We brought together Ian Moritz, Deployed Engineer at Cognition, and Mackenzie Jackson from Aikido Security for a live masterclass on AI-assisted coding.
The goal wasn’t to hype new tools. It was to talk about how developers can stay in control while AI starts writing, testing, and securing code beside them.
AI coding isn’t good or bad. It depends on how you use it.
When asked whether AI coding helps or hurts security, Ian didn’t take a side. He explained that it comes down to how you use it.
“You can make arguments either way. What matters is how fast it’s improving. Models are getting better at avoiding vulnerabilities, and we’re learning how to use them responsibly.” - Ian Moritz, Cognition
He compared AI to a power tool. Useful, but dangerous if you’re careless.
“Treat AI like a power tool. You still need intent, control, and review.” - Ian Moritz, Cognition
AI is speeding up development, but it still needs humans to set direction and check the work.
Seeing your system is half the battle
Good security starts with understanding how your app actually behaves.
Windsurf was built to give developers that visibility.
“Understanding how data moves through your system is half of security. The rest is knowing where it shouldn’t go.” - Ian Moritz, Cognition
Using Deep Wiki and Code Maps, developers can trace how functions connect, where data travels, and what could break if something changes.
Instead of digging through thousands of lines, you can map the flow and spot weak points fast.
Security that sits where you build
During the demo, Mackenzie showed how Aikido’s extension for Windsurf finds security issues inside the IDE itself.
It flags exposed secrets, vulnerable dependencies, and missing security headers as soon as you save the file.
“This is where security belongs. Inside the IDE, before it ever becomes someone else’s problem.” - Mackenzie Jackson, Aikido Security
It’s feedback that fits into a developer’s workflow. No waiting for CI scans or security audits. You catch issues early, fix them quickly, and keep building.
Agents that test your code for you
Ian shared what’s next for tools like Windsurf and Devin.
He sees a future where AI doesn’t just write code, it tests it too.
“The cost of high-quality testing is dropping fast. We’ll run more tests, not fewer.” - Ian Moritz, Cognition
Devin is designed to act like a red team in the background. It can analyze your codebase, simulate attacks, and flag risky logic before deployment.
Instead of waiting for vulnerabilities to show up in production, developers will be able to stress-test their own work automatically.
The future developer
Ian closed with advice for developers learning to work with AI tools.
“Spend a little time learning Git. Break work into small pieces. Let agents help with the rest.” - Ian Moritz, Cognition
Developers will spend less time typing code and more time reviewing, testing, and guiding AI systems. The skill that matters most is not speed. It’s awareness. Knowing what your code does, why it exists, and where it could break.
AI-assisted coding isn’t about replacing developers. It’s about giving builders better tools that think fast but still need human judgment.
The best developers will be the ones who stay close to their code, understand their systems deeply, and never hand over control.
.avif)
