The conversation around AI-generated code has become predictable. Someone posts about shipping faster with AI. The replies pile up: what about security, what about debt, what about quality. These are legitimate concerns. They are also, almost universally, arguments against the wrong target. The problem is not that we are using AI to write code. The problem is that we are using AI on offense only — and the asymmetry is what creates the risk everyone is right to worry about. The fix is symmetric deployment: equal or greater firepower on defense.
I broke this argument into five atomic posts. Read them in any order:
- The Offense-Only Problem — Most developers deploy AI almost exclusively to ship features. The asymmetry is the problem, not the AI.
- Agentic Defense: The Missing Half of the Equation — Vulnerability scans, daily debt PRs, exception-to-fix pipelines, and test agents with permission to execute.
- AI Code Is Not Slop — Humans over-engineer. Humans pick wrong abstractions. The bar is not as high as we pretend.
- Let the Agents Fight Each Other — A coding agent introduces a bug, a testing agent catches it, a debugging agent fixes it. That is a win.
- Where AI Defense Is Headed — Two-thirds of your AI firepower belongs on debt, security, and testing. Build the defensive infrastructure now.
The teams that figure this out first — deploying agentic AI on both sides of the equation — will ship faster AND be more secure than companies clinging to human-only review processes. Not because AI is perfect. Because AI operates continuously, at scale, without getting tired or distracted or taking PTO. Speed is not the enemy of security. Lack of automated defense is.
The alternative — humans moving slowly as the only answer to quality — does not scale. Deep down, everyone knows it does not scale. The companies still pretending otherwise are buying eighteen months of comfort against five years of competitive pressure. Build the defensive infrastructure now, while the patterns are loose enough that you can shape them.
If you are building this, Tembo is free for light use. I'd love to see what defensive agents you stand up.
— Ry
Related Essays
The Offense-Only Problem with AI Coding
Most developers deploy AI almost exclusively to ship features faster. The asymmetry is the problem — not the AI itself.
Agentic Defense: The Missing Half of the Equation
For every unit of AI firepower aimed at building, deploy equal or greater firepower at securing, debugging, and testing. Here is what that looks like.
Where AI Defense Is Headed
Two-thirds of your AI firepower belongs on debt, security, and testing. The teams building defensive infrastructure now will outpace teams that either reject AI or deploy it recklessly.
Key takeaways
- Use AI for defensive work: reviews, tests, security checks.
- Adversarial or multi-agent review surfaces more issues.
- Guardrails are required to avoid noisy AI output.
FAQ
What does 'AI on defense' mean?
Applying AI to find problems, not just generate features. Think reviews, tests, and security checks first.
Does AI defense replace human review?
No—use it to augment and triage before human judgment. Treat it as a noisy scout, not a final gate.