"Secure AI Coding is an extension of the static application security testing (SAST) and software composition analysis (SCA) capabilities that Harness already provides. Additionally, Secure AI Coding leverages a Code Property Graph (CPG) developed by Harness to trace how data flows through the entire application to surface complex vulnerabilities such as injection flaws and insecure data handling."
"The AI Security module, meanwhile, discovers every call to a large language model (LLM), Model Context Protocol (MCP) server or AI agent that is being made over an application programming interface (API)."
"The AI Security module itself will have multiple components, starting with an AI Discovery tool that is now generally available. Harness has also developed an AI Testing tool that are purpose-built to discover threats to models in a way that is integrated within a continuous integration/continuous development (CI/CD) platform and an AI Firewall that inspects and filters LLM inputs and outputs in real time to block, for example, prompt injection attacks."
Harness introduced Secure AI Coding, extending its existing SAST and SCA capabilities to automatically secure code written by AI tools. This feature uses a Code Property Graph to trace data flows and identify complex vulnerabilities like injection flaws and insecure data handling. The new AI Security module discovers all LLM, MCP server, and AI agent API calls within applications. The module includes an AI Discovery tool now generally available, plus beta AI Testing and AI Firewall components that inspect and filter LLM inputs and outputs in real time to prevent prompt injection attacks. Harness partnered with Wipro to accelerate AI-native software delivery, aiming to simplify addressing security issues during development and runtime.
Read at DevOps.com
Unable to calculate read time
Collection
[
|
...
]