Defending Dev
INDEX / FOR / CISOS · ALSO: DEVELOPERS · SECURITY TEAMS · PRODUCT MANAGERS LAST REVISED 1 JUL 2026
01 — THE SITUATION, PLAINLY

You didn't approve the copilots. They're already in your codebase.

Banning AI-assisted development is the one policy guaranteed to fail — it moves the work onto personal machines and off your telemetry. The defensible position is governance that says yes, like this. This page is the shortest path to holding that position with confidence.

Written for the person who has to answer for it — to the board, to audit, to the incident review.

02 — ABOUT THE AUTHOR
Colin Domoney — 30 years across offensive testing, enterprise defence, and the vendor side of the fence.
· 200+ enterprise assessments led
· advisor to 3 F500 security orgs
· vendor sponsorships accepted: 0
03 — START HERE · THREE READS, FORTY MINUTES, IN ORDER
WHEN THE THREE READS LAND, THE GUIDE BELOW IS THE NEXT STEP ↓
04 — THE FLAGSHIP GUIDE · FREE WITH EMAIL
DEFENDING DEV PRESS — Nº 1
The CISO's Field Guide to AI-Assisted Development
48 PP.2026 ED.
When the three reads land, this is the operating manual.

The 90-day rollout plan, the one-page policy, and the twelve questions to put to every AI-tooling vendor — assembled into a working document.

ONE EMAIL · NO SALES CALL FOLLOWS · PDF + WEB
Get the guide →
05 — HEAR IT ARGUED, ON THE PODCAST Ep. 07 — What CISOs get wrong about copilots w/ Dana Okafor ▶ 41:12 Ep. 04 — Selling "yes, like this" to a sceptical board ▶ 33:05
06 — RECENT, FOR SECURITY LEADERS Reviewed: three SAST tools vs. assistant-written repos REVIEW · 14 MIN AI slop is a supply-chain problem, not a quality problem BLOG · 6 MIN