Harness is expanding its DevSecOps platform with AI Security and Secure AI Coding. The first module detects, tests, and protects AI components in applications. The second scans code from AI code assistants directly within the IDE.
AI is changing not only what organizations build, but also how they do it. Harness is addressing these new risks with two new products: AI Security and Secure AI Coding. Together, they cover the entire lifecycle, from the first line of AI-generated code to the models running in production.
At the core of AI Security is AI Discovery, which is generally available today. The module automatically maps the entire AI attack surface in real time, including LLM calls, MCP servers, AI agents, and third-party tools from OpenAI and Anthropic.
In addition to discovery, Harness is also introducing AI Testing and AI Firewall, both in beta. AI Testing actively tests for AI-specific vulnerabilities, such as prompt injection, jailbreaks, and data leaks. Traditional DAST tools often cannot detect these types of vulnerabilities. The AI Firewall filters LLM inputs and outputs in real time, blocking attacks before they succeed. Unlike traditional WAF rules, the firewall automatically adapts to new attack patterns.
Earlier this year, Harness launched an Artifact Registry with integrated AI security checks, which blocks vulnerabilities before they reach CI/CD pipelines.
Secure AI Coding
Secure AI Coding addresses a different problem: the vulnerabilities introduced by AI coding tools into codebases. Nearly half of security and engineering leaders are concerned about the security of AI-generated code. AI-generated code often arrives in larger commits, is pushed more frequently, and is reviewed less often than human-written code.
The new module integrates directly with Cursor, Windsurf, and Claude Code and scans code at the moment of generation within the IDE. A developer sees the vulnerability warning inline, with the option to send the code directly back to the AI agent for remediation. A key technical distinction is Harness’s Code Property Graph (CPG), which tracks data flows across the entire application—not just the AI-generated portions.
AI Security with AI Discovery is generally available today. AI Testing and AI Firewall are in beta. Secure AI Coding is part of Harness SAST and can be integrated with existing AI code assistants.