With surge in AI-generated code creates security concerns, DeepSource launches trio of autonomous AI agents for DevSecOps 

Autonomous, AI-powered employees are set to begin roaming corporate networks sooner than expected, marking the incredible pace of AI evolution. In fact, AI agents and virtual employees are being flagged as the next AI innovation hotbed. 

These AI agents are set to alleviate operational strain on everything from marketing teams and customer support to cybersecurity and software engineering. 

Software development teams are already widely leveraging LLM tools like MS Copilot to help with writing code and making updates, thanks to the programmable nature of these tasks. 

However, as the rise of the autonomous agents for software teams becomes more common, it’s causing a deluge of AI-generated code. For example, 1 in 4 Y Combinator startups use AI for 95% of their code. 

This isn’t a bad thing in and of itself, but these AI tools have the ability to pump out code at a significantly faster rate than human agents. Security and vulnerability checks are largely still done on a manual basis, putting DevSecOps teams at a disadvantage as they struggle to match the pace of work.

As a result, companies are risking the quality and security of their apps and products, with research showing almost half of the AI-generated code being studied had bugs that could lead to harmful exploitation.

One company in particular has recognized this pressing challenge for the industry and is on a mission to bring AI-powered autonomous agents, custom-built to meet the current security needs within software development. 

Autonomous code security 

DeepSource is a unified DevSecOps platform for securing code. The company recently launched a series of fully autonomous AI agents that can scan and fix code security vulnerabilities in a move that addresses a barrier to adoption for the industry. 

The models have been built to observe key events, such as commits made to the code base, apply reasoning to optimize for their security goals, and autonomously take action to proactively keep the organization’s code base secure.

Three distinct agents have been released by DeepSource to offer AI solutions and models closely developed to address a specific need. 

The False-positive Triage agent is able to independently decide if security issues found in the code are valid or not, leveraging context from the repository, it’s own memory and real-world threat intelligence to take an appropriate action based on intelligent reasoning. 

Next, the growing use of open-source software across digital services and products has increased cyber risks for organisations. At the moment, security and AppSec teams spend a significant amount of time manually triaging these vulnerabilities. The Common Vulnerabilities and Exposures (CVE) Prioritization agent can take on the triage process, prioritizing open-source vulnerabilities based on the repository’s context. 

Finally, the Autofix™ AI Autopilot agent puts DeepSource’s existing Autofix™ AI feature on autopilot by learning developer behavior and autonomously creating pull requests with security fixes in the code.

A virtual employee for DevSecOps 

These agents have the capability to run completely autonomously, working behind the scenes to take care of these important yet programmable tasks. This marks an exciting industry-first as other DevOps agents to date still rely on human-triggered agentic loops.

According to data from DeepSource, organizations can save around 5 hours each week for every developer when manual triaging, false-positive elimination, creating new tickets, and executing fixes are outsourced to the respective capabilities of the three AI agents. 

These AI agents not only act like a virtual employee, but they are also costed as such by the company. DeepSource will charge companies per agent rather than more typical usage-based models seen with software services. This means that companies can leverage the agents as needed during peak periods without the risk of bill shock. 

These three agents are not only autonomous but will learn from the client’s organization. They have the ability to understand the context of the software projects and apply intelligent reasoning that considers things like company goals and team priorities. Their long-term memory can be adjusted when need to align and refine the behaviour and actions of each agent, much like a human employee during feedback meetings or performance reviews. 

According to Sanket Saurav, co-founder and CEO of DeepSource, the surge of AI-generated code means that much higher volumes of code are being pumped out in a shorter period of time. 

He notes that security practices must be dialled up to address this new reality within development teams or risk putting sub-par products onto the market that ultimately impacts the end-user. 

Meanwhile, Jai Pradeesh, co-founder of DeepSource, states that the company’s newly launched AI Agents are designed to be goal-based, and work with hundreds of signals and observations.

This allows them to go beyond simple code generation loops with reasoning that can be access and adjusted by the company. 

Solving app security 

Today’s applications easily run on thousands of open-source elements. Although the scope of the challenge that DevSecOps teams face is being exacerbated by the higher volumes of AI generated code, open source code bases have long posed a security risk.

DeepSource is simultaneously launching a Software Composition Analysis (SCA) solution to secure codebases against unsafe open-source elements, which represent up to 90% of applications’ code.

This launch takes SCA out of private beta and completes DeepSource’s all-in-one platform for developing secure code.

The company’s new SCA product continuously monitors and fixes the open-source supply chain’s vulnerabilities, eliminating countless hours of manual work for AppSec teams. With these additions, the enterprise is looking to offer an all-in-one solution in a fragmented AppSec landscape.