Application security posture management company Apiiro Ltd. today announced a new artificial intelligence-driven capability that automatically analyzes feature requests to identify risks and proactively initiates security reviews at the earliest stage of the application development lifecycle.

Called Risk Detection at Design Phase, the new service is claimed to be a first-of-its-kind capability that allows application security practitioners to scale their secure software development lifecycle process by mitigating security and compliance concerns before a single line of code is written.

The new service is seeking to address the issue wherein security products on the market today detect risks only after the development process has begun. Apiiro argues that current products result in wasted time for developers due to manual risk assessment questionnaires which impact release velocity and business business.

Risk Detection at Design Phase differs in doing what its name suggests — assess risks at the design phase. With the new service, users can address security, data privacy, infrastructure, compliance and other risks at the beginning of development, with the net result being significant time and cost savings, minimized rework needs and accelerated secure software delivery, according to the company.

The new service is built on AI technology, including Apiiro’s native private large language model. The private LLM, which is not publicly accessible, ensures customer privacy and compliance by automatically analyzing feature requests and proactively identifying potential risks.

Risks identified by Risk Detection at Design Phase include generative AI technology adjustments, sensitive data handling procedures, user permissions and access management, third-party integrations and open source dependencies, and architecture design and security controls.

Apiiro’s private LLM model automatically generates contextual questions for a security review and produces threat stories, eliminating the need for manual security processes and accelerating development velocity and deployment of secure code to the cloud. The new service enhances design risk context by automatically mapping to specific code commits, repositories and pull requests, providing deeper insight into how potential risks may manifest in the actual codebase.

“Building secure software starts with secure design and the new AI-driven Risk Detection at Design Phase from Apiiro takes the ‘shift left’ approach a step further, addressing risks even before a single line of code is written,” said Chief Product Officer Moti Gindi. “This first-of-its-kind functionality leverages the power of AI to ensure customers have the context required to facilitate efficient security reviews and evolve from a reactive to a proactive approach to application security.”

Risk Detection at Design Phase is being demonstrated at the annual Black Hat USA conference in Las Vegas through Aug. 8.

Image: Apiiro