Dan Kennedy

For the love of all that is holy, please before releasing your new acronym on the world, do a quick Internet search.

The preceding message is mostly meant for a certain kind of analyst.

"It's going to get much worse. Just look at generated code, right? I mean, pull requests are getting bigger. The vulnerability mix is changing. It's not going down. How do we deal with that? How do we let people safely generate code from prompts?" said Daniel Kennedy, principal research analyst at 451 Research, part of S&P Global Market Intelligence.

As a solution, he offered a brake metaphor. "A lot of people think brakes are for stopping cars. Brakes allow you to operate faster, and so this entire AI governance field that's developing is going to allow us to safely operate AI in all its forms and draw the benefits from it, and that's really what the entire show floor is about," he said."

https://www.databreachtoday.com/blogs/agentic-ai-uncertainty-dominates-dialog-at-rsac-conference-p-4077

While I’ve been in the trenches for a few decades now, my feed is not one of management advice usually.

But here’s one:

Don’t be the “let’s take this offline” person, when something is getting resolved in real time with a little passion or because you don’t like difficult questions. The ball must move forward.

It’s wildly unimpressive. It’s really bad if everyone then ignores you.

If you want to schedule something in a smaller focused group, say that, in a specific way, with timing.

For the past three years, one of the highlights of my week at #RSAC has been joining @euroinfosec@infosec.exchange in the Information Security Media Group (ISMG) studio to talk about the intersection of my research and the security themes we’re seeing emerge at the conference:

https://www.bankinfosecurity.com/multi-cloud-security-straining-ciso-teams-a-31240

Honestly, in a sea of lame superficial AI labor replacement takes, it was refreshing to see something at #RSAC that drives at an outcome that will actually resonate with SOC folks.

“Christ you’be gotten big, Timmy. What’s that glowing yellow thing that’s hurting my eyes?”

Seen on the floor #RSAC2026, solid NJ band. Fun fact, they used my old basement TV in one of their videos. Well, fun for me anyway…

Let me Delve into this SOC2 report you just sent...

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗳𝗼𝗿 𝗔𝗜 𝗶𝘀 𝗰𝗿𝗲𝗮𝘁𝗶𝗻𝗴 𝗮𝗻 𝗲𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲 𝗽𝗮𝗿𝗮𝗱𝗼𝘅

Three years ago, early generative AI integrations in security operations platforms primarily took the form of chat interfaces within their tooling ecosystem. These interfaces enabled natural language queries, incident summarization and the potential automation of routine investigative tasks. Vendors framed early use cases around the ability to uplevel junior or Tier 1 analysts in security operations centers (SOC). Several years into broader GenAI and agentic integrations, that upskilling narrative appears displaced. Security leaders now report that the primary beneficiaries of AI-assisted workflows are senior analysts rather than junior staff. About 72% of respondents to this study note that senior professionals, who recognize hallucinations in output and can course-correct in prompts, benefit most from leveraging AI integrations. Only 28% believe junior employees derive the primary benefit, generating output with AI they wouldn’t otherwise be able to produce. The implications of this are profound in security and beyond. AI may compress the labor hierarchy by automating tasks that were once performed by trained future experts.

Human intervention in AI technology continues to be necessary for optimal results. The results from our Organizational Behavior 2025 survey are not entirely unexpected: If humans will remain “in the loop” to check the results of AI, it will be seasoned experts, humans who have built up tacit knowledge through thousands of repetitions of the work that AI now performs, who will most readily differentiate correct from incorrect results. Moreover, they can offer course correction and evaluate the results of multiple models to determine the best fit for any task. Research also suggests that giving AI models more sophisticated prompts improves the likelihood or receiving comprehensive and correct results.

AI is already affecting the entry–level hiring market, raising several serious questions. If the lower rungs of career ladders are knocked out by AI taking over tasks that were formative learning opportunities for new employees, what will replace this knowledge-creation activity? Who will be the senior employees to provide the necessary human-in-the-loop functions if people do not have paths to gain that experience? Even major AI developers have begun examining this issue. Research released by Anthropic found that programmers who rely heavily on AI assistance perform significantly worse when later asked to explain or reason about the code produced. That suggests that as automation increases, engineers must retain the ability to detect errors and guide model output. This is a skill that will erode, or may never be built up in the first place, if uncritical over-reliance on AI output becomes the norm.

https://blog.451alliance.com/security-for-ai-is-creating-an-enterprise-paradox/

Next in Tech | Ep. 259: The RSAC Conference – Agents on The Loose.

https://www.spglobal.com/market-intelligence/en/news-insights/podcasts/next-in-tech/next-in-tech-ep-259-the-rsac-conference-agents-on-the-loose

At the airport:

Is this the end of the group 2 line?

“I don’t know, I’m group 5, I just get on whatever line.”
/returns to cell phone call
“So anyway, I got a full scholarship to the best MBA program in the country.”

—-

Provides some idea of how business decisions get made…

And in 'easily predictable outcomes' news, thanks again chainsaw guy, will mop person ever be making an appearance?

https://techcrunch.com/2026/03/10/doge-employee-stole-social-security-data-and-put-it-on-a-thumb-drive-report-says/

@krypt3ia@infosec.exchange It drew me in. The first two episodes, I felt like I was watching someone with a GoPro at a Ren Faire. But the acting, especially the character of Aegon, really landed.

I will confess I was annoyed they strayed from the books in the finale by having Egg sneak off again. Having Maekar, after unintentionally killing his brother and acknowledging the failures in raising his other sons, agree that Aegon could be squire to a hedge knight, and all that entailed, was an important plot point. Now it's a two buddies on the run type thing, instead of a conscious decision.

Plus whenever they stray from the source material in GoT, it gets wacky (even when they have to).

RE: @SheHacksPurple@infosec.exchange

Hoping and vibing isn't a strategy.

@cR0w@infosec.exchange Incredible reference, the ultimate human in the loop, possibly saved the world and there isn't a single statue dedicated to him.

RE: @danielkennedy74@infosec.exchange

Also, it will never be ready for not having a 'human in the loop' when it comes to lethality, and I'm not sure why a whole lot of innocent people will have to die to come to that conclusion.

The script to Terminator isn't a defense plan.

We can just, you know, think ahead, and start writing the mutual arms treaties now.

So again...we're ok with autonomous AI in these scenarios because 'that's what the enemy will do', or the rule of law, or something, even though one of the big AI innovators, maybe the big one when it comes to actual technical chops, says it's definitely not ready for that and he's now unintentionally in a pissing contest with an ex-cable news host?

I mean, you know it's not in his business interest to publicly say it's not ready, and engage in this stand off, and he's worried enough to be doing it anyway.

Just checking...

https://www.newscientist.com/article/2516885-ais-cant-stop-recommending-nuclear-strikes-in-war-game-simulations/