Harness Inc., a software delivery startup that provides artificial intelligence tools for developers to update and monitor applications as they go, today announced it acquired Qwiet AI, formerly known as ShiftLeft Inc., a leader in agentic AI-powered vulnerability detection and remediation.

Harness uses agentic AI to give developers and operations teams, together known as DevOps, a continuous delivery-as-a-service platform that manages code and software testing throughout the development lifecycle. Developers can automate code delivery and integration work, track metrics on releases, and catch problems before they reach production.

Rahul Sood, an industry veteran with experience as former executive at cybersecurity firm Palo Alto Networks Inc. and product manager at Google LLC who is joining Harness as general manager of security, told SiliconANGLE in an interview that the company is acquiring Qwiet AI to reinforce the company’s vision of embedding security directly into the DevOps pipeline.

“This acquisition is another example of Harness’ commitment to building a true AI-native DevSecOps platform,” said Sood. “Qwiet is the best agentic AI application security tool in the market, and we plan to integrate it natively so it becomes part of the fabric of Harness.”

Harness intends to integrate Qwiet’s Code Property Graph alongside the company’s Software Delivery Graph, which will allow the company deeper insights and precision for vulnerability detection and elimination. The CPG is the cornerstone of Qwiet’s service by providing fast and accurate code scanning by mapping the full flow of data and control within applications using an AI engine.

“Customers are still struggling with tool sprawl in all parts of security, especially with scanners,” said Sood. He added that by bringing Qwiet on board, the company will be able to consolidate code security for developers as a native capability rather than a bolt-on tool.

Particularly, the addition of Qwiet will help reduce the amount of labor spent by developers fixing security issues in their code — especially those issues that actually matter first and foremost. Qwiet claims an industry-leading true-positive rate of 97%, an extremely low false-positive rate, and advanced reachability analysis that detects 92% of open-source vulnerabilities to help prioritize developer attention.

By combining deep understanding of code alongside insights into runtime execution, Qwiet and Harness will be able to detect which vulnerabilities are actually exploitable. That will allow developers to focus on risks that matter. Qwiet says its platform goes beyond identifying vulnerabilities. The AI agents provide verified code fixes that can be implemented with confidence.

The acquisition also addresses the growing security challenges posed by AI-generated code. AI-enabled development tools such as “vibe coding” platforms have made it easier for less experienced users to build applications quickly, but they also introduce more vulnerabilities. According to reports the average large language models, for example, generates secure code only about 55% of the time.

“AI-generated code is transforming how software gets built, but it’s also introducing a new wave of hidden vulnerabilities,” said Harness founder and Chief Executive Jyoti Bansal. “By unifying security and DevOps, every build, test and deployment can be secure by default – reducing risk while accelerating innovation.”

Security teams already face a rising tide of more sophisticated attackers; by pushing the detection of security issues further into the development lifecycle, it reduces the chances that dangerous code makes it to production.

The acquisition of Qwiet builds on Harness’ March 2025 merger with Tracable Inc., a cybersecurity company that protects, secures and tests application programming interfaces. APIs are the connective tissue that link different services together, providing a standard for pieces of software to talk to each other.

Sood explained that by combining Harness’ software delivery knowledge, Traceable’s runtime protection and Qwiet’s agentic AI vulnerability detection, the company can deliver a DevSecOps platform that is greater than the sum of its parts.

“These are things that we will be able to combine together in ways that neither a pure AppSec vendor can do nor a pure DevOps vendor can do, and that’s why the combination is so powerful,” he said.

Image: geralt/Pixabay