SCW Trust Agent: AI

Complete visibility and control over AI-generated code. Innovate fast and securely.

Book a demo
The Era of AI

Improving Productivity, But Increasing Risk

The widespread adoption of AI coding tools presents a new challenge: a lack of visibility and governance over AI-generated code.

84%

of developers use or plan to use AI tools in their development process.

Stack Overflow

45%

of AI-generated code contains security vulnerabilities.

Veracode

81%

of security teams lack visibility into AI usage in their codebase.

Cycode

The Benefits of Trust Agent: AI

The new AI capabilities of SCW Trust Agent provides the deep observability and control you need to confidently manage AI adoption in your secure software development lifecycle (SDLC) without sacrificing security.

Scalable and engaging

Observability

Gain deep visibility into AI-assisted development, including which developers are using which AI/LLM models and on what code bases.

Scalable and engaging

Governance

Automate policy enforcement to ensure AI-enabled developers meet secure coding standards before their contributions are accepted in critical repos.

Scalable and engaging

Risk Metrics and Benchmarking

Connect AI-generated code to developer skill levels, vulnerabilities produced, and actual commits to understand true security risk being introduced.

The Challenge of AI in Your SDLC

Without a way to manage AI usage, CISO’s, AppSec and engineering leaders are exposed to new risks and questions they can not answer. A few concerns include:

  • Lack of visibility into which developers are using which unapproved models.
  • Uncertainty around the security proficiency of developers using AI.
  • No insights into what percentage of contribution code is AI-generated
  • Inability to enforce policy and governance to manage AI tool risk.
AI UI

A Unique Combination of Signals

SCW empowers organizations to embrace the speed of AI-driven development without sacrificing security. AI Signals is the first solution to provide visibility and governance by correlating a unique combination of three key signals to understand AI-assisted developer risk at the commit level.

  • AI Coding Tool Usage: Insights into who is using what AI tools, which LLM models on which code bases.
  • Captured in real-time: Trust Agent: AI intercepts AI-generated code on the developer’s computer and IDE.
  • Developer secure coding skills: We provide a clear understanding of a developer’s secure coding proficiency, which is the foundational skill required to use AI responsibly.
A Unique Combination of Signals

AI Usage Visibility

Get a full picture of AI coding assistants and agents, as well as the LLMs powering them. Discover unapproved tools and models. No more “shadow AI.”

AI Usage Visibility

Observability into AI-Assisted Commits by Developer and Code Base

Gain deep visibility into AI-assisted software development, including which developers are using which LLM models and on which code bases.

Observability into AI Assisted Commits

Integrated Governance and Control

Connect AI-generated code to actual commits to understand the true security risk being introduced. Automate policy enforcement to ensure AI-enabled developers meet secure coding standards before their contributions are accepted.

Trust Score
How it works

Discover AI Insights

Trust Agent: AI gives companies visibility over the risks introduced by developers using LLM-backed, code-generating tools. The solution does this in three steps:

  • Inspect AI-Generated Code Traffic: Trust Agent: AI is deployed as a simple IDE plugin or endpoint agent that intercepts and monitors the code generated by AI coding tools, such as GitHub Copilot, ChatGPT, Google Gemini or Cursor.
  • Enrich with Developer Skill Level: The final step involves enriching this data with the contributing developer’s secure coding proficiency, as measured by SCW’s industry-leading Secure Code Learning product.

By correlating these key signals, Trust Agent: AI provides actionable information to security and engineering teams including unsanctioned LLM model use and identification of developers with limited secure coding knowledge who are committing AI-generated code.

How it works
Frequently Asked Questions (FAQ)

Frequently Asked Questions (FAQ)

Why should I care about the risks of AI/LLM-generated code in my SDLC?

As developers increasingly leverage AI coding tools, a critical new layer of risk is being introduced into SDLCs. Surveys show that 78% of developers are now using these tools, yet studies reveal that as much as 50% of AI-generated code contains security flaws.

This lack of governance and a disconnect between developer knowledge and code quality can quickly spiral out of control, as each insecure AI-generated component adds to your organization's attack surface, complicating efforts to manage risk and maintain compliance.

Read more in this whitepaper: AI Coding Assistants: A Guide to Security-Safe Navigation for the Next Generation of Developers

What models and tools does Trust Agent: AI detect?

Trust Agent: AI collects signals from AI assistants and agentic coding tools such GitHub Copilot, Cline, Roo Code, etc. and the LLMs that power them.

Currently we detect all Models provided by OpenAI, Amazon Bedrock, Google Vertex AI and Github Copilot.

How is Trust Agent: AI installed?

We will provide you with a .vsix file for manual installation in Visual Studio Code, and automated deployment via mobile device management (MDM) scripts for Intune, Jamf, and Kanji will be coming soon.