Secure Code Warrior gives CISOs visibility into developer AI tool usage

Secure Code Warrior has launched a beta program to expand the AI capabilities of its Trust Agent product. The new offering provides CISOs with security traceability, visibility, and governance over developers’ use of AI coding tools.

This upgrade, collectively referred to as Trust Agent: AI, leverages a combination of key signals, including AI coding tool usage, vulnerability data, code commit data, and developers’ secure coding skills, to provide visibility into how AI development tools are impacting risk within the software development lifecycle (SDLC).

Security leaders lack visibility into which AI coding tools, not to mention which LLM is powering them, are being used by developers, how much application code is being generated by AI and whether developers have the right skills to identify and remediate vulnerabilities within AI-generated code.

LLMs don’t just have the potential to generate insecure code, they can also introduce bias into development workflows. As these tools become more deeply embedded in the software development process, trust and traceability must become top priorities for CISOs. Trust Agent: AI delivers the visibility and insights needed to modernize AI-augmented security programs and stay ahead of both current and emerging threats.

Trust Agent: AI is the solution that evaluates the relationship between the developer, the models they use, including the vulnerabilities they introduce, and the actual repository where AI-generated code is being committed.

“AI allows developers to generate code at a speed we’ve never seen before,” said Pieter Danhieux, Secure Code Warrior CEO. “However, using the wrong LLM by a security-unaware developer, the 10x increase in code velocity will introduce 10x the amount of vulnerabilities and technical debt. Trust Agent: AI produces the data needed to plug knowledge gaps, filter security-proficient developers to the most sensitive projects, and, importantly, monitor and approve the AI tools they use throughout the day. We’re dedicated to helping organizations prevent uncontrolled use of AI on software and product security.”

With Trust Agent: AI, Secure Code Warrior offers observability of AI coding tools and LLMs used across an enterprise’s entire codebase. The solution also offers integrated governance at scale through:

• Identification of unapproved LLMs, including visibility into the vulnerabilities LLMs introduce
• Flexible policy controls to log, warn or block pull requests from developers using unsanctioned tools, or developers with insufficient secure coding knowledge
• Output analysis that surveys how much code is AI-generated and where it’s located across repositories