Qwiet AI specializes in proactive cybersecurity, using generative AI (GenAI) and its Code Property Graph (CPG) to secure applications. In this episode, Chetan Conikee, Founder & CTO of Qwiet AI, discusses the evolving role of AI in proactive security and its implications for the development pipeline. Conikee takes us through some of the most pressing security challenges and how Qwiet AI is working to address them.

Qwiet AI, originally named ShiftLeft, was founded to prioritize proactive security analysis in the software development lifecycle. Conikee says, “[ShiftLeft] means move your security analysis to the left, so that you become more preventative, rather than reactive.” Drawing from Conikee’s background in fraud detection and prevention, the company uses its CPG, to map source code to identify potential vulnerabilities. This approach allows engineers to address security concerns early, fostering better design decisions and minimizing reactive fixes.

With the evolution of the security landscape, developers are increasingly being held responsible for mitigating issues but lack incentives to prioritize them. To bridge this gap, Qwiet AI employs gamification techniques such as leaderboards to motivate teams. Additionally, there is a potential for generative AI to handle repetitive analysis tasks and suggest fixes for vulnerabilities, which can significantly reduce engineers’ workloads.

Understanding and correctly utilizing software bill of materials (SBOM) to mitigate risks is crucial. Conikee talks about the concept of reachability, which evaluates whether open-source libraries are used securely and effectively. By providing context-aware insights, Qwiet AI ensures vulnerabilities are identified and addressed before they become exploitable.

Conikee highlights the dual nature of AI in security, acting as both a tool and a target. Associated risks can be generative AI hallucinations, where models invent non-existent libraries, creating potential exploits. Conikee underscores the importance of verifying AI outputs and implementing proactive measures to prevent attacks.

The rise of Kubernetes and cloud-native technologies has reshaped how applications are deployed and managed, introducing new security complexities. Conikee tells us that Qwiet AI has expanded its capabilities to analyze container images and assess vulnerabilities across diverse environments to address these new complexities. By maintaining an agnostic approach to deployment environments, the platform ensures it can support a wide range of organizations regardless of their infrastructure.

Some of the emerging risks related to generative AI include data exposure, compromised interfaces, and the growing sophistication of attacks leveraging AI. Conikee emphasizes the importance of proactive measures, including leveraging generative AI to identify vulnerabilities and implement controls during the design phase. By integrating AI with its foundational CPG, Qwiet AI provides actionable insights that help prevent breaches and ensure secure application development.

Conikee highlights the company’s evolution into a unified platform for multi-disciplinary security. The CPG serves as the backbone for analyzing source code, SBOMs, container images, and AI models. This approach allows organizations to address security holistically, extracting insights from various layers of their technology stack. By consolidating multiple functions into a single tool, Qwiet AI aims to reduce complexity and empower teams to manage security more effectively.

Guest: Chetan Conikee
Company: Qwiet AI
Show: An Eye on AI

This summary was written by Emily Nicholls.