"Cisco has presented a new open-source project designed to help make AI-generated code more secure. The initiative, called Project CodeGuard, provides a framework that allows development teams to integrate security rules directly into the workflow of AI coding tools. Examples include GitHub Copilot, Cursor, and Windsurf. AI coding agents are increasingly being used worldwide to accelerate software development and increase productivity. At the same time, the security of the generated code is often inadequate."
"According to Cisco, basic protection, such as input validation and secure secret management, is often lacking. Many AI systems also use outdated cryptography or rely on components that are no longer supported. Project CodeGuard aims to change that. Cisco describes the framework as unified and model-independent. This means that it can work with different AI systems and development environments. The framework is designed to embed security across multiple phases of the software lifecycle,"
Project CodeGuard provides a unified, model-independent framework that integrates security rules into AI coding workflows across design, code generation, and post-generation phases. The framework supports multiple AI coding agents such as GitHub Copilot, Cursor, and Windsurf, and embeds protections like input validation, secure secret management, and avoidance of hard-coded credentials. It also aims to prevent use of outdated cryptography and unsupported components. Rules can prompt models to handle input securely, flag unsafe user input, and verify validation and sanitization in final code. The framework enables development teams to build security throughout the software lifecycle rather than relying solely on later code review.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]