Also: The title has been editorialized for marketing purposes. My original title would have been “Teach Your Agents to Do Code Security Reviews”. Coding agents are now involved in the majority of the code shipped at Synthesia. The volume of code changes has gone up but the time humans spend reading those changes has not. The practice of doing code security reviews is especially exposed to this pressure because it depends on careful analysis. To solve this, we’ve built an agent skill that probably approaches Mythos-levels of performance in uncovering complex security issues at a fraction of the cost of running such a model. We previously wrote about scaling vulnerability management after issues have merged or shipped. We continued to scale our application security practices by providing security coverage at implementation time, before changes get merged, using coding agents. The original idea was to build something engineers can self-serve to give their coding agent a feedback loop on…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.