Evolve or Be Automated: A Security Veteran's Take on the AI Frontier
Frontier Security Firm/Practitioner
I’ve spent 17 years in cybersecurity. In that time I’ve watched a handful of waves roll through this industry, and every one of them rewarded the people who moved first and quietly punished the ones who waited to be sure.
The shift to cloud did it. SIEM and the move to security operations did it. EDR did it. Zero trust did it. Each time, the same pattern: a new way of working showed up, the people who leaned in early became the ones everyone else called for help, and the people who decided to “see how it plays out” spent the next three years catching up to where the early movers already were.
I’m telling you this one is different. Not because the pattern changed, but because the stakes did.
There’s a frontier opening in AI right now, and frontiers don’t reward spectators. They reward the people who build the ecosystem around them. Over the weekend, Satya Nadella put words on X to something a lot of us have been feeling but couldn’t quite name. His thesis was simple and sharp:
“A frontier without an ecosystem is not stable.”
“Our priority has to be building a frontier ecosystem, not just a frontier model.”
(Source: Satya Nadella on X.)
I read that and immediately thought about us -- the security practitioners, the founders, the people who’ve built careers and companies on protecting things. Because if the durable advantage in AI is the ecosystem and not the model, then the people who secure that ecosystem aren’t a cost center. We’re the load-bearing wall.
This post is really advice to myself. But if you’ve got time in this field, or you’re building a company in it, I think it’s advice for you too.
The line that should keep you up at night
There’s one more thing Satya said that I can’t stop thinking about:
“You can offload a task, or even a job, but you can never offload your learning.”
Sit with that for a second, because it cuts both ways.
The optimistic read: AI can take the tasks off your plate that were never the point anyway. The triage, the correlation, the report-writing, the first-pass investigation. Good. Offload it.
The uncomfortable read: if you offload the task and you offload the learning with it, you’ve made yourself into a thing that got automated. You become a workflow someone else now owns. That’s the real risk in this transition, and it has almost nothing to do with the technology and everything to do with whether you keep growing.
The people who survive this aren’t the ones who resist AI. They’re the ones who use it to compound what they know instead of outsourcing it.
Human capital and token capital -- and why security sits in the middle
The framing in Satya’s post that matters most for us is the relationship between two assets every organization now has to build.
Human capital is the knowledge, judgment, relationships, and pattern recognition of your people. It’s the thing that sets direction, connects domains, and decides what actually matters. In security, this is the analyst who knows that alert is a false positive because she’s seen that exact pattern at this customer fourteen times. You can’t download that.
Token capital is the AI capability an organization builds, owns, evaluates, and improves. It’s the agents, the workflows, the institutional memory turned into systems that get better over time.
Here’s the part most people miss: human capital becomes more valuable as token capital grows, not less. Because somebody has to set the goals, define what good looks like, and decide when the machine is wrong. That somebody is a person with judgment. Often, in our world, that somebody is a security person.
And here’s where we come in specifically. Token capital is dangerous when it’s an unmanaged extraction layer sitting on top of the enterprise -- absorbing data, expertise, and decision logic with no boundaries and no owner. The whole thing only compounds safely if identity, data protection, evals, and governance are built into it from day one.
That’s not a side quest for the security team. That’s the job. The learning loop Satya describes -- people directing work, workflows getting captured, models improving against private evals inside controlled reinforcement environments -- does not hold together without someone securing every link in it.
We are that someone. The question is whether we show up ready.
Why “ecosystem” is the whole argument
It’s worth slowing down on why Satya keeps hammering the ecosystem and not the model, because it’s the load-bearing idea for everything else.
An AI economy where the value concentrates in a handful of general-purpose models is unstable -- economically, politically, and in just about every way that matters to a business. If all the advantage lives in three models you rent, then every company, every industry, every country is renting its own future from someone else. That doesn’t hold. The stable equilibrium is the one where every organization can own the learning loop that encodes its institutional knowledge and compounds its own human and token capital.
