In this episode of Terminal Value, I'm joined by Shan Kulkarni, co-founder and CEO of Nullify — an AI-native product security company building AI agents for application security.

We discuss why the old "shift left" promise often created more work for security teams, how Nullify uses agents, Vault, context, memory, and tooling to automate AppSec workflows end to end, and what changes when software starts getting measured like labor rather than seats.

IN THIS EPISODE, WE COVER:
- What application security is, and why legacy scanners create alert backlogs
- How AI agents triage vulnerabilities, validate exploitability, open pull requests, follow up in Slack, and close the loop
- Why Vault and customer-specific context are central to Nullify's product advantage
- Where humans still matter: threat modeling, design reviews, architecture, and stakeholder translation
- Why Nullify's ICP starts around companies with 50+ developers
- Campaigns, campaign lookbacks, and merge-ready rate
- Pricing AI agents against security headcount and operating expense
- How security jobs may evolve as AI takes over more repetitive workflow execution
- Why agentic systems create the next major security surface

Subscribe for conversations on applied AI, vertical SaaS, and where value accrues in software businesses.

#ApplicationSecurity #AppSec #Cybersecurity #AI #TerminalValue