SOC 2 for AI-Native Products: What Changes When Agents Help Write the Code
🕑 June 29, 11:00 AM – 12:00 PM CT
📍 Live Online Session
A practitioner's look at how AI-assisted development breaks traditional SOC 2 controls — and what audit-ready actually looks like when copilots are part of your engineering team.
ABOUT THE WEBINAR
AI agents are now doing the work of mid-level engineers — writing code, reviewing PRs, managing deployments. Headcount is down. Output is up. And the controls your auditor expects to see were never designed for this.
SOC 2 assumes a human approved the change. A human reviewed the code. A human owned the evidence trail. When an agent steps into those roles, the control either gets bypassed quietly — or it was never built for this model at all.
This session, presented by UnderDefense and Boulay — a CPA and risk advisory firm with a dedicated SOC reporting practice serving technology companies across 35 states — walks through exactly where the gaps form, why auditors are now finding them, and what it takes to fix them before they surface in your audit report.
What we'll cover:
1. The new operating reality Agents are handling mid-level engineering work. Informal controls — the ones that relied on humans being in the loop — are quietly disappearing, and speed is covering for it.
2. Why audits got harder We'll walk through five questions AI-native companies consistently can't answer: AI usage policies, code review, change management, access controls, and evidence chain-of-custody.
3. How copilots bypass existing controls Branch protection disabled "just this once." Code review signed off by the agent that wrote the code. Secrets shared informally because the agent needed access. Most of it leaves no trail — which is exactly the problem.
4. Don't game the audit The integrity incidents share one root cause: optimizing for the badge, not for security. Auditors are now looking for manufactured evidence. A clean audit on a gamed environment is a worse outcome than a delayed audit on a real one.
5. The fastest path to certification Solo certification means every gap surfaces during the audit, not before. We'll show how pairing continuous compliance tooling with a security partner that runs the SecOps work the auditor expects compresses the timeline — and produces certification that holds up under scrutiny.
WHAT YOU'LL WALK AWAY WITH:
→ A clear picture of which SOC 2 controls break when AI agents are part of your engineering team
→ The five questions auditors are now asking AI-native companies — and how to answer them with evidence, not documentation
→ A practical framework for closing control gaps before the auditor finds them
→ An understanding of what audit-ready actually looks like in an AI-assisted development environment
WHO SHOULD ATTEND:
CISOs, CTOs, CFOs, VPs of Engineering, and compliance leaders at technology companies — especially those navigating a first SOC 2 audit, preparing for a Type 2 renewal, or managing engineering teams where AI coding tools are already in use.
Register for the webinar
Join the webinar to understand what SOC 2 auditors are now looking for in AI-native environments, where control gaps typically form when copilots are part of the engineering team, and what a realistic path to certification looks like.