The rapid adoption of AI coding assistants has introduced a new and pressing challenge for the software industry: ensuring the security of AI-generated code. Harness, a software delivery platform provider, is tackling this today with two significant product announcements aimed at securing the entire Software Development Life Cycle (SDLC), from the moment code is written to its operation in production.
Securing the Inner Loop: AI-Powered Code Security
The first announcement, the Secure AI Coding solution, focuses on integrating security directly into the AI coding experience, or what the company refers to as the “inner loop” of the SDLC. Recent data, including findings from Harness’s own DevOps Modernization Report, suggests that code produced by AI coding assistance tends to have more vulnerabilities. Nearly half of heavy AI coding tool users report that compliance and security issues have become a greater concern since adoption.
“I think one of the big opportunities that AI coding assistants now offer us is we can now bake security into the AI coding experience,” Rahul Sood, Harness GM, told SD Times. He indicated the launch initially supports Claude, Windsurf and Cursor. “For these integrations, we are using hooks which allow us to trigger a workflow around scanning the code, so the code that gets generated from that prompt is secure by default from the start.”
He noted that users can define guardrails as part of the prompt for generating the code, and they can also scan that code as it’s being generated for vulnerabilities in near real time and then remediate those vulnerabilities.
Furthermore, Harness is adopting a hybrid approach to code scanning, combining the capabilities of Large Language Models (LLMs) with traditional Static Application Security Testing (SAST) and heuristic scanning techniques. This move counters the notion that LLMs alone are sufficient for secure application scanning, ensuring a more robust and comprehensive defense against vulnerabilities in the new era of high-velocity AI-powered code generation.
Extending Runtime Security to AI Applications
The second major announcement addresses the “outer loop”—the 80% of the SDLC that covers testing, deployment, governance, and runtime security. Harness is extending its existing Web Application and API Security platform to cover the runtime security of AI applications.
Keeping up with the speed of code generation ” requires you to adjust your downstream SDLC process because you cannot continue to rely on a manual, bespoke process,” Sood said.
This new capability, called AI Security, allows customers to use their familiar platform to discover, test, and protect their AI applications. Key features include:
- AI Application Discovery: Automatically identifying and mapping all components of an AI application, including LLM models, endpoints, and servers.
- Risk Assessment: Identifying sensitive data sharing and leakage risks associated with AI endpoints.
- Runtime Protection: Defending against modern threats specific to AI systems, such as prompt injection, toxic content generation, and jailbreaking.