HoundDog.ai, a startup that helps builders guarantee their code would not leak private data (PII), got here out of stealth on Wednesday and introduced a $3.1 million seed spherical from E14, Mozilla Ventures and ex/ante, in addition to quite a few angel buyers. In contrast to different scanning instruments, HoundDog truly seems on the code a developer writes, utilizing each conventional sample matching and huge language fashions (LLMs) to seek out potential issues.
HoundDog was based Amjad Afanakhwho beforehand co-founded DCHQ, which later acquired by Gridstore (which, to complicate issues, then modified its identify to HyperGrid) in 2016. Afana additionally co-founded apisec.ai, which continues to be in enterprise, and labored at self-driving startup Cruise. He says the inspiration for HoundDog got here from his time at information safety startup Cyral, speaking to privateness groups there.
“Once I was at Cyral, we had a whole lot of information,” he mentioned. “What Cyral does—like many others within the information safety area—is that they give attention to manufacturing techniques. They assist you to uncover and classify your structured information and databases, after which assist you to apply entry controls. However the overwhelming majority of the suggestions I saved listening to from the safety and privateness groups was, “, it is too reactive and may’t sustain with modifications within the code base.”
So HoundDog shifts this course of even additional to the left. Whereas it is nonetheless within the steady integration stream and never but within the improvement surroundings (though that will occur sooner or later), the concept right here is to seek out potential information leaks earlier than the code is merged. And better of all, HoundDog does this by trying on the precise code, not the info stream it produces. “Our supply of fact is the codebase,” Afana mentioned.
This fashion, if the event crew begins gathering social safety numbers, for instance, HoundDog will elevate a flag and alert the crew earlier than the code is merged; this may also alert safety. Finally, this might doubtlessly turn out to be a critical and expensive drawback.
The service presently helps code written in Java, C#, JavaScript and TypeScript, in addition to SQL, GraphQL and OpenAPI/Swagger queries. Python help is imminent, the corporate says.
Afana famous {that a} instrument like this turns into particularly vital within the period of AI-generated code, a degree that Replit CEO (and HoundDog angel investor) Amjad Masad additionally echoed.
“As extra firms flip to AI-generated code to hurry up improvement, implementing safety greatest practices and making certain the safety of the generated code turns into important,” Masad mentioned. “HoundDog.ai is a pacesetter in defending PII information early within the improvement cycle, making it an integral part of any AI code creation workflow. It is because of this that I made a decision to take a position on this firm.”
Nevertheless, HoundDog itself additionally makes use of synthetic intelligence. At present, OpenAI fashions are used for this, however you will need to emphasize that this isn’t needed. Customers who’re apprehensive about their code leaving their personal repositories can even rely solely on the corporate’s extra conventional code scanner.
A significant a part of HoundDog’s worth proposition is that it could possibly cut back compliance prices for startups by its automated reporting capabilities. The service can mechanically generate a file of processing (RoPA). To do that, HoundDog makes use of generative synthetic intelligence to create these studies and sends this information to OpenAI. The crew emphasizes that solely tokens found by the service utilizing a daily scanner are shared with OpenAI, and that the precise supply code is just not shared.
The corporate provides restricted free planwith paid plans beginning at $200 monthly for scanning as much as two repositories.