Now read that through a security lens. Owning your learning loop is a security problem from top to bottom. It comes down to identity and data and governance, and you cannot own a loop you can’t see or control or audit. Ownership is security. The companies that get to keep their differentiated knowledge are the ones who secured the loop well enough to keep it theirs.
That’s why I think security people are about to matter more than we have in a long time. We’re not the friction in this transition. We’re the thing that makes the durable version of it possible.
What this means for practitioners: be the change agent or become the change
If you’re an individual contributor or a team lead reading this, the move is not to wait for your company to “have an AI strategy.” Most of them don’t yet, and the ones that do are figuring it out in real time. That’s your opening.
Be the person who pushes. Be the one in the room asking how the org is going to govern the agents it’s already quietly deploying. The change agent role is available right now, and it’s going to be filled by someone. It might as well be the person who actually understands the security implications.
Concretely, here are the skills I’m investing in, and the ones I’d tell my younger self to go deep on:
Identity for non-humans. Agents, tools, service principals, managed identities -- every actor in the loop needs least-privileged, auditable access. The hardest identity problem of the next five years isn’t users. It’s everything that isn’t a user.
Data boundaries and institutional memory. Knowledge is becoming queryable. Classification, access control, retrieval governance, and DLP are what keep that from becoming a breach. Learn how Purview-style data protection maps onto AI retrieval, because that’s where the sensitive stuff leaks.
Private evals tied to business outcomes. Public benchmarks tell you nothing about whether your AI handles your confidential content correctly or escalates to a human when it should. Learning to design evals that measure security, compliance, and refusal behavior is a genuinely new and durable skill.
Governance for agentic systems. Agent inventory, tool-access approval, human-in-the-loop thresholds, change control for prompts, decommissioning. This is operational governance, not a policy PDF. Almost nobody is good at it yet. Be early.
Detection and response for the AI control plane. Prompt injection, suspicious tool invocation, data exfiltration through connected systems, policy bypass. Your SOC skills transfer here -- but only if you go learn the new attack surface.
None of these require you to abandon what you know. They build directly on it. That’s the point. You’re not starting over. You’re compounding.
Pick a workflow your team already runs and make yourself the person who owns it end to end -- secured, governed, evaluated. That’s how you turn 17 years of judgment into token capital your organization can’t replace.
What this means for companies: sell the loop, not the model
If you run a security company or a practice, here’s the shift I’d make, and I’d make it this quarter.
Stop letting the customer conversation be “which model should we use?” That question has a short shelf life and almost no margin in it. Models are becoming commodities. They’re portable by design -- and helping customers stay portable, keeping their IP independent of any single provider, is itself part of the value you deliver.
The durable conversation is this one:
“How do we securely compound our people, our workflows, our data, and our AI systems into an advantage we own?”
That’s the loop. And the loop is what you sell.
When you frame it that way, your entire existing capability set suddenly maps to the most strategic problem the customer has. Identity, data governance, compliance, monitoring, incident response -- the work customers already need becomes the foundation of their AI advantage instead of a separate budget line they’re trying to cut.
You stop being the people who lock down the thing after it’s built. You become the trust layer that makes the whole ecosystem safe to build on in the first place. That’s a bigger role and a more durable one, and it’s ours to take if we’re willing to reposition for it.
The honest part
I don’t have all of this figured out. I’ve been working through a lot of this in real time, like everyone else, and some of what I just told you I’m still learning by doing -- securing agentic workflows that didn’t exist eighteen months ago, designing evals I’ve never had to design before, getting some of it wrong and adjusting.
But I’m certain about the shape of it. The advantage in this era is not the model. It’s the secure learning loop you build around it. And the people who understand security are uniquely positioned to build and operate that loop -- if we choose to evolve instead of waiting to be sure.
You can offload the task. You can’t offload the learning. So don’t.
Sell the loop, not the model. Become the person, and the company, that makes AI safe to compound, and you become one of the people who builds the ecosystem on this frontier instead of getting buried under it.
Start with one workflow you can secure end to end this quarter. The early movers are already moving. Go be one of them.