Software security has historically begun after code exists: after commit, after build, after deploy. That assumption no longer holds.

In AI-augmented development, software is authored by hybrid systems—humans, AI copilots, autonomous agents, and automated pipelines—operating at speeds and scales that render artifact-only security insufficient.

As prompts, reasoning, and model behavior become opaque or legally unobservable, the only remaining reliable security signals are identity, action, and behavioral telemetry at creation time.

This paper argues that the next foundational security layer is not another scanner, runtime control, or model safeguard—but a new control plane that governs who (or what) creates software, how they act, and whether their behavior remains trustworthy over time.

We define this layer as Developer Security Posture Management (DevSPM) and show why it is not optional, not competitive with existing platforms, and not replaceable by model-level or runtime-level security.

1. The Assumption That Broke Security

For two decades, cybersecurity optimized around a stable premise:

Code is written by humans, reviewed by humans, and then executed by machines.

That premise shaped:

• AppSec (SAST, SCA, ASPM)
• Cloud security (CSPM, CNAPP)
• Runtime detection (EDR, XDR, SIEM)
• Identity and access management

Security began after authorship.

AI shattered that boundary.

Today, software is authored by:

• humans
• humans assisted by AI
• autonomous or semi-autonomous agents
• CI/CD bots and orchestration systems
• third-party automation embedded deep in toolchains
  
  

Authorship is now distributed, hybrid, and partially opaque.

Yet security tooling still treats code as if it appears fully formed, with clean provenance and clear intent.

That mismatch is the root failure.

2. Why Securing Artifacts Is No Longer Enough

Modern security tools are excellent at answering questions like:

• Is this container misconfigured?
• Does this dependency have a CVE?
• Did this workload behave maliciously at runtime?
  
  

They cannot answer:

• Who actually authored this logic?
• Was it generated by an AI system?
• Which tools influenced it?
• Did the behavior that produced it deviate from historical norms?
• Did the observed actions align with the historical behavior associated with that identity?
  
  

These are not artifact questions.

They are actor questions.

As AI accelerates creation, artifacts multiply faster than scanners, reviews, and policies can keep up.

Security teams are left triaging outcomes instead of governing origins.

3. Prompt Injection Is a Symptom, Not the Disease

Much of the AI security discourse fixates on prompt injection.

This is understandable—and incomplete.

Prompt injection persists because:

• AI systems are designed to follow instructions
• downstream tools implicitly trust AI output
• execution pipelines inherit permissions without actor-level scrutiny
  
  

The vulnerability is not the prompt.

The vulnerability is unattributed authorship and ungoverned action propagation.

Without visibility into:

• who initiated an action
• what system generated it
• how it traversed tools and permissions
  
  

No amount of prompt filtering can restore trust.

Prompt injection is an interface-level expression of a deeper failure: the absence of an actor-centric security model.

4. The Observability Collapse—and Why It’s Permanent

As AI systems mature, several trends converge:

• prompts are ephemeral
• reasoning is non-deterministic
• model internals are opaque
• logging is restricted by privacy and regulation
  
  

This is not a temporary gap.

It is a structural condition.

Security cannot rely on inspecting what the model thought or what the user typed.

The only durable evidence left is:

• identity
• actions
• timing
• tool invocation
• behavioral deviation

In other words: execution metadata at the source.

Security must therefore move upstream—not because it is preferable, but because it is the only remaining place where trust can be anchored.

5. The Actor Is the New Perimeter

In AI-native development, the true security boundary is no longer:

• the network
• the workload
• the container
• the model
  
  

It is the actor—human or AI—whose actions create downstream reality.

Actors now:

• generate code
• refactor services
• deploy infrastructure
• merge changes
• propagate logic across environments

 

They do so at machine speed.

Security that cannot observe actors cannot govern systems.

6. Developer Security Posture Management (DevSPM)

Developer Security Posture Management is the control plane that secures software at the moment of creation, not after the fact.

DevSPM is built on three primitives:

Identity

Which human, AI model, or agent acted—and in what environment.

Actions

What occurred—code generation, modification, dependency introduction, configuration change, or deployment trigger.

Telemetry

How posture evolves—vulnerabilities, misconfigurations, policy drift, exposure patterns, and behavioral deviation over time.

By correlating these primitives, DevSPM enables:

• authorship attribution across human and AI contributors
• early detection of risky behavior before commit
• longitudinal risk tracking tied to actors, not just artifacts
• incident reconstruction when content is unavailable
• governance of AI-generated and hybrid code paths
  
  

DevSPM does not replace existing security platforms.

It supplies the upstream context they all depend on.

7. Why This Layer Was Invisible Until Now

Historically:

• developers were trusted implicitly
• code volume was manageable
• authorship was legible
• change velocity was bounded
  
  

AI removed those constraints.

What was once socially governed now requires technical governance.

This is why DevSPM appears “new” even though the risk always existed.

The difference is scale, speed, and opacity.

8. Strategic Positioning: Above, Not Against, the Stack

DevSPM does not compete with:

• GitHub
• IDEs
• cloud providers
• AppSec scanners
• CNAPP platforms
• SIEM or XDR
  
  

It complements them by answering the one question they cannot:

Do we trust the actor who created this change—and why?

By restoring actor-level visibility, DevSPM becomes:

• the missing trust layer in secure-by-design architectures
• the forensic substrate when incidents occur
• the governance plane for AI-augmented development

9. The Inevitable Conclusion

AI did not add a new security problem.

It removed the last illusion that artifact-only security was sufficient.

When code is authored by humans and machines together, trust cannot begin at runtime.

When reasoning and prompts are opaque, security cannot depend on content.

When creation outpaces review, governance must precede execution.

Security must move:

• upstream
• to the source
• to the actor

Developer Security Posture Management is not a feature.

It is not a trend.

It is not optional.

It is the only remaining place where trust can be established.

 

Closing Thought

You cannot secure what you cannot attribute.

You cannot govern what you cannot observe.

And in the AI era, you cannot observe artifacts without first observing actors.

That is the control plane DevSPM was built to provide.

→ Book a live demo and see how Archipelo helps teams align velocity, accountability, and security at the source