How Agentic AI Could Transform Product Security

Have you ever sat in a meeting feeling ‘this could have been an email exchange’? Or wished that someone else could be in the meeting while you worked on something productive? We’ve all been there.

In the 1930s, economist Ronald Coase asked why firms exist at all. If markets efficiently coordinate freelancers and short-term contracts, why organize into companies? His answer: transaction costs. Every hiring decision, contract negotiation, or dispute resolution adds friction and cost. Firms reduce these costs by internalizing transactions.

But here’s the irony: modern firms still suffer from massive internal transaction costs. The scale is staggering—Americans hold approximately 55 million meetings weekly, totaling more than 1 billion annually. Organizations dedicate roughly 15% of their collective time to meetings, yet 71% of these gatherings are considered unproductive. The financial impact? An estimated $37 billion lost yearly to ineffective meetings, with workers wasting an average of 31 hours monthly in sessions that accomplish little. Add: the cross-departmental tensions, trust issues, and communication overhead.

The Dev-Sec Tension: A Case Study in Organizational Friction

A security leader had this tale of woe. The security team flagged 37 “critical vulnerabilities” in a new product release. The development team dismissed most as false positives or theoretical concerns. What followed was predictable: three 90-minute meetings, heated exchanges about threat models, and ultimately delayed deployment. Neither team was wrong—they simply operated from different incentive structures and risk frameworks. At my last job, I even ran both security and dev briefly - and still couldn’t get effective coordination. If you dig deeper, beyond misaligned incentives:

• The security team doesn’t deeply understand the product, its business logic, or runtime architecture. Result: Their triage feels theoretical, lacking context. Developers see this as irrelevant noise
• Devs have seen too many low-quality or false-positive reports. Result: Even real risks are ignored
• Security cares about CVSS or policy; devs care about user experience and ship date
• Devs feel criticized; security feels ignored
• Each team disbelieves each other’s competence
• Triage and remediation require repeated back and forth communication

Now imagine an alternative: AI agents representing each department’s interests, but designed to collaborate rather than compete. The development agent understands code architecture, delivery timelines, and business priorities. The security agent knows compliance requirements, threat landscapes, and risk frameworks. Instead of humans spending hours in contentious meetings, these agents rapidly identify true vulnerabilities, negotiate reasonable mitigations, and reach consensus—all while maintaining an immutable audit trail of their reasoning.

This isn’t science fiction. Today’s large language models can already analyze code for security flaws, understand business constraints, and generate compromise solutions. The missing piece is the agency framework—the ability to persistently represent departmental interests while optimizing for organizational outcomes.

The Promise of Enterprise Agents

Implementing enterprise agents involves significant complexity, from defining their scope and governance to preventing catastrophic failure modes. These critical challenges around “hiring” agents (defining their objectives and constraints), evaluating their performance, and establishing proper safeguards deserve deeper exploration than this introductory post permits. Beyond just eliminating meetings, enterprise agents could revolutionize how your organization coordinates, especially around low stakes coordination such as status checks, bug triage, document reviews and so on.

I suspect the adoption curve will follow a familiar pattern: early experimentation in domains with high reward/risk ratio, followed by standardization of successful approaches, and eventually widespread adoption as the benefits become undeniable.

The Firm, Transformed

Coase never envisioned the complete elimination of transaction costs—only their significant reduction. Similarly, enterprise agents won’t erase human judgment or interaction, but they could dramatically reduce organizational friction.

Imagine a workday with 80% fewer meetings. Teams focusing on creative problem-solving rather than administrative coordination. Decisions supported by comprehensive data and transparent reasoning. Conflicts resolved through objective analysis rather than political maneuvering.

The promise is clear: fewer meetings, less drama, and more effective collaboration. The firms that get there first will likely enjoy substantial competitive advantages in both productivity and workplace satisfaction.