Fear Comes First. That's Normal.
Let's be honest: watching a machine do your job feels like losing it. Not metaphorically. People at the AI Engineer Melbourne conference described it in terms that matched Kubler-Ross exactly — denial, anger, bargaining, depression, and then... acceptance. Or coupon clipping. Honestly, both are valid coping mechanisms.
Software engineers have absorbed more change in the last three years than they did in the previous thirty. That's not hyperbole. It's a statistical reality that hits different when you're the one staring at a CI/CD pipeline that now includes an AI agent making decisions you used to own.
And here's the thing nobody wants to admit: the fear is rational. When Stack Overflow went agent-first, the question wasn't whether AI could write code. It was what's left for us meatsacks when the agents handle the routine stuff. The answer, uncomfortably, is that the routine stuff was most of it.
But fear isn't the end of the story. It's just the opening act.
The Two Camps Nobody Asked For
Annie Vella's essay "The Software Engineering Identity Crisis" captured something real about how this division is forming. You've got the "all in" crowd — engineers who embrace AI tools wholeheartedly, sometimes before they've even understood what they're embracing. Then you've got the "never ever" camp, folks who reject AI in any form, period.
Between them sits a broad middle ground that's cautiously getting its feet wet. And the divide? It's not really about technology. It's about work style.
Outcome-focused engineers see AI as a shortcut to the destination. Learning-focused engineers? The journey into understanding is the whole point of the exercise. Short-circuit that journey with an AI tool, and you've robbed them of what makes the work meaningful. That's not Luddism. That's identity.
Vella's prescription is simple but hard to follow: sensitivity, listening, and openness to change on both sides. Highlight human qualities in the machine age. Easier said than done when you're watching your peer group fracture in real time.
The Sticker Shock Nobody Budgeted For
Here's where the romance of AI adoption meets reality: token costs. Organizations got weaned off those seductive "all you can eat" subscription plans and onto metered token consumption. The result? Widespread sticker shock across every engineering team that went all-in on AI tooling.
AJ Fisher's talk at the conference tackled this head-on with something he called the "Ralph Wiggum loop" — using low-quality models and making them iterate on a problem until they reach a satisfactory solution. The insight? You can achieve the same result as a full-fat frontier model for anywhere from one-half to one-tenth the spend. That's not incremental savings. That's a fundamental rethinking of how you price AI into your operations.
Google responded with DiffusionGemma, released just days after Fisher's talk. It generates text at over 1,000 tokens per second on an H100 GPU, built on a 26B A4B MoE Gemma 4 architecture from Google DeepMind. The key difference? Discrete diffusion instead of token-by-token autoregression. Faster. Cheaper. Less accurate — but iterative refinement closes the gap.
For security teams running threat detection models or compliance scanning agents, this cost structure matters enormously. You can't budget for AI if you don't understand the economics.
Critical Thinking as a Defense Mechanism
Jeremy Howard didn't just talk about AI. He demonstrated why critical thinking matters more than ever in an age where machines can produce plausible-sounding output at scale.
His plea was almost painfully simple: just keep thinking. Don't nod off in the warm bath of machine-generated thoughts. The SolveIT tool he demoed — still in beta, combining Python notebooks, Mathematica, Wikipedia, and chatbot capabilities — was designed for "swimming in the sea of knowledge" rather than floating off into mindless oblivion.
This hits different for security and compliance analysts. When your cloud security incident response playbook depends on AI-generated threat assessments, you need to understand what those assessments actually mean. Not trust them. Understand them.
Howard's approach mirrors what good incident responders already know: automation handles the repetitive detection work, but humans own the judgment calls. The difference now is that the automation is getting better at the repetitive work faster than anyone expected.
The Anti-Fragile Pipeline That Actually Works
Daniel Rodgers-Pryor's vision of "Fully Automated Luxury Gay Space Engineering" sounds like a joke until you see it work. His entire CI/CD pipeline feeds metrics, messages, logs, and user feedback into AI agents that identify issues, find root causes, fix them, integrate solutions, test them, and push them to users.
What sounds like a recipe for disaster turns out to be a formula for a self-healing, anti-fragile system that improves as pressure increases. More users? Good. More metrics? Great. More messages and logs? Even better. The agents eat all that data and use it to improve overall system performance.
Rodgers-Pryor's "closed feedback loop" reminds me of a 20th century production line worker dipping into the stream of products, eyeing a few for quality, then tossing them back. "This is your job now," he told the audience. "How can you make those feedback loops shorter and tighter?"
For security teams, this is the future of incident response. Your cloud security incident response playbook doesn't just document what humans do — it defines the feedback loops that AI agents optimize. The human role shifts from executing playbooks to making those loops shorter and tighter.
What This Means for Your 365 Security Posture
The broader lesson here applies directly to teams managing Microsoft 365 environments. As AI agents begin handling routine security monitoring, alert triage, and compliance scanning across 365 workloads, the grief cycle hits security teams too.
Fear comes first. Then anger at the tool that's doing your job. Then bargaining — "maybe we can keep the humans in the loop." Then depression when you realize the agents are faster and more consistent. And finally, acceptance: not surrender, but adaptation.
The engineers who thrive aren't the ones who reject AI or the ones who blindly embrace it. They're the ones who understand the cost structure, maintain critical thinking about AI output, and focus on making feedback loops tighter. That's the new job description for security and compliance analysts in an AI-augmented world.
Software engineers have every right to be aggrieved about absorbing thirty years of change in three. But as Fisher, Vella, Howard, and Rodgers-Pryor all showed in their own ways, adopting AI looks less like rolling over before the dictates of the machine and more like exploring a whole new world. Perils and hardships await, sure. But who's to say that's not the price of admission for a once-in-a-lifetime opportunity?