Contrast Security today made available an update to its application detection and response platform that leverages graph and artificial intelligence (AI) technologies to provide security operations teams with a digital twin of the applications and associated application programming interfaces (APIs) that need to be secured.
Company CTO Jeff Williams said the capabilities being added to the Northstar release of the company’s platform make it possible to both map live attack paths and correlate runtime behavior in a way that surfaces how vulnerabilities, threats and assets are connected.
The graph built by Contrast Security makes it possible for the first time for security operations teams to see application-layer attacks as they happen, stop them instantly, and leverage generative AI tools to create plans, write code, create test scripts and draft pull requests or reduce remediation time, said Williams.
Those fixes can then be reviewed by application developers who no longer have to spend as much time creating a patch to remediate an issue, he added.
Additionally, the Northstar release also dynamically scores vulnerability risks in real time to enable security operations teams to better prioritize their remediation efforts, said Williams.
Finally, Contrast Security has also included a Model Context Protocol (MCP) server through which it takes advantage of a de facto interoperability standard being advanced by Anthropic to share data with other platforms.
Rather than bolting on AI and graph technologies, Contrast Security has combined runtime observability, graphs and AI to build a security operation platform that doesn’t just find problems, it also fixes them, he added.
That approach also provides the added benefit of integrating all those capabilities using Flex agent software deployed in the runtime environment, versus requiring application developers to instrument every application. That agent software can now also be deployed more easily using a Deployment Hub for onboarding and managing updates.
While a lot of responsibility for application security has been shifted left in recent years, it’s clear that this approach will not fundamentally resolve application security issues. Developers of varying levels of skill will continue to make mistakes, an issue that may only be further exacerbated by the introduction of AI tools that are often trained using examples of flawed code that have known vulnerabilities. The Contrast Security approach is to identify threats and vulnerabilities in the run-time environments that security operations teams are expected to secure and then make it as easy as possible to remediate them using AI tools specifically trained for that purpose, said Williams.
Of course, the best vulnerability is the one that was never created in the first place, but the odds that there will one day be code that doesn’t contain one or more vulnerabilities are slim to none. That means there will always be a need to fix software after it has been deployed in a production environment. The only thing left to be resolved will be how quickly those vulnerabilities can be discovered and remediated before cybercriminals, who are also increasingly using AI can discover and exploit them.
