A must-watch for CISOs, security leaders, product leaders, AppSec teams, ethical researchers, and anyone trying to understand what AI is changing in cybersecurity right now.
In this episode of CXO Spotlight, Nidhi Aggarwal, Chief Product Officer at HackerOne, lays out why this moment in cybersecurity is structurally different from what came before. The old model assumed defenders had time. That assumption is now breaking. As Nidhi explains, the zero-day clock moved from 23.2 days last year to just 20 hours, forcing security leaders to rethink not just tooling, but the entire operating model behind detection, validation, prioritization, and remediation.
Why you should watch: The long-term vision she paints is ambitious but concrete: a self-healing security layer. AI continuously tests the attack surface, identifies where risk is rising, routes the right human attention to the right places, validates what is real, prioritizes contextually, and drives remediation patterns that eliminate recurring bug classes rather than just patching single issues. In that model, AI is not a side tool. It becomes part of the defense fabric.
What Candace Holt breaks down in this episode:
- Why the zero-day clock collapsing to 20 hours changes everything
- Why the old CISO playbook assumed remediation time that no longer exists
- What continuous defense actually means in practice
- Why vulnerability ops could become the DevOps moment for security
- Why bug class elimination matters more than one-off patching
- How AI and ethical researchers now work together, not against each other
- What HackerOne’s platform data says about rising report volume and real exposure
- Why the best security teams will become more aligned with engineering and business speed
- How to explain this new cybersecurity posture to the board
- What a self-healing security future could look like
🎧 Listen on Spotify · Apple Podcasts
🔗 Follow
Chirag Khanijau
