SAN FRANCISCO, March 18, 2025 (GLOBE NEWSWIRE) -- Archipelo , the pioneer of Developer Security Posture Management (DevSPM), today announced the appointment of Paul Calatayud as Chief Information Security Officer (CISO) and Chief Strategy Officer. A respected cybersecurity leader with over two decades of experience, Calatayud has shaped cloud security as Global CSO at Palo Alto Networks (PANW), reporting to Nir Zuk (PANW Founder & CTO), and as CISO at Aqua Security. His arrival strengthens Archipelo’s mission to deliver developer security—bridging code creation, cloud security, and AI-driven development.

AI-powered software development is growing at an unprecedented pace, with more than 75% of developers now using AI-assisted coding tools ( Exploding Topics, 2024 ). While these tools boost efficiency, they also introduce new risks. Recent research found that roughly 40% of AI-generated code contains security vulnerabilities . Yet, while many security tools focus on detecting vulnerabilities after software is deployed, they are not designed to secure both AI-generated and human-written code at the point of creation. Archipelo takes a different approach—proactively preventing risks as code is written, ensuring security before it ever reaches production.

A Critical Moment for Cybersecurity

Calatayud’s appointment signals a major shift in cybersecurity, positioning Developer Security Posture Management (DevSPM) as the next critical frontier. With rising cyber threats, enterprises must secure software from the start—amid shifting geopolitics, uncertain U.S. cybersecurity policies, and a shrinking federal workforce. Meanwhile, AI-driven development surges, and adversaries exploit vulnerabilities in Large Language Models (LLMs), AI-generated code, and third-party dependencies. Security can no longer be an afterthought—it must be embedded in development from day one. At PANW and Aqua Security, Calatayud tackled cloud-native security challenges, uncovering a key gap: developer security posture—ensuring software is built secure from the ground up, rather than fixed post-deployment.

“The biggest security risk isn’t just in the code—it’s in how it’s created,” said Paul Calatayud. “AI-driven development is moving faster than security can keep up, and traditional approaches aren’t designed to secure software at its inception. DevSPM changes that by embedding security into developer workflows, ensuring vulnerabilities are addressed before they become breaches. I’m excited to help shape this category and make developer security a fundamental pillar of enterprise security strategies.”

Defining the DevSPM Category

As AI speeds up software development, traditional tools—Application Security Posture Management (ASPM), Cloud Security Posture Management (CSPM), and Cloud Native Application Protection Platform (CNAPP)—lag, focusing on post-development fixes. DevSPM integrates into developer workflows and supercharges ASPM, CSPM, and CNAPP—creating a seamless developer-to-code-to-cloud security model. Archipelo’s DevSPM shifts the paradigm:

DevSIEM tracks developer actions, AI-generated code, tooling and dependencies at inception, catching risks early.

embeds real-time detection and response into DevSecOps, stopping vulnerabilities at their source.

Momentum Builds with Proven Leadership

His appointment comes on the heels of Archipelo’s $12 million funding round and growing DevSPM adoption among Fortune 500 customers. Investors, security leaders, and enterprises are taking notice and embracing DevSPM, drawn to its proactive approach to embedding developer security during code creation—rather than merely responding to threats post-deployment.

“Paul combines unmatched experience, strategic vision, and leadership,” said Matthew Wise, Archipelo CEO & Co-Founder. “His PANW and Aqua experience, paired with his expertise in developer-first security, positions him perfectly to advance DevSPM forward. With Paul, we’re not just creating a platform—we’re redefining how software is secured from the start.”

About Archipelo

Archipelo is pioneering Developer Security Posture Management (DevSPM)—helping enterprises secure software at its source by focusing on developer actions and AI-generated code risks—from developer-to-code-to-cloud. Founded by experts from NASA, the Department of Defense, AWS, Google, Cisco, Facebook, Harvard, and MIT, the company is backed by Dell Technologies Capital, Zoom CEO Eric Yuan, Andy Bechtolsheim, Bill Tai, Nima Capital, HackVC, and other top investors. For more information, visit www.archipelo.com .

