Apiiro Introduces Risk Detection at Design Phase
August 06, 2024

Apiiro introduced Risk Detection at Design Phase, a new, AI-driven capability that automatically analyzes feature requests to identify risks and proactively initiate security reviews or threat models at the earliest stage of the application development lifecycle.

With this new capability, application security (AppSec) practitioners can now scale their secure software development lifecycle (SSDLC) processes by mitigating security and compliance risks before a single line of code is written.

Apiiro customers can proactively address security, data privacy, infrastructure, compliance, and other risks at the onset of development, saving significant time and costs while minimizing rework and accelerating secure software delivery.

Apiiro’s detection of risky feature requests is built on cutting-edge AI technology, including Apiiro’s native private LLM. This model, not accessible by ChatGPT or any other public LLM services, ensures customer privacy and compliance by automatically analyzing feature requests and proactively identifying potential risks associated with:

- Architecture design and security controls: requests for changes in APIs, network, databases, web servers, web clients, logging, serialization and other component configurations, architecture designs, and deployment of new or changed components.

- Sensitive data handling: storing and/or processing sensitive information like PII, PHI payment data fields as part of the application data flow, changing encryption mechanisms, data migrations, writing sensitive data to logs, and using sensitive data as an API return type.

- User permissions and access management: user authentication and authorization, login or registration processes, and changing user permissions.

- Generative AI technology: adding or changing generative AI tools, frameworks, technologies, and the data that is exposed to them.

- Third-party integrations, and open source dependencies: changing or adding open source dependencies and integrations with third-party services.

For each risky feature request, enriched by the code architecture generated by its Deep Code Analysis (DCA) technology, Apiiro’s native private LLM model automatically generates contextual questions for a security review and produces threat stories using the STRIDE model. This automation eliminates the need for manual security processes, accelerating development velocity and deployment of secure code to the cloud, ultimately driving business growth. In addition, Apiiro enhances design risk context by automatically mapping to specific code commits, repositories, and pull requests, providing deeper insight into how potential risks may manifest in the actual codebase.

“Amidst the ever-changing complexity of modern software development processes and application architectures, Apiiro is committed to delivering complete risk-based visibility and protection from design to runtime,” said Moti Gindi, chief product officer at Apiiro. “Building secure software starts with secure design, and the new AI-Driven Risk Detection at Design Phase from Apiiro takes the ‘shift left’ approach a step further, addressing risks even before a single line of code is written. This first-of-its-kind functionality leverages the power of AI to ensure customers have the context required to facilitate efficient security reviews and evolve from a reactive to a proactive approach to application security.”

Share this

Industry News

April 03, 2025

StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.

April 03, 2025

Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.

April 03, 2025

Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.

April 03, 2025

AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.

April 02, 2025

Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.

April 02, 2025

Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.

April 02, 2025

Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.

April 02, 2025

Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)

April 02, 2025

Opsera raised $20M in Series B funding.

April 02, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.

April 01, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.

April 01, 2025

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.

April 01, 2025

Platform9 announced that Private Cloud Director Community Edition is generally available.

March 31, 2025

Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.

March 31, 2025

CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.