AI Cyber Security: Agents Cause Problems, Agents Fix Them

Key Takeaways

• AI agents will produce a vastly larger volume of code than humans can review, inherently introducing new security vulnerabilities.
• Offensive AI will accelerate the discovery and exploitation of these vulnerabilities, escalating cyber threats at an unprecedented pace.
• The only viable defense against AI-caused security problems will be 'agentic security,' where AI agents themselves identify and neutralize threats.
• This dynamic guarantees a significant investment boom in new security solutions built specifically for AI-generated risks.

The AI Security Paradox

Aaron Levie, CEO of Box, lays out a blunt new reality for software builders: AI, while a powerful accelerator, creates its own security nightmare. The core problem isn't just one new threat, but a systemic shift in how vulnerabilities appear and how quickly they are exploited.

First, there's the sheer output. Generative AI can write code at a pace no human team can match for review. Levie points out, “If you can generate code you have two problems. One you're going to generate way more code than anybody's ability to review that code.”▶ 19:29 Every AI-generated feature, every line, has the potential to introduce a flaw. An agent might, for instance, accidentally “open up that port in the system because we need to do something and maybe that was the wrong decision for the agent to go and do,”▶ 20:21 as Levie explains. This creates a vast, sprawling attack surface.

Second, offensive AI agents will excel at finding these flaws. While defensive teams struggle to review the volume, malicious AI will rapidly scan and discover exploits. This combination means more vulnerabilities are created, and they are found faster than ever before. Harry Stebbings echoes a common sentiment, noting that some predict this will be “the golden age for cyber security because the security threats are going through the roof.”▶ 19:07

Agents as Their Own Cure

Levie's central claim isn't just about the problem; it's about the inescapable solution. He states, “You actually have two new forms of risk in the development process and you only have one benefit which is agents can also review the code and and try and keep it secure.”▶ 20:49 The logical endpoint? AI agents must become the primary defense against the problems they cause.

This isn't optional or a preference. It's a necessity. Traditional human-driven security models cannot scale to match AI's pace, either in code generation or exploit discovery. “For better or worse, agents are the solution to the problem that agents have caused,”▶ 21:03 Levie says. This creates a new market, a new mandate for security innovation. Expect big money to flow into "agentic security" as companies realize the only way to fight fire with fire is to build better fire.

What to Do With This

If you're building software with AI assistance today, allocate a distinct engineering budget line item for 'AI-native security reviews' next quarter. Experiment with early agent-powered scanning tools or assign a small team to research how AI agents can act as automated security gatekeepers for your AI-generated code. If you're a founder looking for a startup idea, map the current enterprise security stack against the specific 'agent-caused problems' Levie mentions – the volume of code and rapid exploit generation – and identify the biggest gaps that only an AI-powered agent can fill. The market for security solutions that understand and counter AI's specific threat vectors is just beginning.