Why Thomas Dohmke Is Back to Fix AI Security Risks

Thomas Dohmke, the former CEO of GitHub, has stepped into a new role, and this time his focus is squarely on one of the biggest threats facing software teams today. After leaving GitHub a few months ago, he is now joining Apiiro as a strategic advisor, stepping directly into the center of the fast-growing battle to secure AI-generated code.

His move signals a shift happening across the entire industry. As developers rely more on AI coding tools, the risk of hidden vulnerabilities is climbing. Attackers have learned to exploit weak points created by automated code suggestions, and security teams are struggling to keep up. Dohmke said this wave of AI-driven development is powerful, but it also introduces fresh attack surfaces that companies can no longer ignore.

He pointed out that developers now jump between many AI coding agents without fully understanding how these tools interpret security policies. AI models write code fast, but they don’t naturally understand every rule a company must follow to avoid breaches, leaks, or compliance failures. This gap creates a new kind of security blind spot where unsafe code can slip into production quietly and spread across entire systems before anyone notices.

Apiiro wants to close that gap by giving AI code generation the one thing it currently lacks: context. The company’s platform plugs into code management tools and maps the entire security posture of a project. It understands policies, risk levels, architectural rules, and compliance boundaries. Dohmke believes this context is what keeps AI tools from accidentally putting companies at risk. It acts as a protective layer that—before any code ships—can identify dangerous patterns and stop them before attackers get a chance.

He explained that many teams are moving fast and dealing with large, complex repositories that change daily. That speed makes it easier for mistakes to hide. Apiiro’s system watches that activity in real time, looking for anything that weakens the security boundary. It doesn’t wait for a human to review thousands of lines of code; it steps in immediately and handles certain fixes automatically. This approach reduces the pressure on developers, while still guarding the most sensitive parts of the codebase.

The rise of AI-generated code has created new challenges that existing tools were not built for. Traditional code scanners often miss AI mistakes because these models write in patterns that don’t follow standard rules. Attackers now hunt for these weak points, knowing companies depend on AI tools more each month. Dohmke sees this trend clearly after years watching GitHub’s developer ecosystem evolve. He believes building modern software now requires new layers of security intelligence that operate at the same speed as AI.

Apiiro has already drawn strong interest from the security world, raising over $100 million from leading investors like General Catalyst, Greylock, and Kleiner Perkins. The company is led by CEO Idan Plotnik, who has built and sold security companies in the past and spent years at Microsoft strengthening enterprise defenses. Dohmke met Plotnik three years ago and said he was immediately drawn to the mission and the urgency behind it.

He also noted that AI development is no longer limited to engineers. People across product, design, operations, and marketing teams now use AI tools to prototype apps, draft workflows, and build internal systems. This shift dramatically increases the amount of code entering a company’s environment, much of it created by people who may not have deep security training. With every new line of code, the attack surface grows, and the threats evolve.

This is exactly where Dohmke believes Apiiro can have the greatest impact. By understanding the intent and security requirements behind a project, the platform can act as a protective intelligence layer that sits between AI tools and production systems. Instead of leaving security teams overwhelmed, Apiiro guides the AI agents to stay within safe boundaries. It becomes the guardrail for an era of high-speed development.

He said his decision to join wasn’t about equity or compensation. It was about timing and responsibility. After leaving GitHub, he saw how fast AI was racing into every corner of software creation. With that rush came an explosion of new vulnerabilities, and companies needed a way to respond that didn’t slow them down. Apiiro’s approach, combining deep context with real-time security enforcement, felt like the right solution at the right moment.

His move also reflects the broader shift happening across the security world. Attackers are no longer waiting for teams to write code manually. They exploit mistakes produced at machine speed. They target misconfigurations, unsafe libraries, leaked secrets, and inconsistent code patterns introduced by AI tools. Dohmke believes the next generation of security platforms must understand all of these risks, not as isolated issues, but as part of a connected system.

Apiiro positions itself as that system. It tracks code changes, developer intent, external dependencies, and architectural rules. It knows who wrote what, which tool generated which line, and how that fits into the company’s overall security posture. It can spot deviations instantly and respond before attackers do. This level of visibility is becoming essential as companies move deeper into AI-powered development.

By bringing in Dohmke, Apiiro gets an advisor who understands developers, understands AI, and understands the scale of modern security threats. For years at GitHub, he watched how billions of lines of code flowed through the platform and how developers adopted AI assistance at massive speed. Now he wants to help ensure that the next stage of this evolution doesn’t leave companies exposed.

He believes the future of secure software hinges on one principle: security must match the speed of AI. Companies cannot treat security as an afterthought or a post-release checklist anymore. It has to be built into the workflow from the first line of code, whether written by a human or a machine. Apiiro’s technology aims to make that possible, and Dohmke’s role is to guide that mission as the industry shifts under everyone’s feet.

As more employees generate code and digital products with AI tools, the risk levels rise. Dohmke sees the trend clearly. Companies need a new kind of safety net, one that protects codebases without slowing down innovation. Apiiro wants to build that net, and with Dohmke joining forces, the company is making a strong bet on a future where speed and security can finally operate together.