@prefix : . @prefix schema: . @prefix rdf: . @prefix rdfs: . @prefix owl: . @prefix xsd: . @prefix skos: . @prefix prov: . @prefix dct: . # ── Provenance ── :kgGeneratorSkill a schema:SoftwareApplication ; schema:name "kg-generator skill"@en ; schema:url ; schema:description "Knowledge Graph Generator Skill for transforming web content into structured RDF."@en . # ── People ── :tomaszTunguz a schema:Person ; schema:name "Tomasz Tunguz"@en ; schema:jobTitle "General Partner"@en ; schema:worksFor :theoryVentures ; schema:identifier "https://tomtunguz.com" ; rdfs:label "Tomasz Tunguz"@en . :jonathanJaffe a schema:Person ; schema:name "Jonathan Jaffe"@en ; schema:jobTitle "Chief Information Security Officer"@en ; schema:worksFor :lemonade ; rdfs:label "Jonathan Jaffe"@en . # ── Organizations ── :theoryVentures a schema:Organization ; schema:name "Theory Ventures"@en ; schema:description "Early-stage venture capital firm investing in AI, web3, and frontier technologies."@en ; schema:url ; rdfs:label "Theory Ventures"@en . :lemonade a schema:Organization ; schema:name "Lemonade"@en ; schema:description "Digital insurance company leveraging AI and machine learning for policy underwriting and claims."@en ; schema:url ; rdfs:label "Lemonade"@en . # ── Article ── :article a schema:Article ; schema:name "Security in the Age of AI Agents: Office Hours with Jonathan Jaffe"@en ; schema:headline "Security in the Age of AI Agents: Office Hours with Jonathan Jaffe"@en ; schema:author :tomaszTunguz ; schema:datePublished "2026-05-28"^^xsd:date ; schema:publisher :theoryVentures ; schema:articleSection "AI Security"@en, "Enterprise"@en, "Office Hours"@en ; schema:articleBody """When security practitioners become engineers, the mission changes from managing people to architecting the automated policies that govern an agentic world. Jonathan Jaffe, CISO at Lemonade, joined Tomasz Tunguz on Office Hours to discuss what this means for how we build, secure, and operate AI systems when both sides are automated."""@en ; schema:abstract "Jonathan Jaffe, CISO at Lemonade, discusses AI security with Tomasz Tunguz, covering agent identity, security engineering transformation, and automated policy governance."@en ; schema:about :aiSecurity, :agentIdentity, :securityEngineering, :threatIntelligence, :policyGovernance ; schema:hasPart :faqSection, :glossarySection, :howtoSection, :aiSecuritySection, :agentIdentitySection, :securityEngineeringSection, :automationSection, :ontology ; schema:isPartOf ; prov:wasGeneratedBy :kgGeneratorSkill ; rdfs:label "Security in the Age of AI Agents"@en . schema:hasPart :article . # schema:hasPart : # ── Ontology ── :ontology a owl:Ontology ; schema:name "AI Security Concepts Ontology"@en ; schema:description "Lightweight ontology describing concepts related to AI-driven security, agent identity, and automated policy governance."@en ; schema:identifier "https://tomtunguz.com/jonathan-jaffe-office-hours-post-event/" ; rdfs:label "AI Security Concepts Ontology"@en . :AIConcept a owl:Class ; rdfs:label "AI Concept"@en ; rdfs:comment "Abstract concept related to artificial intelligence and security."@en ; rdfs:isDefinedBy :ontology . :SecurityPractice a owl:Class ; rdfs:subClassOf :AIConcept ; rdfs:label "Security Practice"@en ; rdfs:comment "A practice or methodology used in modern security operations."@en ; rdfs:isDefinedBy :ontology . :TechnologyTrend a owl:Class ; rdfs:subClassOf :AIConcept ; rdfs:label "Technology Trend"@en ; rdfs:comment "An emerging trend in technology and security."@en ; rdfs:isDefinedBy :ontology . :hasSecurityImpact a owl:ObjectProperty ; rdfs:label "has security impact"@en ; rdfs:comment "Relates a concept to its impact on security operations."@en ; rdfs:domain :AIConcept ; rdfs:range :SecurityPractice ; rdfs:isDefinedBy :ontology . :requiresAutomation a owl:DatatypeProperty ; rdfs:label "requires automation"@en ; rdfs:comment "Indicates whether a security practice requires automation."