For this Conversations episode, the part that stuck with me is that AI security is not really one conversation.
It is a speed conversation.
It is a context conversation.
It is a fundamentals conversation.
And honestly, it is still very much a people conversation.
That is what I liked about talking with Kat Traxler from Vectra AI. She is not dismissing the AI security concern. There are real changes happening. Models are getting better at finding certain classes of bugs. Researchers can move faster. Bug hunters can narrow huge codebases down more quickly. Attackers can also use the same kind of tooling to move faster.
That part matters.
But the part that gets lost in a lot of the panic is that speed is not the same thing as understanding.
AI can help find suspicious code paths. It can help with injection bugs. It can help with RCE patterns. It can help generate queries, first drafts, summaries, and research direction. It can make the first pass through a messy problem less painful.
But it does not automatically know the threat model.
It does not always understand privilege.
It does not know what your users expect.
It does not know what your business logic means.
It does not know whether something is actually exploitable in your environment, with your data, your permissions, your deployment shape, and your weird internal assumptions.
That is where human judgment still matters.
And that is probably the most important theme of this episode.
The model can help find needles, but the human still has to know which needles matter.
That came up a few different ways. Bug hunting, writing, cloud analysis, IAM, prompt injection, insecure-by-design flaws. The pattern is pretty consistent. AI can accelerate parts of the work, but if you do not have the expertise to challenge it, constrain it, and validate it, it can make you faster in the wrong direction.
Kat’s example with VPC flow logs is a good one. If a model tells you that you can infer packet-level details from data that does not actually contain those fields, that answer might sound useful if you do not know better. But if you do know the system, you can push back and say, no, that is not possible. Here are the fields we actually have. Here is what can and cannot be inferred.
That is the difference between AI as leverage and AI as a confidence machine.
And that matters a lot in security.
Because security does not reward confident guesses.
The other thing that stood out to me is Kat’s pushback on the full zero-day apocalypse narrative.
There is a real issue underneath it. The time between vulnerability disclosure and exploitation has been shrinking. AI may compress that even further for certain classes of vulnerabilities. That is not fake. Security teams should pay attention to that.
But the jump from “attackers may weaponize faster” to “global technology collapses in a few months” is a much bigger leap.
And Kat’s point was basically, let’s spend more time on the “and then what?”
If the zero-day clock keeps shrinking, what actually happens?
Which teams are most exposed?
Which systems are most at risk?
Which attackers change behavior?
Which organizations need to respond differently?
And which problems are still the same boring problems they were yesterday?
Because that is the part that I think a lot of DevOps, SRE, platform, and security teams need to hear.
The scary future does not erase the current fundamentals.
Credentials still matter.
IAM still matters.
Misconfigurations still matter.
Known vulnerabilities still matter.
Patch management still matters.
Source code secrets still matter.
Human fatigue still matters.
Attackers are practical. They are going to take the lowest-friction path that works. A lot of the time, that path is not a cinematic AI-generated zero-day chain. It is a leaked key. A reused credential. An over-permissive role. A service account nobody remembered. A server that should have been patched six months ago.
That does not mean AI risk is overblown.
It means we need to hold both ideas at the same time.
AI may make certain security problems move faster.
But if your IAM is already a mess, your secrets are everywhere, your patching is inconsistent, and nobody owns the exposed attack surface, the future AI threat is not an excuse to ignore the thing already sitting on fire.
The IAM part of the conversation felt especially true.
IAM is hard because it looks like a technical service, but it is really where people, process, and technology collide.
It is credentials. It is authentication. It is access. It is human behavior. It is shortcuts. It is tired people. It is teams under pressure. It is old roles. It is permissions nobody wants to remove because something might break. It is attackers knowing that credential abuse is often the easiest way in.
That is why IAM stays painful.
Not because nobody understands least privilege as a concept.
Everyone understands the concept.
The hard part is making it work in a real organization where people are trying to ship software, troubleshoot production, rotate keys, grant access, clean up old permissions, and not break the thing that pays the bills.
So when Kat says IAM is really about people, I think that is right.
The insecure-by-design discussion was another useful thread.
A lot of AI security focus is on code-level vulnerabilities. Can the model find injection bugs? Can it find RCE? Can it find XSS? Can it narrow the search space?
That work matters.
But insecure-by-design flaws are different.
Those are not always bad lines of code. They are bad assumptions.
