Live From Davos: The End of Human-Speed Security
January 20, 2026
0 mins readThis week, I am joining global policymakers and innovators in Davos for the World Economic Forum. The theme for 2026 is "A Spirit of Dialogue", a recognition that our toughest challenges require shared understanding and cooperation.
As we gather to discuss the future of the global economy, we have an opportunity to lead an urgent conversation. It centers on the reality of artificial intelligence (AI), not the hype about what it might do, but on what it is already doing in our enterprises.
To drive this dialogue, Snyk is launching our new report today: The End of Human-Speed Security: Defense in the Age of AI Agents. The data confirms that we have crossed a critical threshold. We are no longer just using AI as a tool; we are working alongside AI as an autonomous actor. Our defense strategies must evolve to match this new pace.
The new reality: The quasi-autonomous enterprise
For the last year, the board-level conversation has focused on productivity. But our data reveals a shift that most organizations have not fully reckoned with. 50% of security leaders report that AI is already operating as a quasi-autonomous agent within their environments.
This data point stops us in our tracks. We aren't just talking about chatbots answering queries anymore. We are talking about systems that act, decide, and execute without direct human intervention. When half the industry admits their AI has agency, the old model of "human-speed" security–manual reviews, ticket queues, and quarterly audits– is ready for an upgrade.
The weaponization of AI is here
This shift isn't just operational; it is adversarial. The recent reports of state-backed hackers using AI models to automate sophisticated campaigns against Anthropic underscore the urgent call to action we have been sounding for months.
When attackers can automate 80% to 90% of an entire campaign, the fundamental nature of cyber risk shifts. It moves from human-driven operations to nearly autonomous attacks that deliver unprecedented scale and speed. This incident is the definitive proof point that the time for reactive security is over.
Our report confirms that this fear is widespread across the industry. We found that 69% of security leaders are concerned about attackers using generative AI to automate cyberattacks, and 52% believe a material AI-related incident is likely within two years.
The threat is no longer looming; it is upon us. We are at a critical juncture where we cannot afford to drag our feet. No AI tool, whether open source or commercial, should run without built-in, independent security guardrails.
The visibility crisis
One of the key topics I am raising with peers in Davos is the “visibility gap.” Many leaders believe they have a clear view of how AI is being adopted across their organizations – but in reality, that view is often incomplete.
AI rarely enters an enterprise through a single, centrally governed effort. It shows up quietly in third-party tools, open source libraries, and services teams adopt them to move quickly. As a result, much of an organization’s AI footprint exists outside the systems that are actively monitored or controlled.
The result is a familiar risk. Organizations focus on securing what they build in-house, while exposure grows through dependencies they did not create or fully understand. When AI enters this way, threats do not come through the front door. They arrive through places no one thought to watch.
A call for standards: The industry mandate
This shift to machine-speed operations is too large for any single company to solve on its own. It requires the "Spirit of Dialogue" that Davos champions–specifically between the private sector and regulators.
The industry is ready for this. Our report found that 97% of leaders believe regulators are required to mandate minimum security standards for AI. This isn't a plea for red tape; it is a plea for a shared baseline of trust. A regulatory floor will enable innovation to scale safely.
Three takeaways for leaders
As I speak with fellow leaders here in Switzerland, my message is that we must pivot now. We cannot wait for legislation to catch up to technology.
1. Acknowledge the "readiness gap"
There is a widening gap between the speed of AI adoption and the maturity of our defenses. As we see with the Anthropic attack, adversaries are already operating at machine speed. We must close this gap by integrating security checks across the entire lifecycle–design, code, and deployment.
2. Shift from "paper shields" to technical governance
Currently, 27% of leaders admit to a "rubber stamp" approach for new AI features with minimal review. In an era of autonomous agents, policy documents are not firewalls. Effective governance is hard-coded into our pipelines to inspect agentic behavior in real time.
3. Begin investing in a unified security platform
Point solutions and fragmented tools will not scale to meet the challenge of the agentic enterprise. Leaders should start taking concrete steps toward a holistic, comprehensive security platform–one with the fidelity to secure AI across code, dependencies, containers, and runtime. The organizations that move first to consolidate their security posture will be best positioned to innovate safely as AI capabilities accelerate.
The path forward
The findings in The End of Human-Speed Security: Defense in the Age of AI Agents are a wake-up call, but they are also an opportunity. The goal is not to slow down innovation, but to scale with trust.
The defining question for leadership in 2026 is no longer, "Are we using AI?" It is, "Can our security systems operate as autonomously and as fast as the AI we deploy?"I look forward to continuing the discussion here in Davos.
Explore the data behind the shift to machine-speed risk and what it means for your security strategy. Read the full report, "The End of Human-Speed Security: Defense in the Age of AI Agents", to see why leaders must act now.
Compete in Fetch the Flag 2026!
Test your security skills in our Capture the Flag event, February 12–13, 12 PM ET to 12 PM ET.
