Loading…
← Back to schedule
Too Big to Review: Scaling AppSec to Zero at Fortune #1
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
As AI-powered development tools accelerate code velocity across the industry, application security programs face an existential scaling problem: the team that was once a trusted partner to engineering has become a bottleneck. Traditional human-led security review cannot keep pace with the rate of new features, services, and infrastructure being shipped; and bolting AI onto a broken process only makes it fail faster.


This talk presents a proven layered framework for scaling application security programs without proportionally scaling the security team, drawn from direct experience building and running the SHINE (Security Hub of Innovation and Efficiency) program at AWS. The framework moves through three progressive layers: Golden Paths that eliminate entire risk categories before review through secure-by-default infrastructure; Deterministic Automation that encodes repeated security decisions into binary, scalable rules; and Agentic Investigation where AI systems assemble complete application context and make judgment calls on genuinely novel problems.


In practice, this architecture reduced security review time by 30% through deterministic automation, drove 90%+ adoption rates of new applications onto secure-by-default infrastructure via CDK property injection, and enabled an Agentic Security Engineer capable of context-aware decisions that previously required senior human involvement.


In today's AI-driven world, the instinct is to reach for a model. But that instinct is wrong when applied too early: AI is not a fix for a broken foundation - it amplifies whatever is already there. Teams missing stability at the foundational layers will find that AI makes the chaos faster, not better. This talk provides a concrete, implementation-grounded roadmap for building the foundation that makes automation and eventually agentic AI actually work.
Speakers
avatar for Adam Schaal

Adam Schaal

Distinguished Engineer, AI Security, Pixee AI
Adam Schaal is a Distinguished Engineer at Pixee, where he focuses on using generative AI and automation to meaningfully change how application security is practiced at scale.
Previously, Adam created and led the SHINE team at AWS, a group tasked with rethinking how security could scale across massive development organizations without slowing builders down. Through experimentation, automation, and hands-on engineering, SHINE explored new approaches to aligning... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link