       Sandboxed execution: run untrusted content analysis and “computer use” tasks in isolated environments by default.

·       Prompt-injection resilience: treat emails, tickets, chat messages, and web pages as hostile input; validate instructions and sanitize tool outputs.

·       Continuous evaluation: replay real incidents and known-bad corpora against the agent workflow, and red-team it like you would any other control.

This isn’t theoretical. The same class of risk shows up in consumer-grade agents too. TechCrunch’s reporting on the viral personal assistant Moltbot (formerly Clawdbot) highlights a core truth: an agent that “actually does things” is powerful precisely because it can execute commands — and that power makes prompt injection through content a serious concern. [4]

PLAID: People Led, AI Driven

The mantra I keep coming back to is PLAID: People Led, AI Driven. It’s simple but operationally useful:

·       People Led: humans own accountability, ethics, escalation, and risk acceptance. Humans decide what “good” is.

·       AI Driven: agents handle throughput — triage, enrichment, correlation, drafting, and repetitive steps — at a scale humans can’t match.

·       The result: humans do judgment and leadership; agents do coverage and speed.

The river is not the banks

Technology has been reshaping work forever. Typewriters gave way to word processing. Phones became mobile computers. The internet rewired how we buy, sell, learn, and communicate. AI is the next — and possibly the biggest — bend in the river.

When the banks change, it can feel like the river is disappearing. It isn’t. The banks are the structures we built around work: the titles, processes, and business models that made sense in an earlier era. AI will change those banks — sometimes abruptly. But the river of work continues: creating value, taking responsibility, serving people, and solving real problems.

Remember: the river is not the banks.

References

1.      Pat Grady and Sonya Huang. “2026: This is AGI.” Sequoia Capital. January 2026. https://www.sequoiacap.com/article/2026-this-is-agi/

2.      tailwindlabs/tailwindcss.com Pull Request #2388 discussion; comment by @adamwathan (Jan 7, 2026) on layoffs, docs traffic, and revenue impact. https://github.com/tailwindlabs/tailwindcss.com/pull/2388

3.      Anthropic. “Introducing Cowork (Research Preview).” Claude blog. https://claude.com/blog/cowork-research-preview

4.      Anna Heim. “Everything you need to know about viral personal AI assistant Clawdbot (now Moltbot).” TechCrunch. January 27, 2026. https://techcrunch.com/2026/01/27/everything-you-need-to-know-about-viral-personal-ai-assistant-clawdbot-now-moltbot/

5.      Anthropic. “Mitigating the risk of prompt injections in browser use.” Anthropic Research. https://www.anthropic.com/research/prompt-injection-defenses


Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)