“We don't run any Windows devices anywhere. So we just don't need that capability to exist in anything we build…”

Shopify CISO Andrew Dunbar recalls that when he started out at the firm, “our MFA enforcement was me running a report every week and [individually] following up with people to say, ‘you need to turn on 2FA’!

Almost 15 years later, he still likes to lead security investigations and hold staff and vendors alike accountable – but says that automated processes facilitated by “vibe-coded” agents and MCP servers do growing amounts of heavy-lifting across the increasingly “AI-first” commerce company.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in