Interview with Ronen Slavin, Co-founder and CTO of Cycode, as Part of Our Ongoing Series of Conversations with Industry Innovators
In the rapidly evolving world of software development, Cycode is making waves with its innovative approach to security. The company's proprietary scanning algorithms are designed to distinguish genuine secrets from similar-looking entities by analysing patterns, entropy, and the way strings are used.
As AI continues to play a more significant role in the development process, Cycode is at the forefront of integrating this technology to help identify, prioritise, and address risks throughout the entire development lifecycle. The next five years are expected to see AI becoming an integral part of everyday development work, and Cycode is developing tools to help teams identify AI-specific risks, such as adversarial vulnerabilities, model misuse, and insecure integrations.
Cycode's goal is to make security something teams can rely on. The platform aims to reduce false alarms, increase accuracy, and speed up resolution times. The company is dedicated to building tools that make AI as transparent, understandable, and accountable as possible.
Cycode's developer-first security tools are designed to help developers, rather than hinder them. By seamlessly embedding security into CI/CD pipelines, the tools enable developers to maintain productivity while ensuring code integrity. The platform integrates with popular CI/CD tools and issue trackers like JIRA, ensuring that security becomes an integral part of the software development process.
AI is likely to become increasingly important in understanding what's happening in real-time, monitoring build environments, containers, and APIs, and identifying unusual activity as it occurs. Cycode's SAST engine helps teams identify code weaknesses, achieving accuracy and focusing on true positives.
Cycode's platform also focuses on contextual correlation, mapping potential issues to the bigger picture of an organisation's software supply chain. This approach helps teams to understand the impact of vulnerabilities and make informed decisions about remediation.
In OWASP benchmark tests, Cycode achieved a false positive rate of 2.1%, representing a >94% reduction compared to alternative methods. This demonstrates the platform's ability to provide precise details about vulnerabilities, including what the vulnerability is, where it originated, who is responsible, and how to resolve it.
AI will also help companies navigate the growing maze of regulations by creating documentation, mapping out dependencies, and helping enforce policies across complex systems. However, human oversight will remain critical, and AI is not here to replace people but rather to empower them.
AI will bring security and development teams closer together by transforming security findings into actionable insights and recommending fixes automatically. With Cycode, security checks happen instantly, right where developers write and review code, such as in the IDE or during pull requests.
In conclusion, Cycode is leading the way in AI-driven security solutions, helping developers to identify and address risks more effectively, and enabling teams to navigate the complexities of modern software development and security.
