Developer fatigue in the security context is a specific and underappreciated problem: security tooling that generates too many alerts, requires too much manual triage, or creates workflow friction that slows down development cycles is not just annoying — it is dangerous. Developers who are overwhelmed by security demands find workarounds, bypass controls, and build with less security awareness than they would exercise if the security process were less taxing. The result is a paradox where more security tooling can produce less security.
Stuart McClure's Fast Company article addresses this problem directly and argues that AI-powered application security provides a genuine solution — not by adding more alerts but by dramatically reducing them. A system that can reason about code semantically, understand the actual risk profile of a vulnerability in context, and suppress findings that are either false positives or genuinely low risk in the specific deployment context changes the developer experience from constant interruption to targeted, high-confidence security guidance.
This is the thesis Stuart has been building out at Qwiet AI, and the Fast Company platform gave him the opportunity to make the case to the technology leadership audience that needs to understand it. The article argues that the measure of good application security is not the thoroughness of the scan but the quality of the developer experience it produces — because security that developers route around is worse than no security at all.
The piece reflects Stuart's consistent emphasis on making security practical. The best security solution is one that people actually use, which means it has to fit into workflows rather than fight them.