Shift-left, or integrating security earlier in the software development lifecycle, is important in order to have more secure applications, but it is difficult to achieve. Developers need to take on some security responsibilities, but that means they need to be properly equipped with security tools that fit their workflow. In a recent Ponemon survey, 51% of IT and security practitioners said a lack of integrated security tools was a top challenge to shift-left security.

This is the problem Symbiotic Security, which launched this week, is tackling with its software-as-a-service platform which integrates vulnerability detection and remediation capabilities directly into the application developer’s integrated development environment. The platform also provides just-in-time training to developers so that they have the information on how to write secure code.

“Using Symbiotic is like having a personal security coach right next to you as you code,” says Jerome Robert, co-founder and CEO of Symbiotic Security. “It provides real-time feedback on the security mistakes you’re making, and it’s training you so you don’t repeat these mistakes.”

The plugin in the developer’s IDE continuously scans code — as the developer types as well as the code that has already been written — and identifies potential security threats. The developer gets contextual remediation advice right in the IDE. “Our security nudges are perceived as coaching,” Robert says. “It’s a tool that’ll make them save time by not having to come back to fix old code.”

Developers can also access the training materials — in the form of capture-the-flag (CTF) content — to learn what the problem is and why it is a problem. They see examples of secure and vulnerable code, and are presented with a snippet of insecure code to find and fix as part of a game to help improve secure coding skills.

The difference between Symbiotic Security’s plugin and other code security tools is where the issues are identified, Robert says. Many of them catch mistakes after the code has been written, often during code commits or when integrated with the rest of the build. “They’re not real-time,” Robert says of those tools, and because of that, developers see “no personal win” in using them.

As part of the launch Symbiotic Security also raised $3 million in seed funding from investors including Lerer Hippeau, Axeleo Capital, Factorial Capital. Symbiotic Security said its product is currently deployed at eight different companies.

Source

About Author

Dark Reading

See author's posts

Tags:

Related News

Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules

March 12, 2026

Securing Airline Public Wi-Fi: Stop Threats With Protective DNS

March 2, 2026

You may have missed

Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’

March 30, 2026

Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data

March 27, 2026

Security leaders say the next two years are going to be ‘insane’

March 27, 2026

ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review

March 26, 2026

FCC pushes new rules to crack down on robocallers, foreign call centers

March 26, 2026

Former NSA chiefs worry American offensive edge in cybersecurity is slipping

March 26, 2026
WordPress Appliance - Powered by TurnKey Linux