Vjaceslavs Klimovs on Why 40% of Security Work Lacks Threat Models

Vjaceslavs Klimovs, Distinguished Engineer at CoreWeave, reflects on building security programs in AI infrastructure companies operating at massive scale. He explores how security observability must be the foundation of any program, how to ensure all security work connects to concrete threat models, and why AI agents will make previously tolerable security gaps completely unacceptable. 

Vjaceslavs also discusses CoreWeave's approach to host integrity from firmware to user space, the transition from SOC analysts to detection engineers, and building AI-first detection platforms. He shares insights on where LLMs excel in security operations, from customer questionnaires to forensic analysis, while emphasizing the continued need for deterministic controls in compliance-regulated environments.

Topics discussed:

• The importance of security observability as the foundation for any security program, even before data is perfectly parsed.
• Why 40 to 50 percent of security work across the industry lacks connection to concrete threat models or meaningful risk reduction.
• The prioritization framework for detection over prevention in fast-moving environments due to lower organizational friction.
• How AI agents will expose previously tolerable security gaps like over-provisioned access, bearer tokens, and lack of source control.
• Building an AI-first detection platform with assistance for analysis, detection writing, and forensic investigations.
• The transition from traditional SOC analyst tiers to full-stack detection engineering with end-to-end ownership of verticals.
• Strategic use of LLMs for customer questionnaires, design doc refinement, and forensic analysis.
• Why authentication and authorization systems cannot rely on autonomous AI decision-making in compliance-regulated environments requiring strong accountability.