How the AI Coding Boom Is Rewriting Application Security

Costanoa Ventures' John Cowgill on Moving From Static Analysis to Runtime Defense Michael Novinson (MichaelNovinson) • March 28, 2026

Artificial intelligence-generated code is arriving faster than security teams can review it, and the risks are moving from the line level to the system level, said John Cowgill, partner at Costanoa Ventures.

See Also: AI Impersonation Is the New Arms Race—Is Your Workforce Ready?

AI coding models are producing more secure code at the line level, but that improvement is masking a deeper problem: Code that is individually correct can still be brittle and insecure at the level of the system.

"We're going to need to have dynamic analysis running at all times in application security," Cowgill said. He described this as the transition from AI Security 1.0 - guarding AI at the edges through prompt filtering and LLM input controls - to AI Security 2.0, in which security must ...