Thinking in Workflows: Balancing agentic, programmatic, and manual steps

A security reviewer finds a critical issue a day or two before the release of an application. While it's an important issue, it sets the team back weeks, frustrating their product management partners and customers. The review came at the most expensive time in the process.

There are many examples of how work items move through different processes to deliver software in large companies. While GenAI has allowed us to rapidly create code, it also moved and exposed the bottlenecks in our processes. It has also caused us to re-examine where it is most effective to make certain decisions. This is the challenge, and a deliberate blend of automated, programmatic, and human judgment is well suited to help you solve it.

We can borrow from the well-trodden path of value stream mapping here. It is useful for spotting bottlenecks and waste in a given process, but it's also valuable to ask the deeper question of who or what should own each step. Each option earns its place differently. Is there an earlier step that may reduce costs with an agent where it was previously limited by human availability? Or is the stronger determinism of a programmatic step more important for a critical piece of the flow? Some decisions should stay with human judgment, where confidence without context is a liability. The opportunity for security teams and other stakeholders is to scale their impact across these options rather than scaling headcount.