Machine-Speed Code, Human-Speed Security: A Broken Model
We are witnessing one of the most impactful shifts in software development of all time. Every previous transition had the same goal: increase developer productivity. Each was transformational and moved the industry forward—but all of them were still far from autonomous software development driven by detailed specifications written in human language.
My first programming language was BASIC on the ZX Spectrum, but I spent most of my career with C/C++ (and lately Rust), along with various shades of assembly, largely because my focus has always been cybersecurity. Writing complex, effective code was always an art. It required time, discipline, and deep understanding to do it properly.
What is happening right now with coding agents like Claude Code, Codex, and others is a true inflection point, a clear before and after. There is no way back. The velocity of this change is increasing at light speed. Anyone who has invested years of their career in software development is now going through different phases of adapting to this new reality of AI-driven development. But one thing is certain: we will not return to the old world. Software development has already changed forever.
I wrote a short post at the end of last December, reflecting on my personal experience and the industry’s AI progress over the past year:
Code becomes cheap, security and validation become more expensive.
Recommended by LinkedIn
We are now at a point where code production velocity has increased so dramatically that what once took months can happen overnight. The old productivity model: Productivity == f(number of people), as described by Frederick Brooks in The Mythical Man-Month, is no longer relevant. We are entering an era where a single experienced developer effectively is a team, orchestrating AI agents with the right context.
The productivity shift is real:
Productivity == f(clarity of intent, architecture, feedback loops).
This transformation creates a massive bottleneck in trust and security. We are entering an AI era where speed is both a superpower and the primary constraint. Software is moving from a design–build–ship–adopt model to a new paradigm of continuous self-improvement at machine speed. That means human-speed security assessments are no longer acceptable, humans themselves become the bottleneck.
Existing security solutions were built for a human-paced development world. They assume human-centric review will fill the gaps. In this new reality, many legacy security products become irrelevant. Detections without context are useless—and often confusing, even for AI agents.
As an industry, this year we must focus on keeping up with the accelerating velocity of software development by building machine-speed cybersecurity products, focused on software quality and security. Context is now the real bottleneck for most solutions. If you can’t prove a result, trace it back to evidence, and validate it continuously, you simply can’t trust it. Either software security becomes machine-native, or it becomes irrelevant.
Machine‑speed code without machine‑speed continuity is exactly how trust collapses. The bottleneck isn’t velocity—it’s the absence of lineage, evidence, and behavioral governance at the substrate. Code is now cheap; continuity, context, and verifiable intent are the real scarce resources. Security only survives this shift if it becomes native to the same substrate that’s generating the software.