WASHINGTON, D.C. — The Open Worldwide Application Security Project's (OWASP) 2025 Global AppSec conference began here Thursday (Nov. 6) with a truly scary, yet somewhat hopeful, keynote address from cybersecurity veteran and AI expert Daniel Miessler.
Miessler has been experimenting quite a bit with the latest
AI agents, and he had a very blunt message for both the OWASP audience of cybersecurity professionals and for any white-collar workers: Most of what you do for a living will soon be done by AI agents.
"Security work is being broken into discrete pieces that I call Lego blocks, and they are executable by AI," Miessler said. "Business AI is becoming more like pipelines and tasks. Put them together, and it looks like someone's job."
But this isn't all bad, Miessler insisted. If companies handle this properly, they can greatly increase their productivity by training their current personnel how to use AI agents and boost their output tenfold or more.
(Miessler didn't dwell on the gloomier possibilities during his OWASP keynote, but he did in
a recent blog post entitled "I'm Worried It Might Get Bad": companies laying off tens of thousands of workers, as has already started to happen in the tech industry.)
AI to help you do anything
For his own part, Miessler has been using
Claude Code, a command-line-based agentic AI model released by Anthropic in March. It was designed as a coding tool, but Miessler sees it as much more: "a universal agent framework for doing just about anything."
About three weeks ago, he said, Anthropic released a new set of tools called Agent Skills which let any Claude-based model (there are a half-dozen active ones) perform specialized tasks. The
Agent Skills GitHub page features Skills for creating still images and animated GIFs, for
application testing and
Model Context Protocol (MCP) servers, and for writing company internal memos and reports.
"This thing is absolutely insane," said Miessler. "It's a way of turning work into a directory. It might be the biggest thing in AI since ChatGPT."
This has profound implications for workplaces and jobs. Claude Code, Agent Skills and similar tools from other AI developers mean that any human can train an AI agent on the human's expertise and skill set and then use the AI to do the human's job. And that works out OK, if said human is the one controlling the AI agent to help the human become much more productive.
"The problem," Miessler said "is that you can't just go and ask your company leaders to let you install Claude Code and start doing this."
Instead, he showed how you could use an agent to quickly build a presentation — he said it took about three minutes — to show the top brass how much more productive the organization can be with AI agentic assistance.
"We're still making the decisions. It's just connecting everything and putting it together," Miessler said. "This is doing difficult work that has to be done continuously."
Already in a new paradigm
All this means, Miessler said, that we've entered the next phase of AI maturity, according to his theory of how it might happen.
Before November 2022, we were at Level Zero: No widespread use of AI, and humans doing most work. The
public launch of ChatGPT brought us into Level One, with
large language models assisting human effort by answering questions and writing basic code, but not being in charge of anything.
Agentic platforms like those made possible by Claude Code and Agent Skills put us in Level Two, Miessler said. They do active, complicated work under the supervision of humans. Used properly, they will increase a human's productivity many times over.
This current phase will last two or three years, Miessler estimates, before AI-powered workflows and pipelines begin to act as full-time employees and we enter Level Three. Beyond that, maybe around 2030 or a bit later, lies Level Four, in which AI manages everything.
Let AI do the dull stuff for you
So how does a human keep a job during these massive changes? By accepting the future and learning to work with AI, and having AI work for you, instead of resisting it.
To that end, Miessler has set up his own Claude-Code personal digital assistant (don't call it a PDA) called Kai and trained it on some of what he knows and does:
penetration testing and cybersecurity consulting.
As a result, Kai has become quite a good orchestrator of AI agents. Miessler fired it up on his MacBook Pro during the keynote presentation, and Kai started speaking to him.
That was followed by multiple artificial male and female voices as about 20 pen-testing AI agents came online with different greetings, including a forceful, "Pentester reporting for duty and ready to secure your systems!" It was a bit like J.F. Sebastian's robot friends saluting him in "Blade Runner."
Having an agentic AI platform like Kai, Miessler said, is the next step, and a necessary step, in being effective in information security, and indeed in any white-collar job.
He also demonstrated a data structure for pen-testing an imaginary company, powered by AI agents.
"In the real world, putting together something like this takes forever," Miessler observed. "Kai put this together in about two and a half minutes."
"These are not special files that need special tools," he added. "It's 99% Markdown," referring to a widely used markup language, simpler than HTML, for creating formatted text.
Because of Kai, Miessler can focus on higher-level problems while letting the AI agent do the grind work. Or, as Miessler put it in
another blog post over the summer, "AI is just tech that lets people do way more stuff."
Miessler has created an easy-to-use open-source framework based on Claude Code, but compatible with other AI models such as GPT or Google Gemini, for anyone to use on a daily basis. He calls it "
Personal AI Infrastructure" and has posted it on GitHub.
"PAI is an open-source, full personal AI platform that's completely agnostic to who you are and what you're trying to accomplish," the project's README page says. "This system is designed from the very beginning to be available to anybody and to grow and scale with you throughout your life."
How to keep ahead of AI, and of attackers using AI
Miessler also said that one way to survive in an era of AI job takeovers is to stress what makes you you. AI is creating commoditized skill sets and abilities, and individual humans can stand out by emphasizing their unique experiences.
"Use AI to magnify your own capabilities," he said. "It's important to have taste and opinions about how things should be done. We've experienced life. Had small traumas. That is what needs to be captured. Take that and put it inside one of your skills to do it at scale. But keep some secret sauce for yourself."
If you're a cybersecurity defender, he said, remember that "your attackers are also on the same exact path."
"The faster they evolve, the more important the distance between them and you as a defender is really important," he said.
And overall, make sure you keep aware of what's going on.
"Things are really insane right now," Miessler said. "We are living in perhaps the biggest period of human change in thousands of years."
