Qwiet AI today extended the reach of its application security platform that uses artificial intelligence (AI) agents to discover and remediate vulnerabilities in code to now provide deeper integrations with Azure DevOps, Azure Boards and GitHub platforms from Microsoft.

The company has also enhanced its support for webhook notifications, automated data export processes, expanded secrets configuration and made minor user interface (UI) enhancements.

Additionally, Quiet AI is also beta testing observability graphs and reports to provide deeper vulnerability trend analysis.

Finally, the AutoFix AI agents developed by Qwiet AI to remediate vulnerabilities have also been extended to add an ability to analyze data stored in a Static Analysis Results Interchange Format (SARIF) for non-Code Property Graph projects and policy support for code built using the Swift programming language used to build macOS applications.

Quiet AI CEO Stuart McClure said integration with the DevOps platforms from Microsoft comes at a time when they are gaining increased traction. Many application developers are increasingly relying on artificial intelligence (AI) coding tools from Microsoft to build software, he added.

The challenge is that much of that code can contain vulnerabilities because the AI models that were relied on by AI coding tools were trained using examples of flawed code. Unfortunately, too many developers put too much faith in the output of AI coding tools. In some cases, the code created by an AI coding tool might be more secure than the code an inexperienced developer might create, but there is no way to tell without scanning it. The only way to address that issue at scale is to make use of an application security platform such as Qwiet AI that has trained AI agents to both discover vulnerabilities and automatically remediate them, said McClure.

It’s not likely that concerns about vulnerabilities might be holding back adoption of AI coding tools so it’s probable the number of them that will find their way into production environments is only going to increase. The best way to proactively address that issue is to use AI to identify and remediate vulnerabilities as code is being written, added McClure.

In the case of Qwiet AI, that means using a platform that makes use of AI agents to run both static assessment security test (SAST) and software composition analysis to discover vulnerabilities that are then remediated using a series of AI agents that create, test and review changes that will be made to the code. In effect, Qwiet AI is making a case for using AI agents to compensate for the security flaws in AI coding tools.

Hopefully, the code being generated by AI coding tools will steadily improve as they are trained using examples of code that have been vetted for security flaws. In the meantime, however, DevSecOps teams should view any code generated by AI coding tools with at least the same level of suspicion as they would code written by human developers.