Harness today revealed it has acquired Qwiet AI to add an application security tool that uses artificial intelligence (AI) agents to discover and remediate vulnerabilities in code.
Newly appointed Harness general manager Rahul Sood said Qwiet AI will be integrated with Traceable, a sister company that Harness acquired earlier this year to add a platform to secure application programming interfaces (APIs) and extend the reach of a software supply chain module and an orchestration framework for security testing that Harness already provides. Harness has also developed its own AI agent to automate security tasks using the Harness AI platform.
Collectively, all these capabilities provide the foundation upon which Harness will enable DevSecOps workflows to be more deeply integrated into the software development lifecycle (SDLC), said Sood.
Previously known as ShiftLeft, Qwiet AI in addition to developing AI agents, has developed Code Property Graph (CPG) that combines abstract syntax trees (ASTs), control flow graphs (CFGs), and program dependence graphs (PDGs) into a single graph structure that makes it simpler to understand how code has been constructed. Armed with those insights, Qwiet AI then surfaces fixes to vulnerabilities that developers can then review before applying.
That approach will then enable Harness to provide an application security testing tool that is natively integrated into its platform, versus requiring DevSecOps teams to acquire and maintain integrations with a third-party tool, said Sood.
The overall goal is to truly make application security a first-party citizen within a DevOps workflow, which is a requirement that rival providers of DevOps platforms continue to only pay lip service to at a time when, with the rise of AI coding tools, the number of vulnerabilities that are being created is starting to exponentially increase, he added.
Code generated using AI tools can also often inherit insecure patterns, omit safeguards, and even introduce fabricated dependencies. Unfortunately, software development teams are already being overwhelmed by alerts, so there clearly needs to be a different approach that relies more on AI to address issues being created by AI coding tools. DevOps teams need to be able to both shift left to enable application developers to resolve issues with less toil as code is being written, while also protecting application runtimes by shielding right, said Sood.
Ultimately, Harness is making a case for a system of AI agents to automate DevOps workflows in ways that enable application development teams to build and deploy software faster in the age of AI, which is also more secure.
Each application development team will need to determine to what degree they will need to acquire a new DevOps platform to achieve that goal, versus alternatively waiting to see how AI agents might be added to existing workflows based on legacy tools and platforms. Regardless of approach, the one thing that is certain is that DevOps workflows will one way or another soon be radically transformed as AI advances continue to rapidly accelerate.
