Skip to main content

4 posts tagged with "AI security"

Using AI and LLMs for security review, scanning, and code analysis

View All Tags

Guardrails vs Guidelines

· 6 min read

In the rush to integrate generative AI into the software development lifecycle, engineering teams frequently confuse two distinct operational concepts: guardrails and guidelines. To put it simply, a guideline advises: it's soft natural-language context, like an AGENTS.md or Skills file, that the model may or may not act on. A guardrail gates: it's a firm, automated constraint that forces an explicit, binary pass/fail and blocks on failure. Relying on soft guidelines for critical validation is why automated code reviews are risky. They're non-deterministic and quietly ignored.

The Ceiling for DIY Security Reviews

· 5 min read

Every security team is now running the same debate: build your own AI security review, or buy one. You drop a coding agent into CI, it finds real issues, rerun the same PR and you get different findings, different severities, no memory of last triage, no audit trail for AppSec. Get a better model and you get sharper findings but it won't close the gap. The real question isn't whether an LLM can find issues. It's whether you back yourself to build a great harness. That takes eval infrastructure, state, and the kind of engineering Cloudflare, Rogo, and Anthropic are writing blog posts about. Most teams don't have it. That is the ceiling.

Announcing our $4M Seed Round

· 3 min read

SYDNEY, AUSTRALIA & SAN FRANCISCO, USA: AI security startup Dam Secure has raised $4 million in a seed funding round led by Washington, D.C.-based cyber and AI investor, Paladin Capital Group, to solve for the security risks created by AI-generated code entering production at scale.