Using language models to improve application security culture, raised pre-seed funding, designed and engineered initial product

Perceptive in action, connect on LinkedIn if you'd like a full demo

Identification of Opportunity

During a research project to identify large untapped markets and user groups adjacent to cybersecurity. I quickly gravitated towards software engineers and application developers, who bear an immense but often deprioritized security burden.

Observed models of different software development lifecycles and where security is consideredObserved models of different software development lifecycles and where security is considered

Definition of Problem

Through over 30 interviews and task modeling sessions across engineering roles (developers, product managers, infosec), I uncovered key painpoints and blockers preventing adoption of secure coding practices:

  • Engineers lack guidance on what security issues to watch for
  • Competing priorities make security a lower focus day-to-day
  • Product managers asked to involve infosec earlier but unsure of optimal timing
  • Infosec teams need visibility into different project plans to allocate limited resources

Iteration to Solution

I rapidly prototyped different concepts for injecting security guidance as early as possible in the software development lifecycle. The approach I landed on was leveraging LLMs fine tuned on AWS Bedrock with cybersecurity professionals to analyze new development tickets and surface relevant security implications during the planning phase itself.

Perceptive workflowHow Perceptive works, in a nutshell

Impact

Launching in April 2024, Perceptive aims to foster an improved application security culture within engineering teams by providing:

  • Timely, contextualized security insights integrated into existing workflows
  • Automated prioritization of security risks directly mapped to project plans
  • Enablement for product managers to collaborate with infosec earlier
  • A unified view across teams for infosec to prioritize resources effectively

By bridging the disconnect between engineering processes and application security needs, Perceptive's solutions could drive widespread adoption of secure coding best practices.

(Will provide update on measured impacts post-launch)