Application security posture management platform startup Legit Security Ltd. today announced the launch of new artificial intelligence discovery capabilities within its application security posture management platform.

Claimed to be an industry first, the new AI discovery capabilities are designed to enable secure application delivery by providing visibility into the use of AI and large language models in software development processes. The service bridges the gap between security and development teams, ensuring that applications are secure, compliant and delivered efficiently without compromising software delivery timelines, according to the company.

Legit Security argues that new risks arise as developers harness AI’s and LLMs’ power to develop and deploy capabilities more quickly. AI-generated code may contain unknown vulnerabilities or flaws that put the entire application at risk, can introduce legal issues if copyright restrictions exist and can lead to data exposure. The company says that despite this, security teams struggle to understand how developers use AI-generated code, resulting in security blind spots that impact both the organization and the software supply chain.

Legit’s platform enables security leaders, such as chief information security officers, product security leaders and security architects, to gain comprehensive visibility into risks across the development pipeline from the infrastructure to the application layer. With a clear view of the development lifecycle, customers can ensure that any code deployed is traceable, secure and compliant, the company says. The new AI code discovery capabilities allow the platform to close a significant visibility gap by taking preventive actions that decrease the risk of legal exposure and ensure compliance.

“AI offers huge potential to enable developers and organizations to deliver and innovate faster, but it is important to understand whether such decisions introduce risk,” said Liav Caspi, co-founder and chief technology officer at Legit Security. “Our aim is to ensure nothing stops developers from delivering while providing security and the confidence they have visibility and control into the usage of AI and LLMs.”

Features of Legit’s service include insights into AI-generated code from tools like GitHub Copilot, repositories using LLMs, MLOps services and other code generation tools. The capabilities enable the enforcement of security policies, such as mandating human reviews of all AI-generated code and providing real-time notifications of generative AI code usage for transparency and accountability.

The platform also acts as a safeguard against the deployment of vulnerable code, including code generated by AI, while scanning for and alerting on specific risks associated with LLMs, such as prompt injection and insecure output handling. Doing so ensures that applications remain secure, compliant and reliable throughout the development lifecycle.

Legit Security is a venture capital-backed company, having last raised $40 million in funding in September. Investors include Charles River Ventures LLC, Cyberstarts Inc., Bessemer Venture Partners LLC and Technology Crossover Ventures LLC.

Image: Legit Security