The AirTag example is a good way to think about it. The device may function as designed, but the design missed a real-world abuse case. The issue is not just technical correctness. It is whether the product accounts for how people can misuse it, who can be harmed, what customers expect, and what happens when the system is used in a way the builders did not intend.
That is a different class of security work.
And I suspect it is going to stay valuable, even as AI gets better at finding some code-level bugs.
Maybe especially then.
If AI makes some of the easier code-level searching faster, more of the important work may shift toward context, abuse paths, design flaws, threat modeling, and the uncomfortable question of what the system allows someone to do that we did not intend.
That is harder.
It is also probably more important.
So my takeaway from this episode is not “panic about AI security.”
It is also not “everything is fine.”
It is more like, keep your head.
Use AI where it helps. Let it speed up the annoying parts. Let it help with first passes, rough drafts, code search, query generation, pattern matching, and research workflows.
But do not outsource judgment.
Do not let the AI output become the security conclusion.
Do not confuse a confident answer with a correct one.
And do not let the excitement around future AI-driven attacks distract from the fundamentals that are still hurting teams right now.
Threat model the new stuff.
Patch the known stuff.
Clean up IAM.
Protect credentials.
Own your exposed attack surface.
Write down what your system actually promises.
And when AI gives you an answer, treat it like a starting point, not the finish line.
Because the future may move faster.
But the work still has to be done.
📝 Notes
Show Notes
This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.
In this Ship It: Conversations episode, I talk with Kat Traxler of Vectra AI about AI security, the zero-day clock, IAM, cloud risk, AI-assisted bug hunting, and why the scariest future security problems may still start with the boring fundamentals teams already struggle with today.
Kat is a Principal Security Researcher at Vectra AI focused on abuse techniques and vulnerabilities in the public cloud, especially around the intersection of cloud security, AppSec, IAM, managed identities, and insecure-by-design flaws.
We talk about the current AI security mood, from the excitement around faster research and bug hunting to the fear that AI could shrink the window between vulnerability disclosure and exploitation. Kat explains the “San Francisco Consensus,” why the zero-day clock is getting so much attention, and why she thinks the facts may be real while some of the conclusions are overextended.
The bigger theme here is that AI is absolutely changing security work, but it does not erase the fundamentals. Attackers still take the lowest-friction path that works. For most teams, that still means credentials, IAM, misconfigurations, known vulnerabilities, and systems that were never threat-modeled as deeply as people assume.
Highlights
• Why AI security feels exciting and unsettling at the same time
• What the “San Francisco Consensus” means and why people are talking about the zero-day clock
• How AI may shrink the time between vulnerability disclosure and exploitation
• Why Kat is skeptical of the full “zero-day apocalypse” narrative
• Why credentials, IAM, misconfigurations, and known vulnerabilities still matter most for many teams
• How AI helps narrow the search space in bug hunting and security research
• Where AI is useful for code-level bugs, and where it still struggles with context and threat modeling
• Why human expertise still matters when using AI for writing, research, and cloud security analysis
• Why IAM remains hard because it sits at the intersection of people, access, and technology
• What insecure-by-design flaws are, and why AI may not solve those anytime soon
For this Conversations episode, the part that stuck with me is that AI security is not really one conversation.
It is a speed conversation.
It is a context conversation.
It is a fundamentals conversation.
And honestly, it is still very much a people conversation.
That is what I liked about talking with Kat Traxler from Vectra AI. She is not dismissing the AI security concern. There are real changes happening. Models are getting better at finding certain classes of bugs. Researchers can move faster. Bug hunters can narrow huge codebases down more quickly. Attackers can also use the same kind of tooling to move faster.
That part matters.
But the part that gets lost in a lot of the panic is that speed is not the same thing as understanding.
AI can help find suspicious code paths. It can help with injection bugs. It can help with RCE patterns. It can help generate queries, first drafts, summaries, and research direction. It can make the first pass through a messy problem less painful.
But it does not automatically know the threat model.
It does not always understand privilege.
It does not know what your users expect.
It does not know what your business logic means.
It does not know whether something is actually exploitable in your environment, with your data, your permissions, your deployment shape, and your weird internal assumptions.
That is where human judgment still matters.
And that is probably the most important theme of this episode.
The model can help find needles, but the human still has to know which needles matter.
That came up a few different ways. Bug hunting, writing, cloud analysis, IAM, prompt injection, insecure-by-design flaws. The pattern is pretty consistent. AI can accelerate parts of the work, but if you do not have the expertise to challenge it, constrain it, and validate it, it can make you faster in the wrong direction.
