Harness has announced two new products. One is AI Security, a new solution to discover, test, and protect AI running within applications, and the other is Secure AIcoding, a new feature within the Harness Static Application Security Testing (SAST) platform that protects the code generated by AI tools.
Together, they extend Harness’ DevSecOps platform into the age of AI, covering the entire lifecycle from the first line of AI-generated code to models running in production.
Protect against today’s AI threats
According to Harness’s State of AI-Native Application Security, 66% of respondents say they are “acting blind” when it comes to AI-native app security, and 72% say shadow AI is a major gap in their organization’s security posture.
Meanwhile, 63% believe AI-native applications are more vulnerable than traditional IT applications.
Harness says the company’s new AI security products are specifically built to combat these growing threats by protecting the entire AI attack surface.
“Harness AI Security is built on the foundation of our API security platform. All LLM calls, all MCP servers, and all AI agents that communicate with external services communicate through the API,” Harness said in an official statement.
“The AI attack surface is not separate from, but an extension of, the API attack surface. AI threats introduce new vectors such as prompt injection, model manipulation, and data poisoning on top of the API vulnerabilities that teams are already working on. There is no AI security without API security.”
AI Discovery introduces AI attack surface inventory capabilities
With the release of AI Security, Harness is introducing AI Discovery in general availability (GA). AI Discovery automatically inventories your entire AI attack surface in real-time, including calls to external GenAI services that can expose sensitive data.
It also surfaces runtime risks such as unauthenticated APIs calling LLMs, weak encryption, and regulated data flowing to external models.
AI Testing and AI Firewall now available in beta
In addition to discovery and inventory, the platform is also introducing AI testing and AI firewall in beta, extending AI security across the discovery, test, and protection lifecycle.
Below is an overview of both features.
- AI test Proactively investigate LLMs, agents, and AI-powered APIs to detect vulnerabilities specific to AI-native applications, such as prompt injection, jailbreaking, model manipulation, and data leakage.
- AI firewall Proactively protect your AI applications from AI-specific threats, including OWASP Top 10 for LLM Applications. Inspect and filter LLM inputs and outputs in real-time to block prompt injection attempts, prevent sensitive data from being exposed, and enforce behavioral guardrails on models and agents before successful attacks.
AI-powered coding safety
Meanwhile, according to Harness AI, secure AI coding addresses vulnerabilities that common AI tools like Cursor, Windsurf, and Claude Code can introduce into your codebase.
“AI coding assistants now contribute the majority of new code in many organizations, and nearly half (48%) of security and engineering leaders are concerned about the vulnerabilities that come with it. AI-generated code arrives more frequently in larger commits and often receives fewer reviews than code written by humans,” Harness said.
“Secure AI Coding is different from simple linting tools because it leverages Harness’ Code Property Graph (CPG), which allows you to track how data flows throughout your application, before, during, and after the AI-generated code in question,” the company added.
Solutions expose vulnerabilities such as injection flaws
As a result, secure AI coding can surface complex vulnerabilities such as injection flaws and insecure data handling that are only visible within the broader context of the codebase.
Harness says this leads to security where the AI assistant understands a developer’s application, not just the last piece of code written.
Like Harness AI Security, Secure AI Coding is now available through the Harness platform.
