Harness has launched two new offerings – AI Security, a new product to discover, test, and protect AI running in your applications, and Secure AI Coding, a new capability of Harness SAST that secures the code your AI tools are writing.
Together, these products further extend Harness’s DevSecOps platform to keep pace with the AI era, covering the full lifecycle from the first line of AI-generated code to the models running in production.
Shift-left tools catch vulnerabilities in code before they reach production. Runtime protection tools block attacks after applications are deployed, and the two rarely talk to each other. Harness was built on a different premise: real DevSecOps means connecting every stage of the software delivery lifecycle, and closing the loop between what you find in production and what you fix in code.
As code ships to production, Web Application & API Protection monitors and defends applications and APIs in real time, detecting and blocking attacks as they happen. And critically, findings from runtime don’t disappear into a security team’s backlog. They flow back to developers to address root causes before the next release. The result is a closed loop: find it in code, protect it in production, fix it fast. All on a single, unified platform.
With the two new tools, Harness is extending that loop into AI, on both sides. Built on Harness’s existing API security platform, AI Security spans a full discover-test-protect lifecycle:
• AI Discovery (GA) automatically inventories an organization’s entire AI attack surface in real time, including calls to external services like OpenAI and Anthropic, surfacing risks such as unauthenticated APIs and sensitive data exposure.
• AI Testing (Beta) actively probes LLMs, agents, and AI-powered APIs for AI-specific vulnerabilities — including prompt injection, jailbreaks, and data leakage — integrated directly into CI/CD pipelines.
• AI Firewall (Beta) inspects and filters LLM inputs and outputs in real time, blocking attacks and enforcing behavioral guardrails based on the OWASP Top 10 for LLM Applications.
Secure AI Coding integrates directly with AI coding assistants like Cursor, Windsurf, and Claude Code, scanning code at the moment of generation rather than waiting for a PR review. Developers see inline vulnerability warnings with the option to send flagged code back to the agent for remediation, without leaving their workflow. Under the hood, it leverages Harness’s Code Property Graph (CPG) to trace data flows across the entire codebase, surfacing complex vulnerabilities that simpler linting tools would miss.
Harness AI Security with AI Discovery is available now in General Availability. AI Testing and AI Firewall are available in Beta. Secure AI Coding is available as part of a free trial of Harness SAST for existing Harness CI customers.
Join our LinkedIn group Information Security Community!