@en ; rdfs:domain :SecurityPractice ; rdfs:range xsd:boolean ; rdfs:isDefinedBy :ontology . # ── Core Concepts ── :aiSecurity a :TechnologyTrend ; schema:name "AI Security"@en ; schema:description "The application of artificial intelligence to both offensive and defensive cybersecurity operations."@en ; rdfs:label "AI Security"@en . :agentIdentity a :TechnologyTrend ; schema:name "Agent Identity"@en ; schema:description "The concept that every AI agent operating within a system must have a unique, governable identity for policy enforcement."@en ; rdfs:label "Agent Identity"@en . :securityEngineering a :SecurityPractice ; schema:name "Security Engineering"@en ; schema:description "The transformation of security teams from manual operators into engineers who build automated security systems."@en ; rdfs:label "Security Engineering"@en . :threatIntelligence a :SecurityPractice ; schema:name "Threat Intelligence"@en ; schema:description "The collection and analysis of information about emerging threats to inform defensive strategies."@en ; rdfs:label "Threat Intelligence"@en . :policyGovernance a :SecurityPractice ; schema:name "Policy Governance"@en ; schema:description "The framework of rules and controls applied to AI agents at the point of action."@en ; rdfs:label "Policy Governance"@en . :windowOfExploitability a :TechnologyTrend ; schema:name "Window of Exploitability"@en ; schema:description "The period during which a vulnerability can be exploited before it is patched or mitigated."@en ; rdfs:label "Window of Exploitability"@en . :automationScale a :TechnologyTrend ; schema:name "Automation at Scale"@en ; schema:description "The use of automated systems to handle security operations at volumes impossible for human teams."@en ; rdfs:label "Automation at Scale"@en . # ── Article Sections ── :aiSecuritySection a schema:ArticleSection ; schema:name "AI for Defenders and Attackers"@en ; schema:articleBody """AI is just as powerful for defenders as it is for attackers. The fear narrative underestimates this fact. Defenders harden everywhere, simultaneously, because every vendor in the stack is also racing to ship improvements. The chances that any single organization will be one of the tens of thousands of attack targets is small, and all vendors that organizations use will also have access to AI to improve their services."""@en ; schema:about :aiSecurity ; schema:isPartOf :article ; rdfs:label "AI for Defenders and Attackers"@en . :article schema:hasPart :aiSecuritySection . :agentIdentitySection a schema:ArticleSection ; schema:name "Every Agent Needs an Identity"@en ; schema:articleBody """On a single endpoint, we could be running 200 or 10,000 agents, but each one of them needs to be numbered and then governed by policy at the point of action. Every agent needs to have an identity, and more than that, you need a way to control policy for all of these agents in a much more complex way than current identity and access management systems do."""@en ; schema:about :agentIdentity, :policyGovernance ; schema:isPartOf :article ; rdfs:label "Every Agent Needs an Identity"@en . :article schema:hasPart :agentIdentitySection . :securityEngineeringSection a schema:ArticleSection ; schema:name "Security Teams as Engineering Teams"@en ; schema:articleBody """Security teams are becoming engineering teams. At Lemonade, every security person is an engineer. They built their own AI platform with agents on top of it. One agent reads threat intel. Another checks whether the vulnerable method is actually called in production code. Automation is the only way you can deal with the scale of what is coming at us now."""@en ; schema:about :securityEngineering, :automationScale ; schema:isPartOf :article ; rdfs:label "Security Teams as Engineering Teams"@en . :article schema:hasPart :securityEngineeringSection . :automationSection a schema:ArticleSection ; schema:name "The Narrowing Window of Exploitability"@en ; schema:articleBody """The window of exploitability is narrowing. Yes, AI will write more vulnerable code. But AI-written code also gets reviewed, pen-tested, and patched faster than any human pipeline. Plus, the total number of bugs within a particular piece of software is finite. As the velocity of solving or resolving bugs increases, software will become far more resilient. Modern agentic security engineering is rapidly transforming, and we should expect to see significantly hardened systems as a result."""