In chemistry, enzymes are remarkable catalysts that make seemingly impossible reactions possible with far less energy. At the recent SANS 2025 Government Security Forum, Knostic Co-Founder & Chief AI Officer Sounil Yu drew a powerful parallel: "AI is that enzyme that lowers the activation energy for startups." This metaphor is a fundamental insight into how AI is transforming our approach to critical infrastructure and cybersecurity.
The Traditional Scale Paradigm
For over a century, economies of scale have been our guiding principle. From Ford's assembly line to global cloud infrastructure, "bigger is better" has been more than a motto: It's been an economic necessity. Large-scale systems provided three critical benefits:
- Access to rare expertise
- Ability to coordinate complex activities
- Cost-effective standardization
But as Yu points out, "We're entering into a new terrain where scale, rather than serving as an asset, may increasingly become a liability." This shift is particularly evident in cybersecurity, where the vulnerabilities of monocultures have become increasingly apparent.
The Hidden Costs of Scale
What many don't realize about economies of scale is that the curve eventually turns upward. Companies become "too big to fail," regulation increases, and costs actually rise. More importantly for security professionals, these systems become what Yu calls "critical infrastructure" - not by design, but by dependency.
Consider the now-famous XKCD comic about the critical open-source project "maintained by some random person in Nebraska." This isn't just a joke. It's a perfect illustration of how our drive for scale has created systemic vulnerabilities.
AI: The New Catalyst
AI is dismantling these traditional assumptions in several ways:
-
Democratizing Expertise
Large language models are now performing tasks that once required years of specialized expertise. Whether it's legal analysis, contract review, or code development, AI is making sophisticated operations accessible to smaller teams.
-
Enabling Mass Customization
"Who wants commoditized products?" Yu asks rhetorically. "You are all special, and you should all get special treatment." AI makes this economically viable by enabling customization without the traditional cost penalties.
-
Transforming Security Paradigms
Yu introduces a fascinating contrast between the traditional CIA triad (Confidentiality, Integrity, Availability) and what he calls the DIE triad (Distributed, Immutable, Ephemeral). "If I have something that's highly distributed, why do I need to worry about a single system's availability? If I have something that's immutable, why do I need to worry about its integrity?"
The Security Implications
This shift has profound implications for cybersecurity:
-
From Monoculture to Diversity
"Would we rather defend a monoculture, one that is full of critical falls, waiting to be exploited, and causing a massive set of dependencies to fall upon us? Or would we rather have a multitude of things that do not require scale?" Yu draws a parallel to the Irish potato famine, reminding us that nature abhors monocultures, and so should our digital infrastructure.
-
Custom Code Generation
Imagine AI systems generating custom code for specific functions, without relying on shared libraries. As Yu explains, "My software bill of materials or SBOM has nothing in it... My code produces no known CVEs in a software composition analysis scan because there is no open source software."
-
The Anomaly Detection Paradox
Yu presents an intriguing visual metaphor: finding a black dot among uniform blue dots is easier than finding it among varied blue dots. While standardization makes anomaly detection simpler, it also makes systems more vulnerable to systematic attacks.
The Path Forward
"The real question now isn't whether we can build bigger," Yu concludes, "but whether we can build smarter without losing control of the system itself." This is the central challenge for security professionals in the AI age.
As AI continues to act as our organizational enzyme, we need to:
- Embrace distributed systems over centralized ones
- Value resilience through diversity over efficiency through uniformity
- Rethink security patterns for an age of customization
- Understand that critical infrastructure might become less critical through distribution and redundancy
The enzyme metaphor helps us understand not just how AI is changing our capabilities, but why these changes demand a fundamental rethinking of our approach to infrastructure and security. As Yu suggests, we're moving into an era where the economic drivers towards scale may no longer be necessary, and that might make us all more secure.
What’s Next
To learn how to operationalize real-time AI data governance in enterprise environments, download Knostic’s white paper on LLM data governance.
Tags:
AI data governance
