In large enterprises, AI adoption creates a conflict. The CTO pushes for speed and innovation via AI agents, while the CISO worries about security risks from a flood of AI-generated code. Successful devtools must address this duality, providing developer leverage while ensuring security for the CISO.
Related Insights
As AI coding agents generate vast amounts of code, the most tedious part of a developer's job shifts from writing code to reviewing it. This creates a new product opportunity: building tools that help developers validate and build confidence in AI-written code, making the review process less of a chore.
Large enterprises navigate a critical paradox with new technology like AI. Moving too slowly cedes the market and leads to irrelevance. However, moving too quickly without clear direction or a focus on feasibility results in wasting millions of dollars on failed initiatives.
Customers are hesitant to trust a black-box AI with critical operations. The winning business model is to sell a complete outcome or service, using AI internally for a massive efficiency advantage while keeping humans in the loop for quality and trust.
For CISOs adopting agentic AI, the most practical first step is to frame it as an insider risk problem. This involves assigning agents persistent identities (like Slack or email accounts) and applying rigorous access control and privilege management, similar to onboarding a human employee.
Selling foundational AI isn't a standard IT sale. It requires a dual-threaded process targeting the CTO, who builds the agents, and the CRO, who must monetize them. The key is educating the CRO to shift from selling seats against IT budgets to capturing value from larger headcount and outsourced labor budgets.
Simply deploying AI to write code faster doesn't increase end-to-end velocity. It creates a new bottleneck where human engineers are overwhelmed with reviewing a flood of AI-generated code. To truly benefit, companies must also automate verification and validation processes.
Vercel is building infrastructure based on a threat model where developers cannot be trusted to handle security correctly. By extracting critical functions like authentication and data access from the application code, the platform can enforce security regardless of the quality or origin (human or AI) of the app's code.
For enterprises, scaling AI content without built-in governance is reckless. Rather than manual policing, guardrails like brand rules, compliance checks, and audit trails must be integrated from the start. The principle is "AI drafts, people approve," ensuring speed without sacrificing safety.
The excitement around AI capabilities often masks the real hurdle to enterprise adoption: infrastructure. Success is not determined by the model's sophistication, but by first solving foundational problems of security, cost control, and data integration. This requires a shift from an application-centric to an infrastructure-first mindset.
To balance security with agility, enterprises should run two AI tracks. Let the CIO's office develop secure, custom models for sensitive data while simultaneously empowering business units like marketing to use approved, low-risk SaaS AI tools to maintain momentum and drive immediate value.