@en ; schema:about :windowOfExploitability, :automationScale ; schema:isPartOf :article ; rdfs:label "The Narrowing Window of Exploitability"@en . :article schema:hasPart :automationSection . # ── FAQ ── :faqSection a schema:FAQPage ; schema:name "Frequently Asked Questions"@en ; schema:mainEntity :q1, :q2, :q3, :q4, :q5, :q6, :q7, :q8, :q9, :q10, :q11, :q12 ; schema:isPartOf :article ; rdfs:label "FAQ"@en . :article schema:hasPart :faqSection . :q1 a schema:Question ; schema:name "What is the main theme of the office hours discussion?"@en ; schema:text "What is the main theme of the office hours discussion?"@en ; schema:acceptedAnswer :a1 ; schema:isPartOf :faqSection ; rdfs:label "Q1: Main theme"@en . :faqSection schema:hasPart :q1 . :a1 a schema:Answer ; schema:text "The main theme is the transformation of security operations in the age of AI agents, focusing on how security teams must evolve into engineering teams that architect automated policies governing agentic systems."@en ; schema:isPartOf :faqSection ; rdfs:label "A1: Main theme"@en . :q2 a schema:Question ; schema:name "How does AI empower security defenders?"@en ; schema:text "How does AI empower security defenders?"@en ; schema:acceptedAnswer :a2 ; schema:isPartOf :faqSection ; rdfs:label "Q2: AI for defenders"@en . :faqSection schema:hasPart :q2 . :a2 a schema:Answer ; schema:text "AI empowers defenders by enabling them to harden systems everywhere simultaneously. Every vendor in the technology stack is racing to ship AI-driven improvements, which means defensive capabilities improve across the entire ecosystem, not just within a single organization."@en ; schema:isPartOf :faqSection ; rdfs:label "A2: AI for defenders"@en . :q3 a schema:Question ; schema:name "What does it mean for security teams to become engineering teams?"@en ; schema:text "What does it mean for security teams to become engineering teams?"@en ; schema:acceptedAnswer :a3 ; schema:isPartOf :faqSection ; rdfs:label "Q3: Security as engineering"@en . :faqSection schema:hasPart :q3 . :a3 a schema:Answer ; schema:text "It means the mission changes from managing people to architecting automated policies. At Lemonade, every security person is an engineer who builds systems, including an internal AI platform with specialized agents on top of it."@en ; schema:isPartOf :faqSection ; rdfs:label "A3: Security as engineering"@en . :q4 a schema:Question ; schema:name "Why does every AI agent need an identity?"@en ; schema:text "Why does every AI agent need an identity?"@en ; schema:acceptedAnswer :a4 ; schema:isPartOf :faqSection ; rdfs:label "Q4: Agent identity"@en . :faqSection schema:hasPart :q4 . :a4 a schema:Answer ; schema:text "Because on a single endpoint there could be running 200 or 10,000 agents, and each one needs to be numbered and governed by policy at the point of action. Identity is the foundation for policy enforcement in agentic systems."@en ; schema:isPartOf :faqSection ; rdfs:label "A4: Agent identity"@en . :q5 a schema:Question ; schema:name "What is the window of exploitability?"@en ; schema:text "What is the window of exploitability?"@en ; schema:acceptedAnswer :a5 ; schema:isPartOf :faqSection ; rdfs:label "Q5: Window of exploitability"@en . :faqSection schema:hasPart :q5 . :a5 a schema:Answer ; schema:text "The window of exploitability is the period during which a vulnerability can be exploited before it is patched. AI is narrowing this window because AI-written code gets reviewed, pen-tested, and patched faster than traditional human pipelines."@en ; schema:isPartOf :faqSection ; rdfs:label "A5: Window of exploitability"@en . :q6 a schema:Question ; schema:name "How does AI affect the speed of vulnerability patching?"