The Velocity Tax
Field Notes

The Velocity Tax

June 18, 2026

⚓ Your engineers got faster this year. Quietly, and all at once, your risk got faster with them.

We are all telling the productivity story right now, and we should, because it’s real. Work that used to take a team and a quarter now takes one stubborn person and a weekend. What rarely makes it onto the same slide is the second half of that sentence.

Code that arrives ten times faster arrives roughly three times harder to validate. And the people shipping the most of it, often the most junior, tend to understand the least of what they shipped. Read that as a head of engineering and it’s a win. Read it as the person accountable for risk and it is something else entirely.

Where did all that new code actually go? Into new services, new dependencies, new access, new agents acting on their own. Who is checking it at the rate it’s being produced? The same security team you had last year, working the same hours, one screen at a time.

THE EXPOSURE IS NO LONGER COMING ONLY FROM ATTACKERS. IT IS COMING FROM YOUR OWN VELOCITY.

We have seen this shape before, outside of security. The factory that speeds up the line but not the inspection. The lender that books loans faster than it can underwrite them. It rarely ends in a dramatic failure. It ends in a slow pile of things nobody had time to look at.

Machine-speed creation, human-speed verification, and a gap between the two that widens every sprint. I have a strong opinion about how that gap closes, and I’ll show it at Black Hat.

✒️♟️