Engineering teams across enterprise IT are writing their own software with AI coding assistants, spinning up agents that act on their behalf, and assigning those agents the same access privileges their human creators hold. The shift has pulled the role of the chief information security officer into territory that did not exist two years ago. Speaking at the Span Cyber Security Arena conference, Hrvoje Englman, CISO at Span, said it is changing what defenders worry about most.

Span's workforce includes a sizable population of developers alongside a larger group of engineers. The engineers are the new variable. With AI-assisted coding, they are building applications and personal agents to automate parts of their own jobs. Each new agent inherits the identity of its creator, and those identities are typically over-provisioned. Least privilege remains an aspiration that is hard to enforce in production environments.

“I cannot be the blocker,” Englman said. “You cannot block progress. People will find ways around it.” His priority is enabling secure use of AI inside the company rather than prohibiting it.

The bus-factor problem multiplies

The risk extends beyond access control. When a single engineer automates a business process using five interacting agents and then leaves for another job, the organization inherits an undocumented system that nobody understands. Englman called this an inversion of the traditional bus-factor problem. Previously, a key person leaving created a knowledge gap. Now the agents they built keep running, and the company has no record of what they do or why. This problem becomes especially acute in environments where AI-generated code is rarely reviewed for security or maintainability. Many organizations lack policies for agent lifecycle management, leading to rogue agents that persist long after their creator has departed. The cumulative effect is a shadow IT of autonomous processes that can inadvertently expose sensitive data or make unauthorized changes.

Beyond the immediate operational risk, there is a compliance dimension. Regulations such as GDPR and SOX require organizations to maintain accurate records of data processing activities. Undocumented agents that scrape or transform data can lead to breaches of these requirements. Englman emphasized that CISOs must work with engineering leadership to establish governance frameworks for AI-generated code and agents, including mandatory documentation, access reviews, and decommissioning procedures.

Defender's leverage is real, with limits

AI has produced concrete gains in defensive work. Englman pointed to log analysis as one area where the value is immediate. Feeding hundreds of megabytes of log files into an AI tool and asking it to surface anomalies or pivot on an IP address compresses work that previously took analysts hours. Policy drafting is another use case. Generating a first draft from internal context can cut a three-day task to a single day, and the time savings compound across a workforce. Many security teams now use LLMs to translate complex regulatory requirements into actionable controls, accelerating the compliance process.

He drew a sharper line on the vendor pitch for autonomous AI-driven security operations centers. The idea of defensive AI battling offensive AI in real-time, with no humans in the loop, does not match what is achievable now. Log ingestion remains the hardest part of running a SOC, and detection engineering still depends on people who can explain why an alert fired. The promise of fully autonomous triage ignores the reality that logs are often incomplete, misconfigured, or deliberately obfuscated by attackers. AI models, no matter how sophisticated, lack the business context to make high-stakes decisions about system isolation or data integrity.

“You get an alert, but your analyst doesn't understand the alert,” Englman said, describing the failure mode he sees in teams that lean too heavily on automated tooling. “And you have two million alerts, and then what?” Autonomous isolation of systems remains out of reach because the AI does not understand the business process. Decisions about when to shut down a critical service get escalated to senior leadership during real incidents, and that judgment stays with humans. In practice, even the most advanced AI-powered SOCs still rely on human operators to validate anomalies, adjust thresholds, and investigate false positives.

He also pushed back on the industry framing of breaches. Most of the largest incidents trace back to phishing and credential theft. Vendors selling AI-powered SOCs as a defense against nation-state actors are addressing a smaller part of the problem than their marketing suggests. Basic security hygiene—multi-factor authentication, robust identity governance, and continuous patching—remains the most effective deterrent. Yet these fundamentals often receive less attention than shiny AI tools. Englman noted that many organizations spend heavily on detection while neglecting prevention, creating an imbalance that attackers exploit.

The threat model for a services provider

Span sells IT services to enterprise clients, which doubles its exposure. The company is a target in its own right and a target for attackers seeking access to its customers. A typical end-user organization can absorb a breach and recover. For Span, the response itself becomes the product on display. This dynamic influences every decision about security architecture and incident response planning. Englman said the company must be able to demonstrate that controls were in place, that the failure was contained, and that the incident was handled with the same discipline it offers customers. Reputation is what gets sold, and negligence would end the business.

This dual exposure also affects vendor risk management. Span must vet not only its own internal tools but also the security posture of its supply chain. A vulnerability in a third-party component could cascade into client environments. Englman's team conducts regular red-team exercises that simulate attacks through the service delivery chain, testing both technical defenses and communication protocols. These exercises have revealed gaps in incident coordination that were subsequently addressed through tabletop drills and updated runbooks.

Skills shortage, restated

The widely discussed cybersecurity talent gap, in Englman's view, is misframed. Entry-level applicants are abundant. Senior practitioners with five or more years of operational depth are scarce, and that gap cannot be closed quickly through training programs. The Span Cyber Security Center has trained more than 3,000 people, and Englman said the pipeline matters precisely because the industry's push toward automated tooling threatens to eliminate the junior roles where future experts get built. Many organizations now rely heavily on AI for alert triage, reducing the need for junior analysts. While this cuts costs short term, it starves the ecosystem of the hands-on experience needed to cultivate senior talent.

His measure for a SOC analyst centers on whether they can explain what the alert means and how the conditions that triggered it came about. Without that understanding, an analyst rolling a fifty-fifty guess on relevance is no better than a model doing the same. He advocates for structured apprenticeship programs that pair junior staff with senior mentors, requiring them to document their analysis and present findings in post-incident reviews. Such programs build the critical thinking skills that automation cannot replicate.

The wisdom he has discarded

Asked which piece of conventional security wisdom he has stopped believing, Englman named the framing of humans as the weakest link in the chain. He called it lazy and a form of blame culture. The responsibility, he said, sits with the CISO to build systems where a user clicking a malicious link does not bring the environment down. Brittle defenses that depend on perfect human behavior are a design failure. The real weakest link, in his view, is the assumption that technology can enforce security without considering how people actually work. Effective security requires understanding user behavior, designing friction-reducing controls, and providing just-in-time training that adapts to risk.

Englman's philosophy is one of pragmatic enablement: give engineers the tools to innovate while embedding security guardrails that do not impede productivity. The challenge for CISOs is to strike a balance between trust and verification in an era where AI-generated code and agents are proliferating faster than governance can catch up. As the agentic AI era unfolds, the security community must rethink old assumptions about identity, knowledge management, and the role of automation. The CISO who sells confidence is one who acknowledges the unknowns, invests in foundational controls, and builds a culture where security is everyone's responsibility—but not everyone's fault.

Source: Help Net Security News