There is a philosophical objection some people raise about defensive agents. Won't this just create an endless loop of AI making problems and AI fixing them? My response: yes, and let them. Let the agents fight each other rather than the developers.
If an AI coding agent introduces a subtle bug, and an AI testing agent catches it, and an AI debugging agent files the fix — that is a win. The code got better. The developer's time was preserved for higher-level decisions. The accounting only looks bad if you confuse work done with work that mattered. Most of the busywork in software was never the right place for human attention in the first place.
This reframes the security question that sits underneath all the skepticism. Is the only answer to security "humans moving slowly?" The honest answer is no. Speed is not the enemy of security. Lack of automated defense is the enemy of security. A team running continuous adversarial scans across every PR will find more issues, faster, than a team relying on a quarterly human review. Not because AI is brilliant. Because it operates continuously, at scale, without getting tired or distracted or taking PTO.
The companies that figure this out first — deploying agentic AI on both sides of the equation — will ship faster and be more secure than companies clinging to human-only review processes. Both at once. The trade-off everyone assumed was real turns out to be a tooling gap.
I've argued elsewhere that agentic defense is the missing half of the equation and that the slop framing is mostly status anxiety. Once you accept that agents can review agents, the security debate stops being a debate and starts being a build order.
— Ry
Sources
Related Essays
Agentic Defense: The Missing Half of the Equation
For every unit of AI firepower aimed at building, deploy equal or greater firepower at securing, debugging, and testing. Here is what that looks like.
Where AI Defense Is Headed
Two-thirds of your AI firepower belongs on debt, security, and testing. The teams building defensive infrastructure now will outpace teams that either reject AI or deploy it recklessly.
Put AI on Defense, Not Just Offense
Most developers use AI only to write code. The real opportunity is using AI to secure, debug, and test—deploying equal firepower on defense.
Key takeaways
- The "agents creating problems for agents to fix" objection is a feature, not a bug.
- Adversarial multi-agent loops surface more issues than single-agent review.
- Speed is not the enemy of security. Lack of automated defense is.
FAQ
Does agent-vs-agent review just create busywork?
Only if you measure work done instead of work that mattered. A bug caught in a multi-agent loop is one a developer never had to spend time on. The goal is preserving human attention for higher-stakes decisions.
Is the only answer to security humans moving slowly?
No. Speed is not the enemy of security — lack of automated defense is. Continuous adversarial scanning beats periodic human review on every axis that matters: coverage, latency, consistency.