Agentic AI Powers New Harness DevSecOps Suite
The same year that Jyoti Bansal sold the application intelligence company he founded, AppDynamics, to Cisco Systems for $3.7 billion, he created Big Labs to pursue startup ideas. Through Big Labs, Bansal in 2017 launched Harness, a software delivery platform company, and three years later founded API security startup Traceable.
Now Bansal — the CEO of both companies — and Sanjay Nagaraj, Traceable’s co-founder and CTO, are bringing the two companies together under the Harness name to create a single AI-native DevSecOps entity that will give developers the tools to build, deliver, and secure their software.
The move dovetails with the ongoing convergence in the industry of application development and security, fueled by the continued acceleration of software creation and the need to ensure the products are secure. Organizations for several years have been urged to “shift left” — to integrate security into the software development pipeline — an idea supported by the federal government and IT vendors through the “secure by design” mantra.
Security is now central to what programmers are doing, not only during the software development lifecycle (SDLC) but also at runtime, according to Nagaraj.
“Gone are the days where security and operations used to come in and say, ‘Software got released now and three months ago it was built. Now I’m going to go do a bunch of tests on it and then I’m going to go write a bunch of policies at runtime to go protect it,’” he told The New Stack. “Because code is getting shipped so continuously, it’s no longer enough to say, ‘I have these policies set up.’ The policies are outdated already. That means that the policies in SDLC have to be accurate based on the development of the code itself; the policies that are deployed at runtime have to take into consideration the developer lifecycle itself that it went through to get to production.”
DevSecOps Takes Hold
The rise of DevSecOps is a reflection of the need to integrate security into software development, a need made even more critical by the introduction of AI into the mix, which is only quickening the pace of application development and delivery. The global DevSecOps market is expected to grow quickly, from about $7.5 billion in 2023 to $32.4 billion by 2030.
Bringing Harness and Traceable together was a natural step in an environment that is still trying to find the right mix of software development speed and security.
“Harness understands how applications are coded and applications are built,” Nagaraj said. “Traceable understands how applications are used through the SDLC into production. How about we marry the data where development data and runtime production data come through together to form insights? That’s where we decided to get together.”
The idea was made even clearer over the past 18 months, as customers in discussions with Harness asked to reserve time to talk about Traceable, and vice versa. Nagaraj said about 70% of Traceable customers also use Harness. Both companies count some heavy hitters as customers, including United Airlines, Ancestry.com, VMware, and The Home Depot for Harness and Informatica, Credit Karma, and Bullish for Traceable.
Prepping for Competition
The plan is for Traceable to become the application security unit within Harness, with Nagaraj its general manager and Bansal the CEO. The integration of the data from each company will take six to 12 months, Nagaraj said. For example, Harness has its Internal Development Portal that will be infused with API and other data from Traceable, which he said “means that the customers of Traceable and customers of Harness can look at an integrated product to provide an asset inventory for them, asset management for it overall as a single system.”
The company will find itself in competition with the likes of Akamai, which bought API security startup Noname last year for $450 million, and F5, Nagaraj said. Such companies are trying to bolt on app development or security features to create a platform, he said.
A Platform With a Natural Fit
Harness and Traceable already have natural symmetries, from a shared culture and leadership to portfolios that complement each other.
“There are two ways of building any platform companies,” Nagaraj said. “Either you go and acquire a bunch of companies and start to sell all of those as independent modules and the people have different experiences. That is, there is no data that is being shared between those products, and it looks like actually you put together the five companies and trying to say it’s platform.”
Right now, Harness has more than a dozen modules on its DevOps platform, from continuous integration and infrastructure-as-code management to incident response and feature management and experimentation. Traceable has five that address such areas as attack detection and prevention, threat hunting, and discovery and posture management. More modules are on the way.
The Role of Agentic AI
Unsurprisingly, AI — in particular, agentic AI — will be a key focus for the merged company. Agentic AI is the latest innovation in the evolving market, with intelligent agents able to work autonomously to solve complex problems with little to no human intervention. Bansal and Nagaraj envision building a library of AI agents for the DevSecOps platform that will use datasets from both Harness (software development, testing, and delivery) and Traceable (security patterns and API application use), with the goal of optimizing and securing every step of the software delivery lifecycle.
“If agents are as good as the data that it has, if we can bring together both of these things, with the data coming together into a unified platform, that means we can actually [leverage] all of these native agent workflows that optimize not only software delivery, but security at every stage of the software delivery process, starting from the design into the code, into the deployment and then running it in production,” he said. “That AI agent ecosystem is where we believe that we will be in a very strong position by combining the two companies.”
In a blog post, Bansal wrote about the convergence of application development and delivery with security, the accelerated pace of code writing that the world’s 37 million software developers are facing — thanks in large part to AI — and the need to balance software development velocity and security.
He also wrote that the sale of AppDynamics to Cisco eight years ago felt like the end of a journey.
“However, in this case, Harness and Traceable coming together feels like the early stages of our odyssey,” the CEO wrote. “As yet another phase begins, under the Harness banner, I can’t wait to see where it takes us.”
The Company
The company under the Harness name will have more than 1,100 employees around the globe and more than $250 million in annualized revenue this fiscal year, which the companies said represents 50% year-over-year growth. The company will have a valuation of about $5 billion, Bansal and Nagaraj also plan to eventually take it public, a position that AppDynamics was on the brink of before Cisco bought it.
