Apiiro today unfurled an artificial intelligence (AI) agent trained to prevent large language models from ever generating flawed code in the first place.

Company co-founder and CEO Idan Plotnik said the Guardian Agent developed by Apiiro is designed to be seamlessly embedded anywhere in the software development lifecycle (SDLC), without inundating application developers with alerts they will generally ignore. Instead, Guardian Agent rewrite prompts in real time to prevent flawed code from being generated in the first place, he added.

That approach will enable DevOps teams to deploy AI coding tools without increasing the total number of vulnerabilities and technical debt that is typically now addressed after code has been created, noted Plotnik.

The Guardian Agent is based on an existing Deep Code Analysis (DCA) tool that Apirro used to create AutoFix Agent, which analyzes prompts to identify potential threats using a Software Graph and Risk Graph to provide the context needed to understand in real time the software architecture, runtimes and policies that are unique to an organization.

Guardian Agent takes that capability to the next level by preventing an AI model from generating vulnerabilities or other flawed snippets of code that might violate security policies, said Plotnik. In effect, DevOps teams, rather than relying on reactive analytics to discover issues they need to remediate, can now prevent insecure design and code decisions from ever being made, he added.

Ever since the first AI coding tools were deployed, DevOps teams have been struggling with a paradox. While AI coding tools make developers more productive, they also increase the number of vulnerabilities that need to be remediated. Much of that code, unfortunately, is never properly reviewed, so the number of potential application security issues that organizations might encounter in the months ahead is likely to exponentially increase.

Additionally, much of the code generated by AI coding tools is often overly verbose, which only serves to increase the overall size of the attack surface that needs to be defended, noted Plotnik.

In general, Apiiro expects that application security teams that have a vested interest in reducing the number of vulnerabilities being created will provide much of the funding needed to deploy Guardian Agent. While application security teams have funded the adoption of other tools to analyze code in the past, the main difference now is that Guardian Agent achieves that goal in a way that doesn’t add any additional friction to software development workflows, said Plotnik.

Addressing that issue has now become a much higher priority because CISOs have become aware of the degree to which AI coding tools are creating vulnerabilities that are overwhelming their application security teams, noted Plotnik.

Hopefully, the overall quality of the code being generated by AI coding tools will improve in the months and years ahead. In the meantime, however, DevSecOps teams would be well advised to resolve these and other application security issues at the very source of the problem.