@en ; schema:text "How does AI affect the speed of vulnerability patching?"@en ; schema:acceptedAnswer :a6 ; schema:isPartOf :faqSection ; rdfs:label "Q6: AI patching speed"@en . :faqSection schema:hasPart :q6 . :a6 a schema:Answer ; schema:text "AI-written code gets reviewed, pen-tested, and patched faster than any human pipeline. As the velocity of resolving bugs increases, the total number of bugs within a particular piece of software becomes finite and manageable, making software far more resilient."@en ; schema:isPartOf :faqSection ; rdfs:label "A6: AI patching speed"@en . :q7 a schema:Question ; schema:name "What role does automation play in modern security?"@en ; schema:text "What role does automation play in modern security?"@en ; schema:acceptedAnswer :a7 ; schema:isPartOf :faqSection ; rdfs:label "Q7: Automation role"@en . :faqSection schema:hasPart :q7 . :a7 a schema:Answer ; schema:text "Automation is the only way to deal with the scale of modern threats. Human teams cannot manually process the volume of data, threats, and systems requiring protection, so automated agents and policies are essential."@en ; schema:isPartOf :faqSection ; rdfs:label "A7: Automation role"@en . :q8 a schema:Question ; schema:name "How many agents might run on a single endpoint?"@en ; schema:text "How many agents might run on a single endpoint?"@en ; schema:acceptedAnswer :a8 ; schema:isPartOf :faqSection ; rdfs:label "Q8: Agents per endpoint"@en . :faqSection schema:hasPart :q8 . :a8 a schema:Answer ; schema:text "On a single endpoint, an organization could be running anywhere from 200 to 10,000 agents. Each of these agents needs a unique identity and policy governance at the point of action."@en ; schema:isPartOf :faqSection ; rdfs:label "A8: Agents per endpoint"@en . :q9 a schema:Question ; schema:name "What is policy governance in the context of AI agents?"@en ; schema:text "What is policy governance in the context of AI agents?"@en ; schema:acceptedAnswer :a9 ; schema:isPartOf :faqSection ; rdfs:label "Q9: Policy governance"@en . :faqSection schema:hasPart :q9 . :a9 a schema:Answer ; schema:text "Policy governance in the context of AI agents means establishing rules and controls that are enforced at the point of action for every agent. This requires a much more complex approach than current identity and access management systems provide."@en ; schema:isPartOf :faqSection ; rdfs:label "A9: Policy governance"@en . :q10 a schema:Question ; schema:name "How does threat intelligence factor into agentic security?"@en ; schema:text "How does threat intelligence factor into agentic security?"@en ; schema:acceptedAnswer :a10 ; schema:isPartOf :faqSection ; rdfs:label "Q10: Threat intelligence"@en . :faqSection schema:hasPart :q10 . :a10 a schema:Answer ; schema:text "At Lemonade, one agent reads threat intelligence continuously. This allows the security team to stay current on emerging threats without manual monitoring, and the intelligence feeds directly into automated defensive actions."@en ; schema:isPartOf :faqSection ; rdfs:label "A10: Threat intelligence"@en . :q11 a schema:Question ; schema:name "What makes Jonathan Jaffe's approach at Lemonade unique?"@en ; schema:text "What makes Jonathan Jaffe's approach at Lemonade unique?"@en ; schema:acceptedAnswer :a11 ; schema:isPartOf :faqSection ; rdfs:label "Q11: Jaffe's approach"@en . :faqSection schema:hasPart :q11 . :a11 a schema:Answer ; schema:text "Jonathan Jaffe's approach is unique because at Lemonade every security person is an engineer. They built their own internal AI platform with specialized agents, including one that reads threat intel and another that checks whether vulnerable methods are actually called in production code."@en ; schema:isPartOf :faqSection ; rdfs:label "A11: Jaffe's approach"@en . :q12 a schema:Question ; schema:name "What is the future outlook for security professionals?"@en ; schema:text "What is the future outlook for security professionals?"