Engineering teams across enterprise IT are writing their own software with AI coding assistants, spinning up agents that act on their behalf, and assigning those agents the same access privileges their human creators hold. This shift has pulled the role of the chief information security officer into territory that did not exist two years ago. Speaking at the Span Cyber Security Arena conference, Hrvoje Englman, CISO at Span, said it is changing what defenders worry about most.

Span's workforce includes a sizable population of developers alongside a larger group of engineers. The engineers are the new variable. With AI-assisted coding, they are building applications and personal agents to automate parts of their own jobs. Each new agent inherits the identity of its creator, and those identities are typically over-provisioned. Least privilege remains an aspiration that is hard to enforce in production environments.

"I cannot be the blocker," Englman said. "You cannot block progress. People will find ways around it." His priority is enabling secure use of AI inside the company rather than prohibiting it. This approach reflects a broader industry shift toward "secure enablement" versus outright restriction, a trend accelerated by the rapid adoption of generative AI tools in enterprise settings.

The bus-factor problem multiplies

The risk extends beyond access control. When a single engineer automates a business process using five interacting agents and then leaves for another job, the organization inherits an undocumented system that nobody understands. Englman called this an inversion of the traditional bus-factor problem. Previously, a key person leaving created a knowledge gap. Now the agents they built keep running, and the company has no record of what they do or why. This creates a hidden operational risk that is difficult to audit or remediate after the fact. Security teams must now account for autonomous processes that may be making decisions, interacting with databases, or even modifying configurations without human oversight.

The traditional bus factor—the number of people who need to be hit by the proverbial bus before a project collapses—has long been a concern for knowledge retention. But with AI agents, the problem becomes one of persistence and invisibility. An agent may have been created months ago, forgotten, and still running with privileged access. Without proper governance of agent lifecycles, organizations risk accumulating a "shadow fleet" of automated processes that could be exploited or malfunction.

Defender's leverage is real, with limits

AI has produced concrete gains in defensive work. Englman pointed to log analysis as one area where the value is immediate. Feeding hundreds of megabytes of log files into an AI tool and asking it to surface anomalies or pivot on an IP address compresses work that previously took analysts hours. Policy drafting is another use case. Generating a first draft from internal context can cut a three-day task to a single day, and the time savings compound across a workforce. Security operations centers that adopt AI-assisted workflows report significant improvements in mean time to detect (MTTD) and mean time to respond (MTTR), particularly when handling repetitive triage tasks.

He drew a sharper line on the vendor pitch for autonomous AI-driven security operations centers. The idea of defensive AI battling offensive AI in real-time, with no humans in the loop, does not match what is achievable now. Log ingestion remains the hardest part of running a SOC, and detection engineering still depends on people who can explain why an alert fired. Moreover, many organizations struggle with data quality and normalization, which are prerequisites for effective AI analysis. Without clean, structured logs, even the most advanced AI models produce unreliable results.

"You get an alert, but your analyst doesn't understand the alert," Englman said, describing the failure mode he sees in teams that lean too heavily on automated tooling. "And you have two million alerts, and then what?" Autonomous isolation of systems remains out of reach because the AI does not understand the business process. Decisions about when to shut down a critical service get escalated to senior leadership during real incidents, and that judgment stays with humans. For example, automatically disconnecting a database server that supports a revenue-generating application could cause more damage than the attack itself. Only people with deep organizational context can weigh such trade-offs.

He also pushed back on the industry framing of breaches. Most of the largest incidents trace back to phishing and credential theft. Vendors selling AI-powered SOCs as a defense against nation-state actors are addressing a smaller part of the problem than their marketing suggests. According to Verizon's 2025 Data Breach Investigations Report, credential theft and social engineering account for more than 80% of breaches, while advanced persistent threats make up a fraction. Englman argues that investing in basic cyber hygiene—multifactor authentication, least privilege, and user awareness—provides a higher return than chasing shiny AI solutions.

The threat model for a services provider

Span sells IT services to enterprise clients, which doubles its exposure. The company is a target in its own right and a target for attackers seeking access to its customers. A typical end-user organization can absorb a breach and recover. For Span, the response itself becomes the product on display. Clients evaluate security not just by controls in place, but by how incidents are handled when they inevitably occur. A mishandled breach can lead to loss of business, legal liability, and reputational damage that takes years to repair.

Englman said the company has to be able to demonstrate that controls were in place, that the failure was contained, and that the incident was handled with the same discipline it offers customers. Reputation is what gets sold, and negligence would end the business. This places a premium on transparency and rigorous incident response planning. Regular tabletop exercises, continuous monitoring, and third-party audits are non-negotiable for services providers in the current threat landscape.

Skills shortage, restated

The widely discussed cybersecurity talent gap, in Englman's view, is misframed. Entry-level applicants are abundant. Senior practitioners with five or more years of operational depth are scarce, and that gap cannot be closed quickly through training programs. The Span Cyber Security Center has trained more than 3,000 people, and Englman said the pipeline matters precisely because the industry's push toward automated tooling threatens to eliminate the junior roles where future experts get built.

His measure for a SOC analyst centers on whether they can explain what the alert means and how the conditions that triggered it came about. Without that understanding, an analyst rolling a fifty-fifty guess on relevance is no better than a model doing the same. He advocates for a return to fundamentals: teaching analysts to read logs, understand network protocols, and trace attack chains manually before relying on automation. This deep knowledge is what enables them to adapt to novel threats and to validate the output of AI systems.

The industry's focus on automation has also created a perverse incentive: organizations view security as a set of tools to buy rather than a discipline to cultivate. Englman warns that this leads to underinvestment in people and processes, the very elements that determine whether new technology delivers value. He suggests that boards and executives should ask CISOs not just about the tools they deploy, but about the depth of their teams and the retention rates of experienced analysts.

The wisdom he has discarded

Asked which piece of conventional security wisdom he has stopped believing, Englman named the framing of humans as the weakest link in the chain. He called it lazy and a form of blame culture. The responsibility, he said, sits with the CISO to build systems where a user clicking a malicious link does not bring the environment down. Brittle defenses that depend on perfect human behavior are a design failure. Instead, he advocates for "assume breach" architectures that incorporate segmentation, micro-perimeters, and real-time attack path analysis to limit the blast radius of any single mistake.

This philosophy aligns with zero trust principles, but Englman argues that many organizations implement zero trust only partially, leaving gaps that simple errors can exploit. For example, enforcing multifactor authentication on all logins is only effective if the system also limits lateral movement. A compromised user credential should not grant access to the entire network. By designing resilience into the environment, CISOs can shift the burden from fallible humans to robust systems. This, he believes, is the true path to confidence in a market saturated with breach headlines.

Englman also noted that the industry's obsession with attribution—knowing exactly who attacked—often distracts from the more important task of closing the vulnerabilities that enabled the breach. Whether the adversary is a nation-state, a criminal group, or an insider, the remediation steps are similar: patch, rotate credentials, improve monitoring. Focusing on the attacker's identity can lead to analysis paralysis while the real damage continues.

Source: Help Net Security News