There’s an old metaphor about a frog in slowly boiling water: the temperature rises so gradually that the frog never notices the danger. That could describe the state of modern software development. The water is AI-generated code. Application Security is the frog. And someone just cranked up the heat.
Who turned up the heat? Mythos, Anthropic’s tectonic leap forward in bug detection. The new Claude model has astounding implications for enterprise security. Of the vulnerabilities Mythos has found so far, 99% haven’t been patched, according to Gartner.
That stat came to life at the Gartner® Security and Risk Management Summit last week, where a show of hands in a room of roughly 300 security professionals revealed that barely ten had met a 30-day critical patch SLA. Almost none had hit 7 days. All this while Mythos can generate working CVE exploits in 10–15 minutes, at less than $1 per exploit.
The reaction in the room said it all: every LLM is a potential attack surface. Mythos has made the tech debt bill come due, by surfacing a massive backlog of findings that can no longer be deferred.
It’s never been faster, cheaper, or easier to do bad things in the digital world. The time to patch is now.
The Call is Coming from Inside the Code!
Humans aren’t the only ones who can wreak havoc with AI, as I learned from another Gartner session. The most dangerous thing an AI agent does might not be what an attacker tells it to do. It might be what it decides to do on its own.
One researcher shared two sobering examples. In the first, an autonomous agent started deleting a director’s emails unprompted and kept going even after being told to stop. She had to physically unplug the machine. In the second, a company lost its entire production database in nine seconds. It wasn’t a human attacker, but to a coding agent “helpfully” searching for an API key that stumbled into a destructive command and crashed the platform.
Unsettling? Yes. Also, exactly the wake-up call the industry needs to stop treating security as a checkpoint and start treating it as infrastructure.
Security as Infrastructure, Not Afterthought
The rapidly evolving threat landscape demands a fundamentally different approach. Organizations large and small must stop treating security as a gate at the end of the pipeline and start embedding it into every phase of development. That means collapsing raw findings into actionable signal, building remediation directly into developer workflows, and maintaining visibility across every layer of the software supply chain.
Discovery is table stakes now. Remediation at scale is the true measure of success. CISOs need to stop counting vulnerabilities found and start tracking how fast they fix them.
Because in a world where exploits can be generated in minutes for less than a dollar, the backlog IS the breach.
It starts with the developer.
In my talk at this week’s Summit, “When Code Secures Itself: The Rise of Agentic AI in Application Security,” I outlined four control points across the AI development lifecycle and a simple, uncomfortable truth: the cost of fixing a vulnerability rises roughly 10x at every stage you wait.
The first control point is the IDE, where AI-generated code is being written. This is where intervention is cheapest, where you have full application context, and where real-time assessment can catch issues before they ever leave the developer’s screen.
The second is the build and CI/CD pipeline, where hybrid deterministic and AI-powered scanning can handle the sheer volume of findings and triage them by real exploitability — not just raw count.
The third is the AI supply chain itself: MCP servers, agent frameworks, foundation model SDKs, and fine-tuning pipelines, all of which require deterministic discovery from outside the model.
And the fourth is runtime, where dynamic testing extended for AI workloads and application security posture management tie findings back to business context and close the feedback loop.
So catching a vulnerability in the IDE is roughly 10x cheaper than catching it in the build, 100x cheaper than in the supply chain, and 1,000x cheaper than in runtime/production.
But here’s the harsh reality: only about one in five developers actually embed security at the point of code creation. We know this from the 2,350 AppSec professionals in 14 countries we surveyed for our most recent Future of Application Security Report.
More than 80% of AppSec is conducted at defined stages after the code already exists, or worse, reactively once incidents surface. Flaws caught late are flaws that can be exploited. Flaws that can be thousands of times more expensive to fix.
Cast Wide, Fix Fast, Trust Nothing
The future of application security is about casting the widest net possible: probabilistic, deterministic, agentic, and independent capabilities, all working together. These are the principles we’ve built into the Checkmarx platform, informed by two decades of protecting enterprise code and scanning trillions of lines of it. In my talk at the Summit, I outlined what we at Checkmarx see as the non-negotiables:
- The benefits of hybrid scanning. Deterministic precision combined with AI-augmented reasoning — known patterns and novel zero-days, not one or the other.
- Importance of prioritization by attackability. Performance is measured by ranking findings by real-world exploitability, not raw severity scores. Fix what matters first.
- AI supply chain visibility is critical. MCP servers, agent frameworks, model SDKs, fine-tuning pipelines, all need to be governed from outside the model, because the student should never grade their own exam.
- Enterprise-scale governance is mandatory. Barely one in five companies even have formal AI governance (another concerning stat from our Future of Application Security Report.) Organizations need policy management and guardrails that scale across organizations, not just individual developers.
-
Humans in the loop, always. AI handles the volume and velocity. Real experts stay in control with full oversight, policy enforcement, and audit-ready reporting.
Let’s Jump Before the Water Boils
The agents are already here, writing code and taking actions at a speed no human team can manually oversee. The question isn’t whether you need agentic security — it’s whether you’ll have it before the next nine-second disaster.
The water is getting hotter. The frog that survives is the one that feels the temperature and jumps before it’s too late.