Cybersecurity jobs rise as AI-generated code widens risk

Demand for cybersecurity engineers is rising because AI is flooding software teams with more code to test, more prompts to govern and more ways for attackers to probe. The New York Times reported cybersecurity job postings rose 11 per cent year on year in the first quarter, even as other tech roles stayed under pressure. For recruiter Austin Cowan, that has changed the tempo of the market rather than just the volume.

“Roles that typically come along every 12 months, we’re seeing those roles come along every week.”
— Austin Cowan, The New York Times

This is not a story about AI rescuing tech employment. It is a story about AI redistributing labour towards the parts of the stack that still require judgement, verification and restraint. If generative tools make it easier to ship code quickly, they also make it easier to ship insecure code quickly. That leaves security teams doing the work AI has not removed: reviewing outputs, locking down access, tracing data movement and deciding which systems are safe enough to trust.

But the pressure is not only coming from outside attackers. Okta survey findings reported by The Register showed 60 per cent of Australian workers said they used unapproved AI tools, while 58 per cent of executives said their organisation had faced an AI-related security problem in the past 12 months. The skeptic’s read of the same boom is that many boards still talk about AI adoption as a productivity project, when the immediate problem is visibility.

More code means more validation

The most direct explanation for the hiring spike is simple: AI is increasing software output faster than most organisations can verify it. The Register’s coverage of a CloudBees survey found 81 per cent of enterprise technology leaders had seen more production issues linked to AI-generated code. That is the analyst view of the market. The savings promised by coding assistants do not disappear, but they get offset by new costs in testing, security scanning and release control.

That helps explain why Palo Alto Networks chief executive Nikesh Arora did not describe AI as a reason to slim engineering ranks. Asked whether better AI meant fewer engineers, he answered plainly.

“No, I need more.”
— Nikesh Arora, Business Insider

Arora’s answer matters because it cuts against the neatest version of the AI labour story. In plenty of software teams, entry-level coding work is getting compressed. What is not being compressed is the obligation to prove that new code will not break production, leak customer data or open a path into the rest of the estate. A recent TechCrunch analysis argued even the biggest AI builders are navigating those security questions in real time. That fits the labour signal: the closer a role sits to validation and control, the harder it is to automate away.

There is also a competitive read here. Security startups are being funded around the idea that AI-generated software needs its own verification layer, with tech.eu reporting that RevEng.AI raised $15 million to secure AI-written code. That is less a bet on one vendor than a sign that investors expect the problem to persist. When capital gathers around review and supply-chain tooling, hiring usually follows inside enterprise teams as well.

Shadow AI is where boards lose visibility

The other half of the hiring story sits inside the organisation. External attacks are becoming more automated, but shadow AI is widening the attack surface from within. Microsoft’s latest AI security report says the rise of AI agents makes observability, governance and security urgent rather than optional, and CyberCX has warned Australian organisations that unsanctioned tools can expose internal data before a breach is even detected.

This is where the skeptic perspective sharpens the argument. Blanket bans on public AI tools rarely hold for long. What works better, according to the guidance emerging from Microsoft and CyberCX, is approved sandboxes, tighter identity controls, clearer data-handling rules and logging that lets security teams see which models are touching which information. That partly answers the question of what governance beats prohibition: not a total freeze, but controlled pathways that are easier to defend and audit.

The same concern is showing up in Australian professional circles. In QLS Proctor’s coverage of a Brisbane cyber event, Essential Tech director Brendan Felstead argued law firms are especially exposed because they sit on concentrated client data and often assume they are too small or specialised to draw attention.

“You are absolutely a target because a law firm carries all their clients’ data.”
— Brendan Felstead, QLS Proctor

His point travels well beyond legal services. Any Australian enterprise rolling out copilots, internal agents or AI-assisted customer workflows is creating more places where credentials, confidential documents and poorly reviewed outputs can move faster than old controls were designed for.

Why security hiring looks durable in Australia

That makes cybersecurity one of the clearer labour-market bright spots in the AI cycle, at least for now. Not every security role will rise evenly, and not every firm will hire at the same pace. But the roles tied to code review, identity, incident response, cloud posture and governance all sit close to the new failure points AI is creating. They are not peripheral clean-up jobs. They are becoming core operating functions for modern software teams.

For Australian organisations, the regulator-policy perspective is less about whether AI-driven incidents will happen than about how quickly a company can respond and prove control when they do. Faster phishing campaigns, more convincing impersonation and more internal data exposure mean boards need people who can translate model risk into ordinary security discipline: least-privilege access, monitored integrations, tested response plans and clear records of what happened when. That is specialised work. It still belongs to humans.

The larger implication is that AI may narrow some layers of software labour while raising the value of others. In that sense, cybersecurity is not defying the AI boom so much as revealing its shape. The technology is making it cheaper to create code, prompts and synthetic content. It is also making it more expensive to trust any of them without review. For enterprise teams in Australia, that is likely to keep security engineers near the front of the hiring queue long after the first wave of AI coding excitement settles.