@en ; schema:acceptedAnswer :a12 ; schema:isPartOf :faqSection ; rdfs:label "Q12: Future outlook"@en . :faqSection schema:hasPart :q12 . :a12 a schema:Answer ; schema:text "The future is bright for security professionals. Modern agentic security engineering is rapidly transforming, and we should expect to see significantly hardened systems as a result. Security professionals who embrace engineering and automation will be at the forefront of this transformation."@en ; schema:isPartOf :faqSection ; rdfs:label "A12: Future outlook"@en . # ── Glossary ── :glossarySection a schema:DefinedTermSet ; schema:name "Glossary"@en ; schema:hasDefinedTerm :termAgentIdentity, :termAgenticSecurity, :termThreatIntelligence, :termWindowOfExploitability, :termPolicyGovernance, :termSecurityEngineering, :termAIDefender, :termAIAttacker, :termAutomation, :termEndpointSecurity ; schema:isPartOf :article ; rdfs:label "Glossary"@en . :article schema:hasPart :glossarySection . :termAgentIdentity a schema:DefinedTerm ; schema:name "Agent Identity"@en ; schema:description "The unique, governable identity assigned to every AI agent operating within a system, enabling policy enforcement at the point of action."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "Agent Identity"@en . :glossarySection schema:hasDefinedTerm :termAgentIdentity . :termAgenticSecurity a schema:DefinedTerm ; schema:name "Agentic Security"@en ; schema:description "Security paradigms built around autonomous AI agents that perform defensive and monitoring tasks without constant human oversight."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "Agentic Security"@en . :glossarySection schema:hasDefinedTerm :termAgenticSecurity . :termThreatIntelligence a schema:DefinedTerm ; schema:name "Threat Intelligence"@en ; schema:description "Information about emerging threats and attack patterns collected and analyzed to inform defensive security strategies."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "Threat Intelligence"@en . :glossarySection schema:hasDefinedTerm :termThreatIntelligence . :termWindowOfExploitability a schema:DefinedTerm ; schema:name "Window of Exploitability"@en ; schema:description "The period between when a vulnerability is discovered and when it is patched, during which attackers can exploit it."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "Window of Exploitability"@en . :glossarySection schema:hasDefinedTerm :termWindowOfExploitability . :termPolicyGovernance a schema:DefinedTerm ; schema:name "Policy Governance"@en ; schema:description "The framework of rules, controls, and enforcement mechanisms applied to AI agents at the point of action."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "Policy Governance"@en . :glossarySection schema:hasDefinedTerm :termPolicyGovernance . :termSecurityEngineering a schema:DefinedTerm ; schema:name "Security Engineering"@en ; schema:description "The discipline of building automated systems and architectures to defend against threats, rather than relying solely on manual processes and human operators."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "Security Engineering"@en . :glossarySection schema:hasDefinedTerm :termSecurityEngineering . :termAIDefender a schema:DefinedTerm ; schema:name "AI Defender"@en ; schema:description "An artificial intelligence system or agent used to detect, prevent, or respond to security threats and vulnerabilities."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "AI Defender"@en . :glossarySection schema:hasDefinedTerm :termAIDefender . :termAIAttacker a schema:DefinedTerm ; schema:name "AI Attacker"@en ; schema:description "An artificial intelligence system or agent used by malicious actors to discover and exploit vulnerabilities in target systems."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "AI Attacker"@en . :glossarySection schema:hasDefinedTerm :termAIAttacker . :termAutomation a schema:DefinedTerm ; schema:name "Automation"@en ; schema:description "The use of technology to perform security tasks with minimal human intervention, essential for handling modern threat volumes."