For decades, the cybersecurity landscape has been defined by a stark inequality: the “haves” and the “have-nots.” The “haves” possess the budget, talent, and resources to build formidable defenses. The “have-nots”—the vast majority—operate below what industry veteran Wendy Nather coined the “Cyber Poverty Line,” constantly fighting fires and struggling to meet even basic compliance standards.
In a recent Techstrong webinar sponsored by Checkmarx, host Alan Shimel sat down with a panel of experts to discuss a pivotal question: In an age of unprecedented threats, can artificial intelligence finally serve as the ladder that lifts organizations out of this poverty?
The panel included Mallory Haigh (Head of Platform Engineering Education and Advocacy, Platform Engineering Community), along with Checkmarx’s Emma Datny and Avi Hein (Senior Product Marketing Managers).
Here are the key takeaways from their discussion on money, culture, and the double-edged sword of AI.
Myth Busting: It’s Not (Just) About the Money
When we think of “poverty,” we naturally think of a lack of funds. Research suggests that budget constraints remain a widespread and significant barrier for many organizations looking to adopt the necessary AppSec tools.
However, the panelists argued that budget is often a scapegoat for deeper systemic issues.
“If you don’t fix the systemic issue under the hood… it does not matter how much you spend. You can keep flushing that money down the toilet,” said Haigh.
The real enemies of security, the panel agreed, are cultural silos and broken processes. Hein noted that the “poverty line” is a moving target. What was secure three years ago is obsolete today. Simply buying a new “shiny silver bullet” every year doesn’t work if the organization lacks the maturity to implement it effectively.
AI: The “Jekyll and Hyde” of AppSec
The conversation inevitably turned to Generative AI, which the panel described as having a “Jekyll and Hyde” nature.
- The Risk (Mr. Hyde): With estimates suggesting 60% of code is now AI-generated, there is a massive volume of software entering the pipeline. Hein warned against the rise of “vibe coding”—blindly trusting AI to write software without human oversight or understanding the security implications.
- The Hero (Dr. Jekyll): Conversely, AI acts as the ultimate “force multiplier” for under-resourced teams. Datny highlighted how Checkmarx One and Developer Assist integrate directly into the IDE. By spotting vulnerabilities and offering automated remediation in real time, AI enables small teams to scale their efforts and fix issues before code is committed.
The Solution: Maturity Through Platform Engineering
If money isn’t the cure, what is? The consensus was clear: You cannot buy your way out of cyber poverty; you have to mature your way out.
Haigh advocated for Platform Engineering as the vehicle for this maturity. By building security directly into the “paved roads” of an Internal Developer Platform (IDP), organizations can make the secure way the easy way AND the only way. This approach targets the industry’s greatest myth: that developers alone are responsible for security. When tools create friction, developers bypass them. To escape the trap, organizations must stop treating security as a developer and start treating it as a seamless, built-in feature of the developer experience.
Lightning Round: The Reality of Risk
In a revealing “lightning round” toward the end of the session, the panelists exposed the dangerous mindsets that keep companies trapped below the poverty line:
- Most Dangerous Phrases: “We’ll fix it later” and “It’s not that bad”.
- The Hard Truth: Hein shared a sobering statistic: 81% of organizations admit to knowingly shipping vulnerable code to meet deadlines.
The Road Ahead
To close out the discussion, the panelists looked five years into the future. While new threats like quantum computing loom on the horizon, the path forward remains clear. Escaping the cyber poverty line requires a shift from reactive panic to proactive maturity.
By combining cultural alignment with the “force multiplier” of an AI-powered platform like Checkmarx One, organizations can finally stop playing catch-up and start innovating securely.
Ready to see how AI can act as your security force multiplier? [Watch the full webinar replay on Techstrong Learning]
