What happened
GitLab appointed Chaim Mazal as chief information security officer. Mazal will lead GitLab’s global security organization and oversee the security of GitLab as both a company and a platform.
GitLab said Mazal’s expertise in AI and security operations will help the company deliver the security rigor required by AI agents and address emerging AI-driven threats.
Mazal brings 15 years of security leadership experience, with a background spanning adversarial security and enterprise security program design. His security approach focuses on designing defenses around how attacks are actually constructed and embedding security directly into engineering workflows.
Before joining GitLab, Mazal served as chief AI and security officer at Gigamon, where he led security and the company’s AI program, including governance and responsible adoption across the organization. He previously held senior security leadership roles at Kandji and ActiveCampaign.
Mazal also serves on the advisory boards of Cloudflare, Rapid7, Axonius, and Bugcrowd. Before joining GitLab as CISO, he was a GitLab customer for more than eight years and joined the company’s advisory board to help shape product direction.
GitLab CEO Bill Staples said AI agents are making it more critical for developers to find and fix vulnerabilities before code reaches production. Mazal said frontier models are changing what is possible in software security, while AI-driven attacks are compressing exploitation timelines and agents are creating risks that teams may not yet be equipped to govern.
Who is affected
GitLab customers, developers, security teams, and organizations using GitLab’s DevSecOps platform are directly affected by the appointment.
GitLab said more than 50 million registered users and approximately half of the Fortune 100 trust the company to ship software faster and more securely. Organizations using GitLab for software development, DevSecOps, compliance, and AI-assisted engineering may be affected by how the company’s security program evolves under Mazal’s leadership.
Teams adopting AI agents in software development are especially relevant to the appointment because GitLab framed the role around AI security, agent governance, and emerging AI-driven threats.
Why CISOs should care
This appointment matters because GitLab sits inside software development, DevSecOps, and AI-assisted engineering workflows. Security leadership at a platform used by developers and enterprise teams can influence how security controls are embedded into code, pipelines, governance, and production workflows.
Mazal’s background is also relevant because it combines adversarial security, enterprise security program design, AI governance, and responsible adoption. Those areas align with the challenges CISOs face as AI agents begin to change how software is built, reviewed, tested, and deployed.
The appointment also reflects the growing importance of securing the agentic software development lifecycle. GitLab’s announcement emphasized that AI-driven attacks are compressing exploitation timelines and that agents expose teams to risks they may not yet be ready to govern. For CISOs, that means software security programs need to account for both faster attacker behavior and new AI-driven development workflows.
3 practical actions
- Review how AI agents are governed in software development workflows: GitLab framed Mazal’s appointment around the security rigor required by AI agents. CISOs should assess where agents are used in coding, testing, deployment, and remediation workflows and define who owns their access, outputs, and guardrails.
- Embed security earlier in engineering workflows: Mazal’s approach prioritizes embedding security directly into engineering workflows and designing defenses around how attacks are constructed. Security teams should strengthen pre-production controls, developer guidance, secure code review, and pipeline-based checks before code reaches production.
- Prepare for compressed exploitation timelines driven by AI: GitLab warned that AI-driven attacks are shortening the time between vulnerability discovery and exploitation. CISOs should review whether vulnerability management, software security testing, and remediation workflows can move quickly enough when AI accelerates attacker activity
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.