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "Automation"@en . :glossarySection schema:hasDefinedTerm :termAutomation . :termEndpointSecurity a schema:DefinedTerm ; schema:name "Endpoint Security"@en ; schema:description "The protection of individual devices and endpoints from threats, increasingly complicated by the presence of thousands of AI agents per device."@en ; schema:inDefinedTermSet :glossarySection ; rdfs:label "Endpoint Security"@en . :glossarySection schema:hasDefinedTerm :termEndpointSecurity . # ── HowTo ── :howtoSection a schema:HowTo ; schema:name "How to Build an Agentic Security Operations Model"@en ; schema:description "A step-by-step guide for transforming security operations using AI agents and automated policy governance."@en ; schema:step :step1, :step2, :step3, :step4, :step5, :step6, :step7 ; schema:isPartOf :article ; rdfs:label "HowTo: Agentic Security Operations"@en . :article schema:hasPart :howtoSection . :step1 a schema:HowToStep ; schema:name "Build an Internal AI Security Platform"@en ; schema:text "Construct an internal AI platform that serves as the foundation for deploying specialized security agents. This platform should integrate with existing infrastructure and provide APIs for agent orchestration."@en ; schema:position 1 ; schema:isPartOf :howtoSection ; rdfs:label "Step 1: Build Platform"@en . :howtoSection schema:hasPart :step1 . :step2 a schema:HowToStep ; schema:name "Deploy Threat Intelligence Reading Agents"@en ; schema:text "Deploy agents that continuously ingest and analyze threat intelligence feeds. These agents should automatically correlate threats with your technology stack and alert on relevant risks."@en ; schema:position 2 ; schema:isPartOf :howtoSection ; rdfs:label "Step 2: Deploy Threat Intel Agents"@en . :howtoSection schema:hasPart :step2 . :step3 a schema:HowToStep ; schema:name "Create Production Code Vulnerability Checkers"@en ; schema:text "Build agents that analyze production code to determine whether vulnerable methods are actually called in runtime. This reduces false positives and prioritizes real risks."@en ; schema:position 3 ; schema:isPartOf :howtoSection ; rdfs:label "Step 3: Code Vulnerability Checkers"@en . :howtoSection schema:hasPart :step3 . :step4 a schema:HowToStep ; schema:name "Implement Agent Identity Numbering"@en ; schema:text "Establish a unique identity system for every agent. Each agent must be numbered and registered so that policy can be enforced at the point of action, regardless of scale."@en ; schema:position 4 ; schema:isPartOf :howtoSection ; rdfs:label "Step 4: Agent Identity"@en . :howtoSection schema:hasPart :step4 . :step5 a schema:HowToStep ; schema:name "Establish Policy Governance at Point of Action"@en ; schema:text "Design policy controls that are enforced when agents take action. This requires a more complex approach than traditional identity and access management, with real-time decision making."@en ; schema:position 5 ; schema:isPartOf :howtoSection ; rdfs:label "Step 5: Policy Governance"@en . :howtoSection schema:hasPart :step5 . :step6 a schema:HowToStep ; schema:name "Measure and Track Automation Coverage"@en ; schema:text "Implement metrics to track which security processes are automated and which still require manual intervention. Aim for increasing automation coverage over time."@en ; schema:position 6 ; schema:isPartOf :howtoSection ; rdfs:label "Step 6: Measure Coverage"@en . :howtoSection schema:hasPart :step6 . :step7 a schema:HowToStep ; schema:name "Iterate on Agent Capabilities Continuously"@en ; schema:text "Security threats evolve rapidly. Continuously iterate on agent capabilities, adding new detection methods, response playbooks, and integration points as the threat landscape changes."@en ; schema:position 7 ; schema:isPartOf :howtoSection ; rdfs:label "Step 7: Iterate Continuously"@en . :howtoSection schema:hasPart :step7 . # ── Related Links ── :article schema:relatedLink , , , , ; schema:about , , , . :article owl:sameAs , , , . # ── End of Document ──