The company stops security risk from entering the code base, uses Artificial Intelligence and Language Learning Models to provide insights and policy questions for tens of thousands of code changes every week
DryRun Security, the AI-native company delivering application security (AppSec) for development and security teams, announced its $8.7 million seed funding round from lead investors LiveOak Ventures and Work-Bench as well as participation from Cannage Capital. The company is also introducing Natural Language Code Policies (NLCP), a game-changing feature that frees AppSec teams from the painstaking work of building and maintaining scripted policy rules. By allowing them to define their security policy in an intuitive, domain-focused way, NLCP cuts the overhead of custom rule writing and helps teams get coverage across all of their code bases without worrying about the language or framework.
Every company is managing more code than ever before, and AppSec professionals are challenged to identify the needle in the haystack of code changes that deserve further review. Security issues backlogs are growing while developers fumble through confusing results from code scanning tools that can’t support new technologies fast enough. All of this is creating a system where developers often bypass (or ignore) security review and the security team is left to retrofit old tools by writing new rules that aren’t easy to maintain and result in growing technical debt.
DryRun Security is going beyond AI and LLM’s early automation capabilities to build what it calls Contextual Security Analysis (CSA). This approach both identifies security risks and seamlessly integrates mitigation into developers’ workflows. CSA layers static context, change context and application context to make contextually aware assertions in near real-time and is ideal for distributed, modern applications and teams. It fits naturally in an organization practicing DevOps, prioritizes reducing security tool pressure on developers and makes it easy for developers to reason about security.
“DryRun Security is a true leap forward in application security, enabling application security teams to identify code risk in a way that previously wasn’t possible,” said Creighton Hicks, Partner at LiveOak Ventures. “The current generation of pattern-matching tools strictly looks at the literal syntax of code. DryRun Security is built from the ground up to leverage the latest in AI technology. This not only eliminates the need to write complicated pattern-matching rules but also goes beyond the literal syntax to understand risk based on code context and behavior. For the first time, DryRun Security enables the left hand of application security to know the security implications from what the right hand of development is doing, even if there’s not technically an insecure line of code.”
Also Read: Ragie Launch Week: RAG Tooling for Developers
The DryRun Security CSA approach enables AppSec professionals to execute GitHub native security analysis in seconds to gain awareness across both development and security teams. The company is also introducing with today’s announcement its Natural Language Code Policies Feature Set, a groundbreaking tool that enables development teams to define and enforce security policies using plain, conversational language. It helps teams understand which code changes are the riskiest, a task that is often so overwhelming it’s skipped all together. The Natural Language Code Policies transform the traditionally complex process of creating code policies and integrate seamlessly into developers’ workflows, allowing for real-time security policy enforcement and compliance monitoring. This reduces vulnerabilities earlier in the software development lifecycle, saving teams time and resources while delivering more secure applications.
“We know how frustrating it is when risky code slips in unnoticed—especially for AppSec teams who want to stay on top of every critical change,” said James Wickett, co-founder and CEO of DryRun Security. “That’s why we built DryRun to find the ‘needle in the haystack’ of code changes, so teams can spot unknown risks before they start—without slowing developers down. Our early customers are already seeing tangible, day-one improvements in their security posture, validating that modern, AI-native application security tools can finally keep up with the code velocity of today’s software development teams.”
“With DryRun Security, we’ve transformed how we manage application security across our global development team. The GitHub integration ensures that our developers get precise and instant feedback directly in their workflow, enabling them to fix security issues without skipping a beat. The tool has not only helped us catch risks like hardcoded credentials early but has also fostered a culture of security among our developers. DryRun Security is an indispensable part of our AppSec toolkit,” said Gary Gonzalez, CTO at PlanetArt.
“DryRun Security is a step function in application security for the enterprise. They enable organizations to weave security seamlessly into the SDLC process with modern AI-driven solutions, and we’re excited to support their vision of transforming how enterprises address security at scale,” said Kelley Mak, General Partner at Work-Bench
DryRun Security was co-founded in 2023 by two application security luminaries, James Wickett and Ken Johnson. Having worked in the AppSec space for years, the founders shared a vision for empowering development teams to build secure software without disrupting their workflows. With this new funding and product launch, the company is poised to change the way teams approach application security. DryRun Security will use the investment to increase its engineering hires and grow its Go To Market (GTM) function.
Source: PRNewswire