I was on Threat Vector with David Moulton last week, talking about what AI is doing to security programs. David used a phrase in the conversation that has not left my head. Attack surface diet. It's the cleanest way I have heard anyone name what we are going to have to do over the next eighteen months.
It landed because I've been living a version of it.
Mitigating Controls Are Not a Program
About four years ago I was diagnosed with type 2 diabetes. The diagnosis was not borderline. My weight was not okay either. The default path my doctor laid out was the standard one. Medication, lifestyle counseling, and regular rechecks. I took the path. For three years the medication plus a cleaner diet held the disease stable. Under the regulatory line, out of the danger zone, and, I now realize, exactly what most security programs look like when we say they are "in good shape."
I had mitigating controls. I did not have a program.
The difference showed up a year ago, when my numbers started drifting in the wrong direction. Not dramatically. But the shape of it was clear. The system that had kept me stable for years was no longer containing the disease. The controls were not scaling with the thing they were controlling. I was one step away from another drug, another dose, another compensation. The mitigating architecture was tapped out.
That is when I decided to go at it differently. I dropped fifty pounds. I rebuilt my body composition. I put in the structural work I had been avoiding for three years, the work that medication had let me skip. Five months in, my numbers came back in a range my doctor and I had not seen since before the diagnosis. That is when we decided to try coming off medication.
I am five months into that trial. I am still monitoring. I am not certain it will hold. But it is working so far, and the lesson from the architecture is the thing I want to talk about, because it is the same lesson we are about to have to learn as security leaders.
What AI Is Doing to the Attack Surface
The reason my mitigating controls stopped working is not that they were bad controls. It is that the thing underneath was getting worse, and the controls were doing nothing to change it.
AI is now doing the same thing to our security programs. It is not adding new attacks on top of a stable attack surface. It is making the surface itself grow, mutate, and move faster than our existing compensations can cover. Every tool we have deployed today is a version of the medication I was on. It holds the number. It does not change what is under the number.
What worked for me, and what I think works for a program now, comes down to four moves.
The Four Moves
Shed Weight
The first thing my doctor did not tell me, because it is the work, not the prescription, was to get rid of what the body did not need. Every tool we have deployed and forgotten about. Every integration that existed because someone turned it on in 2019. Every dashboard nobody reads, every exception that outlived its reason, every agent installed to solve a problem we no longer have.
That is all attack surface we are paying to defend and not defending well. Most mature security programs are carrying more of this than most of us would admit. The teams that know it is there have been too busy to remove it. The thing AI changes is that we no longer have the slack to carry it.
Build Muscle
The things we keep have to be stronger. The hard part of consolidation is not technical. It is that every tool we've kept has a team attached to it, a vendor relationship, and a leader who argued for it in a previous cycle. Muscle is the willingness to have the conversation about which tools come off the floor and which stay, and to have it on the merits.
Skinny programs avoid the conversation and let attrition decide. Fit programs have the conversation on purpose. Consolidate. Raise the bar on what "production ready" means for a control. Put real engineering investment into the places that matter. A leaner program does more with less. A skinnier program just does less. There is a difference, and it shows up under load.
Do the Basics, Properly
Identity, patching, logging, response muscle memory. These are sleep and protein. Unglamorous. Non-negotiable. The thing most mature programs quietly underinvest in because the new stuff feels more interesting.
I would rather be boring and correct than interesting and fragile. The AI era will punish interesting and fragile very quickly.
Put the Hard Work Where It Counts
Design-phase security for the AI-native systems we are building now, not the AI systems we built last year. The AI governance review that happens after a product team has already picked a model and built the prototype is not design-phase security. It is compliance theater performed at the end.
Design-phase means the security architect is in the first conversation about what the system will do, not the last. Architectural minimization. Threat models that assume speed and scale the old ones did not. The work that is slow, unrewarding on a ninety-day cycle, and pays off in twelve to eighteen months. Nobody is going to clap for it at the next QBR. It is still the thing that changes the shape of the program.
Those four moves are the attack surface diet. They are also what I did with my body.
Remission Is Not a Win State
The part I want to sit with, though, is the part I learned when the medication came off.
Coming off the drug did not mean less monitoring. It meant more. I watch my glucose continuously now. I look at trend lines I did not bother with when medication was doing the compensation for me. I pay attention to things the medication used to absorb for me. I am, by any measure, more instrumented today than I was when I was on the drug.
Because the honest truth is this. Remission is not a win state. Remission is a mode of operating where the underlying condition could come back, and the reason it does not is that I am watching for it. The drug had been catching things I did not have to see. Now I have to see them.
That is the part of the attack surface diet that most leaders will want to skip.
A leaner program with fewer tools is not a program that needs less attention. It is a program that needs more. Every tool you remove is a compensation you are no longer getting for free. Every platform you consolidate is a single point you now have to watch harder. Every basic you insist on running properly is a process you cannot allow to drift. Minimization without monitoring is not discipline. It is denial with better branding.
If you are going to get your program off the equivalent of the medication I was on, the telemetry and the observability have to go up, not down. Your willingness to catch drift early, name it, and fix it unsentimentally is what keeps a leaner program from becoming a brittle one.
The Honest Cost
I will tell you the thing that still bothers me, because leaving it out would be dishonest.
I have structured a significant part of my life around a clinical metric. I watch a number. I am aware, in a way I was not before, how much of my sense of being okay is tethered to that number staying where it is. I am not sure whether that is discipline or something closer to fear. I suspect the answer is some of both.
The same will be true for the leaders who actually do this work on their programs. If you build a leaner, sharper, better-monitored security program, you will also build a higher-resolution picture of everything that is wrong with it. You will see more. You will not always like what you see. You will have to decide, over and over, whether what you are looking at is signal or noise, and whether you are responding to the thing in front of you or to your own anxiety about it.
That is the actual cost of the attack surface diet. It is not less work. It is more awareness, with nowhere to hide.
Still Burning, Still Putting It Out
I do not know yet if I will stay in remission. The numbers are holding. I am doing the work. I am watching carefully. I am still not certain.
That is also, as of today, an honest description of where every security program is going to be by the end of this AI cycle. Not fixed. Not solved. In remission, if we do the work, with more monitoring than before, and no guarantee. The leaders who make it through are the ones who build for that reality instead of pretending we are going back to the old one.
The fire is still burning. We are still putting it out. What we are learning is that the way we were fighting it was not going to scale, and the way forward is not more hoses. It is a leaner body, better telemetry, harder habits, and the willingness to watch more closely, not less.