Cycode Introduces AI for DevSecOps Security Risks

Transcript

Psychodid has added an AI tool to its security platform that helps teams figure out which software issues are the most dangerous so they can fix them first. Obvious. It also offers other AI tools that suggest fixes and track code changes. These tools give better context and reduce false alarms. As AI creates more coding mistakes and hackers to use AI to find them, having smarter security tools is becoming more important. With new rules and sharpened responsibility between developers and security teams, keeping software safe is now a bigger focus. Do you agree Alistair? Well, I think there's an arms race going on between bad actors and software developers or the infrastructure and dev Secops teams, and that's not news. It's just a change in the tooling that's being used. Ocypode here is doing some analysis of changes that are being made in source code repositories. And identifying things like vulnerabilities in those source code repositories and. More than just identifying that a vulnerability exists, but looking at the criticality of that vulnerability, whether there are other mitigations for the base level of vulnerability built into the code or particularly the infrastructure around it. The psycho tools are aiming to make sure that as developers are fixing vulnerabilities, they're fixing the ones that are actually a risk rather than just hitting everything that's got to see the number assigned to it. I think that's that's a really important thing because. Focusing on where the risk lies is vital to making sure that your safest from compromise. This application security posture management platform that is from psycho mode is definitely going to be helpful, particularly if you're working with open source kind of projects as well. But anywhere that there might be a supply chain attack and we've seen supply chain attacks on people's source code repositories, we saw we covered in the rundown, I think it was last week around a compromise that was in. A plugin for Visual Studio Code was allowing an attack through that Visual Studio Code Lugin these kinds of elements of code coming in from external sources needing to be analyzed and needing to be looked at for changes. This is exactly where psycodes attacking with these AI agents and we should see this being really helpful. Futurum group surveys found that these kinds of dev secops automation tools and cyber security automation orchestration are really important. Things for our customers and that they really are looking for ways to help reduce the risks around the high speed and open development of applications that they have.