Harness has unveiled two new products: AI Security, a new solution to discover, test, and protect AI running in your applications, and Secure AI Coding, a new capability within the Harness Static Application Security Testing (SAST) platform that secures the code generated by AI tools.
Together, they extend Harness’s DevSecOps platform into the age of AI, covering the full lifecycle, from the first line of AI-generated code to the models running in production.
Protecting against today’s AI threats
According to Harness’s State of AI-Native Application Security, 66% of respondents said they are “flying blind” when it comes to securing AI-native apps, while 72% call shadow AI a gaping chasm in their security posture.
Meanwhile, 63% believe AI-native applications are more vulnerable than traditional IT applications.
Harness says its new AI Security product is built to take on these rising threats, particularly by securing the entire AI attack surface.
“Harness AI Security is built on the foundation of our API security platform. Every LLM call, every MCP server, every AI agent communicating with an external service does so via APIs,” Harness said in an official statement.
“Your AI attack surface isn’t separate from your API attack surface; it’s an expansion of it. AI threats introduce new vectors like prompt injection, model manipulation, and data poisoning on top of the API vulnerabilities your teams already contend with. There is no AI security without API security.”
AI Discovery introduces inventory capabilities for the AI attack surface
With the launch of AI Security, Harness is introducing AI Discovery in General Availability (GA). AI Discovery automatically inventories the entire AI attack surface in real time, including calls to external GenAI services that could expose sensitive data.
It also surfaces runtime risks, such as unauthenticated APIs calling LLMs, weak encryption, or regulated data flowing to external models.
AI Testing and AI Firewall are now available in beta
Beyond discovering and inventory, the platform is also introducing AI Testing and AI Firewall in beta, extending AI Security across the full discover-test-protect lifecycle.
Below is an overview of both features:
- AI Testing actively probes LLMs, agents, and AI-powered APIs for vulnerabilities unique to AI-native applications, including prompt injection, jailbreaks, model manipulation, data leakage, and more.
- AI Firewall actively protects AI applications from AI-specific threats, such as the OWASP Top 10 for LLM Applications. It inspects and filters LLM inputs and outputs in real time, blocking prompt injection attempts, preventing sensitive data exfiltration, and enforcing behavioral guardrails on your models and agents before an attack can succeed.
Securing AI-powered coding
On the other hand, Secure AI Coding, according to Harness AI, addresses the vulnerabilities that popular AI tools such as Cursor, Windsurf, and Claude Code can introduce into the codebase.
“AI coding assistants now contribute to the majority of new code at many organizations — and nearly half (48%) of security and engineering leaders are concerned about the vulnerabilities that come with it. AI-generated code arrives in larger commits, at higher frequency, and often with less review than human-written code would receive,” Harness said.
“Secure AI Coding stands out from simpler linting tools due to it leveraging Harness’s Code Property Graph (CPG), allowing it to trace how data flows through the entire application – before, through, and after the AI-generated code in question,” the company added.
Solution surfaces vulnerabilities like injection flaws
As a result, Secure AI Coding can surface complex vulnerabilities, such as injection flaws and insecure data handling, that only become visible within the broader context of the codebase.
Harness says this leads to security that understands developers’ applications — not just the last piece of code an AI assistant wrote.
Like Harness AI Security, Secure AI Coding is now also available through the Harness platform.