Secure Code Warrior Debuts AI Traceability to Boost Developer Security

Secure Code Warrior, a prominent name in Developer Risk Management (DRM), has initiated a beta program for a significant enhancement to its Trust Agent platform. This new module, called Trust Agent: AI, is designed to give Chief Information Security Officers (CISOs) unprecedented traceability and governance over the AI coding tools their development teams employ. By integrating data on AI tool usage, code vulnerabilities, commit histories, and individual developer security skills, the platform offers a comprehensive view of how artificial intelligence influences risk throughout the software development lifecycle.

A primary challenge for security leaders today is the lack of clarity around which AI assistants and their underlying large language models (LLMs) are in use. Without this insight, it becomes difficult to gauge the volume of AI-generated code or assess whether developers possess the necessary expertise to spot and fix security flaws within it. As LLMs can sometimes produce code with inherent vulnerabilities or biases, establishing trust and traceability is no longer optional but a critical component of modern security strategy. This solution aims to deliver the deep analytical insights required to fortify an organization’s security posture against both current and future threats.

What sets Trust Agent: AI apart is its ability to analyze the dynamic between the developer, the specific AI models they utilize, and the code repositories where the AI-generated output is integrated. It evaluates the security implications of this interaction in real-time. While general availability is slated for 2026, interested organizations can currently join an early access list for the beta phase.

Pieter Danhieux, Co-Founder and CEO of Secure Code Warrior, commented on the accelerating pace of development. “AI empowers developers to write code at an incredible velocity,” Danhieux noted. “The downside is that if a developer who lacks security awareness uses an inappropriate LLM, this tenfold increase in speed could lead to a tenfold rise in vulnerabilities and technical debt. Our new tool generates the essential data to close these knowledge gaps, assign security-proficient personnel to critical projects, and continuously monitor and approve the AI tools in use. Our goal is to help companies avoid the pitfalls of unregulated AI adoption on their software security.”

The platform provides extensive observability, tracking the AI coding tools and LLMs deployed across an enterprise’s entire codebase. It also enforces integrated governance at scale through several key features. It identifies the use of unapproved LLMs and details the specific vulnerabilities they might introduce. The system includes flexible policy controls that can be configured to simply log activity, issue warnings, or outright block pull requests originating from developers using unsanctioned tools or those who have demonstrated insufficient secure coding knowledge. Furthermore, it performs output analysis to determine the proportion of code generated by AI and pinpoints its location within various repositories.

Secure Code Warrior specializes in building developer competency in security and risk management. The company’s agile learning platform is recognized as a leading solution for helping developers learn, apply, and retain secure software principles. Over 600 enterprises rely on Secure Code Warrior to implement dynamic security training programs and ensure the applications they deploy are robust and secure.

(Source: ITWire Australia)