Lead: A Market Racing Ahead
Code increasingly arrived not only from humans but from coding agents sprinting through backlogs, and with that speed came tangled risks—opaque attack paths, model abuse, and policy drift that hid inside automated workflows.Enterprises that chased velocity discovered a new truth: getting AppSec wrong in the AI era did not just mean missed tests; it meant blind spots that multiplied with every agentic handoff.Rather than slow down, some security leaders chose to build faster with stronger guardrails, betting that the right mix of leadership and platform decisions could keep pace without raising blast radius.That was the wager on display when Legit Security named Tamar Nulman as VP of Human Resources and Omri Arnon as Head of Engineering in Tel Aviv.
Nut Graph: Why This Story Matters
AI moved software creation from human-first to machine-assisted and agentic, pushing throughput higher while expanding the attack surface to include prompt injection, insecure tools, and shadow models.Traditional AppSec, designed around static checks and isolated repos, struggled to see across agents, orchestration layers, and fast-changing policies, leaving teams reactive rather than ready.Legit’s move signaled a response to customers asking for unified control planes that govern AI-generated code, agent actions, and end-to-end pipelines.The company framed the moment directly: “This is a pivotal moment for software security as AI reshapes how code gets built,” leadership said, casting execution and category definition as a near-term race rather than a distant goal.
Body: People, Platform, and a Fast-Forming Category
Nulman, who scaled hiring and culture at MyHeritage, arrived to stand up a recruiting engine that targeted scarce skills—ML security, agent orchestration, and secure toolchain design—and to embed a security-first mindset without throttling product velocity.Her charter centered on reducing handoffs between AppSec, platform, and feature teams so context moved as quickly as code.“Our focus is a high-performance culture and a recruiting engine that matches our ambition,” Nulman said.
Arnon brought enterprise security pedigree from SentinelOne and Palo Alto Networks, translating strategy into platform outcomes that developers would accept on day one. His roadmap emphasized coverage for AI-generated code quality and provenance, telemetry for coding agents and tools, and policy-as-code that flowed across repos, CI/CD, and agent orchestrators.“We’re shipping a powerful and comprehensive platform to secure AI-native workflows at scale,” Arnon said, underscoring the need to ship controls that protect without stalling builds.
The thesis was straightforward: unify visibility and control so speed did not erode trust.In practice, that looked like surfacing agent actions inside pipelines, blocking risky steps with real-time guidance, and offering safe alternatives that kept releases on schedule. Early enterprise pilots reported that policy gates on agents reduced last-mile friction between AppSec reviewers and developers, especially when guardrails were embedded where coding happened.
Tel Aviv’s network mattered, too.The city blended offensive security expertise with product engineering at scale, creating short feedback loops between customers, research, and delivery. That density helped teams validate controls against real attack techniques while refining developer experience, a balance many platforms missed when stitched together from point solutions.
Conclusion: What Leaders Did Next
The path forward prioritized concrete steps: inventory active models, agents, prompts, and tools; codify policies into CI/CD; instrument agent telemetry with least-privilege access; and automate evidence for audit.Teams then measured progress with four signals—less insecure AI-generated code merged to main, a higher share of agent actions governed by policy, faster remediation without blocking releases, and healthier developer sentiment.With hiring aligned to ML security and developer experience, and engineering focused on provenance, agent control, and governance, the company positioned itself to turn urgency into execution. The leadership additions created the conditions for scale, the platform absorbed complexity, and customers gained a way to move fast while staying in bounds.In the end, progress depended on pairing culture with controls, and the hires made that pairing possible.