Kat’s example with VPC flow logs is a good one. If a model tells you that you can infer packet-level details from data that does not actually contain those fields, that answer might sound useful if you do not know better. But if you do know the system, you can push back and say, no, that is not possible. Here are the fields we actually have. Here is what can and cannot be inferred.
That is the difference between AI as leverage and AI as a confidence machine.
And that matters a lot in security.
Because security does not reward confident guesses.
The other thing that stood out to me is Kat’s pushback on the full zero-day apocalypse narrative.
There is a real issue underneath it. The time between vulnerability disclosure and exploitation has been shrinking. AI may compress that even further for certain classes of vulnerabilities. That is not fake. Security teams should pay attention to that.
But the jump from “attackers may weaponize faster” to “global technology collapses in a few months” is a much bigger leap.
And Kat’s point was basically, let’s spend more time on the “and then what?”
If the zero-day clock keeps shrinking, what actually happens?
Which teams are most exposed?
Which systems are most at risk?
Which attackers change behavior?
Which organizations need to respond differently?
And which problems are still the same boring problems they were yesterday?
Because that is the part that I think a lot of DevOps, SRE, platform, and security teams need to hear.
The scary future does not erase the current fundamentals.
Credentials still matter.
IAM still matters.
Misconfigurations still matter.
Known vulnerabilities still matter.
Patch management still matters.
Source code secrets still matter.
Human fatigue still matters.
Attackers are practical. They are going to take the lowest-friction path that works. A lot of the time, that path is not a cinematic AI-generated zero-day chain. It is a leaked key. A reused credential. An over-permissive role. A service account nobody remembered. A server that should have been patched six months ago.
That does not mean AI risk is overblown.
It means we need to hold both ideas at the same time.
AI may make certain security problems move faster.
But if your IAM is already a mess, your secrets are everywhere, your patching is inconsistent, and nobody owns the exposed attack surface, the future AI threat is not an excuse to ignore the thing already sitting on fire.
The IAM part of the conversation felt especially true.
IAM is hard because it looks like a technical service, but it is really where people, process, and technology collide.
It is credentials. It is authentication. It is access. It is human behavior. It is shortcuts. It is tired people. It is teams under pressure. It is old roles. It is permissions nobody wants to remove because something might break. It is attackers knowing that credential abuse is often the easiest way in.
That is why IAM stays painful.
Not because nobody understands least privilege as a concept.
Everyone understands the concept.
The hard part is making it work in a real organization where people are trying to ship software, troubleshoot production, rotate keys, grant access, clean up old permissions, and not break the thing that pays the bills.
So when Kat says IAM is really about people, I think that is right.
The insecure-by-design discussion was another useful thread.
A lot of AI security focus is on code-level vulnerabilities. Can the model find injection bugs? Can it find RCE? Can it find XSS? Can it narrow the search space?
That work matters.
But insecure-by-design flaws are different.
Those are not always bad lines of code. They are bad assumptions.
The AirTag example is a good way to think about it. The device may function as designed, but the design missed a real-world abuse case. The issue is not just technical correctness. It is whether the product accounts for how people can misuse it, who can be harmed, what customers expect, and what happens when the system is used in a way the builders did not intend.
That is a different class of security work.
And I suspect it is going to stay valuable, even as AI gets better at finding some code-level bugs.
Maybe especially then.
If AI makes some of the easier code-level searching faster, more of the important work may shift toward context, abuse paths, design flaws, threat modeling, and the uncomfortable question of what the system allows someone to do that we did not intend.
That is harder.
It is also probably more important.
So my takeaway from this episode is not “panic about AI security.”
It is also not “everything is fine.”
It is more like, keep your head.
Use AI where it helps. Let it speed up the annoying parts. Let it help with first passes, rough drafts, code search, query generation, pattern matching, and research workflows.
But do not outsource judgment.
Do not let the AI output become the security conclusion.
Do not confuse a confident answer with a correct one.
And do not let the excitement around future AI-driven attacks distract from the fundamentals that are still hurting teams right now.
Threat model the new stuff.
Patch the known stuff.
Clean up IAM.
Protect credentials.
Own your exposed attack surface.
Write down what your system actually promises.
And when AI gives you an answer, treat it like a starting point, not the finish line.
Because the future may move faster.
But the work still has to be done.