"Every agent needs to have an identity." — Jonathan Jaffe, CISO at Lemonade, on the architectural shift from managing people to automating security policy.
This infographic was generated from Tomasz Tunguz's Office Hours with Jonathan Jaffe, published May 28, 2026. Jaffe, CISO at Lemonade, presents four core theses: AI is equally powerful for defenders and attackers, exploit windows are narrowing, security teams are becoming engineering teams, and every agent requires identity and policy governance at scale.
Technology Stack:
Jonathan Jaffe presents five key concepts that reframe how enterprises should think about AI security — from defender parity to agent identity at scale.
AI is equally powerful for defenders as attackers. While AI-generated exploits grab headlines, every vendor in the stack uses AI to harden services. Defenders can improve everywhere simultaneously — attackers must find individual weaknesses.
AI may produce vulnerable code, but AI also reviews, pen-tests, and patches faster than human pipelines. Bugs are finite — increasing resolution velocity shrinks the window of exploitability, making software more resilient over time.
At Lemonade, every security person is an engineer. The role shifts from managing people and running playbooks to architecting automated policies that govern an agentic world — building platforms, not processes.
200 to 10,000 agents per endpoint, each needing identity and scoped policy. Traditional IAM cannot handle this scale. Every agent must be a governed principal — not a blind process running with ambient authority.
"Automation is the only way you can deal with the scale of what's coming at us now." Security policy must be codified, versioned, and enforced programmatically — like infrastructure-as-code, not human training.
AI-powered security platforms for automated threat detection, vulnerability verification, and policy enforcement — encompassing agentic SOC tools and automated pen-testing.
NAICS 541511
IAM systems that scale to handle thousands of AI agents per endpoint — extending identity principles to non-human principals with fine-grained policy control.
NAICS 541512
Hire security practitioners who can write code and build platforms. At Lemonade, every security person is an engineer. The future security team builds automation, not just runs tools.
Integrate AI-powered code review into CI/CD. Use AI to scan at commit time and generate fix suggestions. AI reviewing AI code creates a positive hardening feedback loop.
Architect identity for non-human principals now. Extend IAM to handle 200–10,000 agents per endpoint. Automated identity lifecycle management is non-negotiable.
Pair a threat intelligence agent with a verification agent that checks if vulnerable code is actually reachable in production. Reduces false positives by validating exploitability.
Treat security policy like infrastructure — version-controlled, tested, automatically deployed. Manual policy enforcement cannot scale to thousands of agents.
Audit vendors for AI-powered features. Every vendor in your stack is using AI to improve security — ensure you're using those capabilities.
The CISO shifts from risk manager to platform architect — designing automated governance systems and leading engineering-driven security teams.
AI is equally powerful for both. While AI can enable new attack vectors, it simultaneously accelerates code review, pen-testing, and patching. Every vendor uses AI to improve security services. The exploit window narrows because AI-driven resolution velocity increases — since bugs are finite, faster resolution makes software more resilient.
The exploit window is the time between vulnerability introduction and patch deployment. It is narrowing because AI accelerates every phase of the resolution cycle — review, pen-testing, and patching happen faster than in human-only pipelines. Increasing resolution velocity makes software more resilient even if AI initially produces more vulnerable code.
Automation is the only way to handle AI-era threat scale. At Lemonade, every security person is an engineer. The role shifts from managing people to architecting automated policies — security becomes a platform-building discipline.
A single endpoint could host 200 to 10,000 agents. Without identity, you cannot enforce policy — you cannot control what each agent accesses. Traditional IAM for human principals cannot scale to this level.
A custom AI platform with specialized agents: one reads threat intelligence and triages, another verifies whether vulnerable methods are actually invoked in production. This two-agent architecture separates signal detection from signal verification, dramatically reducing false positives.
Codifying security policies as version-controlled, testable, automatically deployable artifacts — treating policy like infrastructure rather than documentation. Essential in an agentic world where policy must scale to thousands of non-human actors.
An AI agent checks whether a reported vulnerability is actually exploitable in production by analyzing if the vulnerable code path is reachable and invoked. This reduces false positives and lets teams focus on vulnerabilities that matter.
A Security Operations Center where AI agents perform detection, triage, verification, and response. Human analysts shift from operators to platform architects who design and govern automated workflows.
Traditional IAM handles hundreds of human principals. AI agents add 200–10,000 non-human principals per endpoint. IAM must scale 100-1,000x, support automated identity lifecycle management, and enforce fine-grained policy at sub-second latency.
AI's benefits to defenders are at least equal to its benefits to attackers. Every vendor uses AI to harden products. Defenders can "harden everywhere simultaneously" — a capability attackers cannot match since they must find and exploit individual weaknesses.
Jaffe's argument is probabilistic: with tens of thousands of potential targets, the probability any single organization is targeted is low. As AI-driven defenses harden targets faster, the attacker's search problem becomes harder, not easier.
Four steps: hire engineers for security, invest in AI-driven code review and automated patching, architect agent identity governance now, and treat security policy as code. The CISO's role shifts from risk manager to platform architect.
Application of AI to both offensive and defensive security — encompassing automated threat detection, vulnerability discovery, code review, pen-testing, and policy enforcement.
A unique identity for each AI agent enabling policy-based access control. Extends IAM principles to non-human principals at 100-1,000x scale.
Time between vulnerability introduction and patch deployment. AI-driven review and patching narrow this window by accelerating the resolution cycle.
Transformation of security from human-managed oversight into a software engineering discipline — building platforms, not running playbooks.
Codifying security policies as version-controlled, testable, automatically deployable artifacts — policy treated like infrastructure.
Structured information about threats. AI agents can read, triage, and correlate feeds automatically, reducing manual analyst burden.
A Security Operations Center where AI agents perform detection, triage, verification, and response — humans become platform architects.
AI agent checks if a reported vulnerability is actually exploitable in production by verifying code path reachability — reduces false positives.
Identity and Access Management for Agents — extending IAM to non-human principals with automated lifecycle management at agentic scale.
AI benefits defenders at least as much as attackers — defenders harden everywhere simultaneously; attackers must find individual weaknesses.
Interactive D3.js force-directed graph. Drag nodes to pin, double-click to unpin. Click nodes or edge labels to open entity IRIs in URIBurner.
Graph data embedded from companion RDF at generation time
Query the named graph via the URIBurner SPARQL endpoint.
Query the knowledge graph
SELECT results use text/x-html+tr format; DESCRIBE/CONSTRUCT use text/x-html-nice-turtle. Queries execute against https://linkeddata.uriburner.com/sparql.
Security in the Age of AI Agents: Office Hours with Jonathan Jaffe by Tomasz Tunguz, May 28, 2026
Claude Code with DeepSeek v4 Pro. Linked Data resolved via URIBurner (Virtuoso-backed).
https://linkeddata.uriburner.com/DAV/demos/daas/jaffe-office-hours-security-ai-agents-deepseek_v4pro-1.ttl
Entity IRIs route through URIBurner describe. RDF source: Turtle file.
RDF extracted from https://tomtunguz.com/jonathan-jaffe-office-hours-post-event/ using kg-generator Business & Market Analysis template.
Generated using kg-generator, rdf-infographic-skill via DeepSeek v4 Pro. Linked Data resolved via URIBurner (Virtuoso-backed).