In a recent interview, Apiiro sat down with Thomas Dohmke – former GitHub CEO and now Strategic Advisor to Apiiro – to discuss the impact of AI on software development, and what it specifically means for application security.

From coding on a Commodore 64 to leading one of the world’s most influential developer platforms, Thomas has had a front-row seat to every major shift in software development. And according to him, we’re now entering the most transformative era yet: one where AI is not just assisting developers, it’s generating code at unprecedented scale.

Key Takeaways

AI Is Creating a Sea-Change in Development Velocity

Thomas emphasizes that AI-assisted coding represents a structural shift, not just an incremental improvement.

• Code is being written faster than ever before.
• Developers are more productive.
• Organizations can ship features at unprecedented speed.

But as velocity increases, so does complexity: “The amount of code that’s being generated is increasing dramatically.”

More code means:

• More dependencies
• More APIs
• More integration points
• More potential vulnerabilities

Security teams can’t rely on traditional, reactive models to keep up.

From Reactive Fixes to Preventative Guardrails

Thomas discusses the inefficiency of discovering issues late in runtime, where remediation is slower, more expensive, and more disruptive. In short, prevention must replace reaction. 

• Security needs architectural understanding.
• Risk must be identified as changes happen.
• Guardrails should exist before code is deployed.

“So you have a win-win.” Developers maintain velocity, security ensures meaningful risks don’t reach production, and the business avoids unnecessary friction.

Securing AI Before Code Generation

Safeguarding AI before code generation is the most feasible path to prevention at enterprise scale. AI-generated code introduces new layers of risk:

• Generative AI frameworks embedded in applications
• Sensitive data exposure through prompts or integrations
• Increased attack surface due to rapid architectural changes

“You have to understand your architecture. You need to safeguard AI before code generation.” Thomas underscores that organizations must understand their software architecture deeply enough to secure AI-driven systems proactively, and not just after deployment.

AI Attackers Require AI Guardians

AI-assisted exploitation is real, attack surfaces are expanding, and security must evolve just as fast as development. As attackers increasingly automate reconnaissance and exploitation, security defenses too must become more autonomous, contextual, and proactive.

Thomas envisions the future of application security looking like:

• Security teams orchestrating highly specialized squadrons of AI-powered agents
• Deep code and runtime understanding
• Business-aligned risk prioritization
• Prevention before production

“We are transforming into a model of orchestrating agents; how can we unblock them when they run into issues, and how can we use a Guardian Agent to make sure the code is shipping in a secure way?

The Bottom Line

Software development has entered a new era, and the organizations that will thrive are those that:

• Embrace AI-driven productivity
• Maintain developer velocity
• Embed security before code reaches runtime
• Understand their architecture deeply enough to prevent risk

That’s the vision Thomas Dohmke brings to Apiiro – and the standard modern enterprises must adopt to stay ahead.