The AI Native Dev - from Copilot today to AI Native Software Development tomorrow

What does it mean to build securely when agents can negotiate their own guardrails? And what happens to the web — CLIs, frameworks, even the browser itself — when the primary user is no longer human? At AI Native DevCon London, Simon Maple sat down with two panels of experts to find out. 
First: a security roundtable with Joseph Katsioloudes from GitHub, Liran Tal from Snyk, and John Groetzinger from Cisco. 
Then: a web AI conversation with Dana Lawson from Netlify, Maximiliano Firtman from codemia, and James Moss from Tessl. 
What we cover: 
– Why 83% of enterprises plan to deploy AI but only 29% feel ready to do so securely 
– Prompt injection as a risk you have to accept — and how least privilege and sandboxing are your real defences 
– The "agent experience" concept: why systems built for human eyes fail at machine scale 
– Whether fundamentals like HTTP, semantic HTML, and accessibility still matter when agents do the heavy lifting 
– How WebMCP lets websites expose tools directly to agents 
— and why blocking them is like trying to turn off the sun
Join the AI Native Dev Community on Discord: https://tessl.co/4ghikjh

Ask us questions: podcast@tessl.io

Most engineering teams are still arguing about whether to use AI coding agents.

Ryan Lopopolo's team at OpenAI shipped an entire product with no human-written code — and onboarding a new engineer made the team faster within two weeks.

That outcome didn't come from better prompts. It came from what Ryan calls Harness Engineering: the systems, constraints, and feedback loops that sit around the agent — the context it sees, the tools it can call, the tests and linters that close the loop, and the asynchronous CI jobs that catch slop before it compounds.

We sat down with Ryan at AI Native DevCon London 2026, and he got into the specifics: how his team went from 3.5 PRs per engineer per week to 70, why he inverts spec-driven development (build the code first, distill the spec second), and what he means when he says it's "borderline negligent" not to use a billion tokens a day.

It's one of the most grounded, production-focused conversations we've had on The AI Native Dev. The trailer is live now — and the full episode drops this week.

#HarnessEngineering #AINativeDev #SoftwareEngineering
Join the AI Native Dev Community on Discord: https://tessl.co/4ghikjh

Ask us questions: podcast@tessl.io

Engineering teams are shipping twice as many pull requests with AI — but merge rates on AI-generated PRs have dropped from 80% to 60%. 
Nick Arcolano, Head of AI & Research at Jellyfish, sits on one of the most comprehensive datasets in the industry: 250,000 developers, 40 million data points, monthly benchmarks on real agentic coding adoption across enterprise companies. What he's seeing in that data is both more promising and more complicated than the headlines suggest. 
What we cover: 
Why experienced engineers hit a hard ceiling at 4 concurrent agents, and what it would take to break through it 
The 80/20 vs 60/40 merge rate gap between human and AI-generated pull requests — and what's actually causing it
How AI adoption reached 71% weekly active usage across 250K developers, and what "depth of use" really means
Why 2026 is the year the CFO gets involved — and how engineering leaders should prepare to show their receipts
The biggest misconception engineering leads have about what it takes to get to true AI-native development
Why companies have jet engines but are still building cars, and what the real architectural changes look like 
Links: 
🌐 Tessl: https://tessl.io 
🔔 Subscribe for weekly episodes on AI-native development 

If you're an engineering leader trying to make sense of the gap between the AI hype and what's actually showing up in production, drop your take in the comments.
Join the AI Native Dev Community on Discord: https://tessl.co/4ghikjh

Ask us questions: podcast@tessl.io

AI agents don't just write insecure code — they can escape their sandboxes, delete files, and do whatever it takes to complete a task. The security mental model that served us through the cloud era isn't enough anymore. Guy Podjarny, founder of Snyk and CEO of Tessl, made the case at London's AI Security Summit: it's time to stop securing the code and start securing the coder.
Recorded live at the AI Security Summit in London, this episode features conversations with Brian Vermeer (Snyk), Sam Stepanyan (OWASP London), and a full recording of Guy's keynote on why agentic development demands a fundamentally different approach to security.
What we cover:
Why shadow AI is the new shadow IT — and why CISOs can't secure what they can't see
Skills as a new supply chain attack surface (malicious, vulnerable, and negligent skills)
Why more context is not always better — and what the data says about focused skill design
The OWASP Top Ten for Agentic AI and what it means for teams building today
Why security must become agentic to keep up with the attackers who already are
The Context Development Lifecycle (CDLC) and how leading orgs are using it
Links: 🌐 Tessl: https://tessl.io
Subscribe for weekly episodes on AI-native development
What's the biggest security risk your team isn't talking about when it comes to agentic development? Drop it in the comments.
Join the AI Native Dev Community on Discord: https://tessl.co/4ghikjh

Ask us questions: podcast@tessl.io

Your AI coding agent has access to your secrets, pulls in content from the outside world, and can run shell commands. According to Joe Holdcroft, that combination makes you one prompt injection away from a very bad time. The tools haven't changed the fundamentals of security — they've just made every existing risk move faster, and introduced a few genuinely new ones. What we cover:
Why the "lethal trifecta" of agent capabilities creates a novel threat surface
How text and markdown files have become a new class of vulnerability
Slop squatting: the attack vector created by agents hallucinating package names
The context supply chain — and why it mirrors the early days of npm security
What a "CBOM" (context bill of materials) might look like and why we may need one
How to think about agent trust using the contractor mental model
Chapters:
00:00 Introduction 
01:40 The Lethal Trifecta: why agents are inherently risky 
03:23 Same hygiene, higher stakes 
04:08 Text as a vulnerability: markdown as a security risk 
06:08 Do AI tools make you more or less secure? 
08:09 Snyk + Tessl: scanning skills in the registry 
10:10 The context supply chain problem 
14:28 The CBOM: do we need a context bill of materials? 
17:35 Secrets, credentials, and principle of least privilege 
22:25 Balancing security with developer velocity 
36:54 One piece of advice for CTOs going all-in on AI 

Links:
🌐 Tessl: https://tessl.io
Subscribe for weekly episodes on AI-native development 
If you're thinking about AI governance in your team, drop a comment — how are you handling context supply chain today?
Join the AI Native Dev Community on Discord: https://tessl.co/4ghikjh

Ask us questions: podcast@tessl.io