HoundDog.ai, a startup that helps builders guarantee their code doesn’t leak personally identifiable info (PII), got here out of stealth Wednesday and introduced a $3.1 million seed spherical lead by E14, Mozilla Ventures and ex/ante, along with plenty of angel buyers. Not like different scanning instruments, HoundDog really appears on the code a developer is writing, utilizing each conventional sample matching and enormous language fashions (LLMs) to seek out potential points.
HoundDog was based by Amjad Afanah, who beforehand co-founded DCHQ, which was later acquired by Gridstore (which, to complicate issues, then modified its title to HyperGrid) in 2016. Afanah additionally co-founded apisec.ai, which remains to be up and operating, and labored at self-driving startup Cruise. The inspiration for HoundDog got here throughout his time at knowledge safety startup Cyral and speaking to privateness groups there, he instructed me.
“When I was at Cyral, we had a lot of data,” he stated. “What Cyral does — like many others in the data security space — is they focus on production systems. They help you discover, classify your structured data and your databases, and then help you apply access controls. But the overwhelming feedback that I kept hearing from security and privacy teams alike was: ‘You know, it’s a little too reactive and it doesn’t keep up with the changes in the code base.’”
So HoundDog shifts this course of even additional left. Whereas it nonetheless sits within the steady integration circulate and never but within the growth setting (although that will occur sooner or later), the concept right here is to seek out potential knowledge leaks earlier than the code is merged. And most significantly, HoundDog does so by wanting on the precise code, not the info circulate it produces. “Our source of truth is the code base,” Afanah stated.
Because of this, if a growth staff begins gathering Social Safety numbers, for instance, HoundDog would elevate a flag and warn the staff about that earlier than the code is ever merged; it might additionally alert the safety staff. That might doubtlessly be a serious — and expensive problem — in spite of everything.
The service at present helps code written in Java, C#, JavaScript and TypeScript, in addition to SQL, GraphQL and OpenAPI/Swagger queries. Help for Python is imminent, the corporate says.
Afanah famous {that a} device like that is turning into particularly necessary on this age of AI-generated code, one thing Replit CEO (and HoundDog angel investor) Amjad Masad additionally echoed.
“As an increasing number of companies turn to AI-generated code to accelerate development, embedding security best practices and ensuring the security of the generated code becomes essential,” Masad stated. “HoundDog.ai is leading the way in securing PII data early in the development cycle, making it an indispensable component of any AI code generation workflow. This is the reason I chose to invest in this company.”
HoundDog itself does use AI, although, too. It at present depends on OpenAI’s fashions to take action, nevertheless it’s necessary to emphasize that that is non-compulsory. Customers who fear about their code leaving their non-public repositories also can select to solely depend on the corporate’s extra conventional code scanner.
A significant a part of HoundDog’s worth proposition is that it could minimize compliance prices for startups due to its automated reporting capabilities. The service can robotically generate a report of processing actions (RoPA). To do that, HoundDog makes use of generative AI to generate these reviews and sends that knowledge to OpenAI. The staff does stress that solely the tokens the service has found by means of its common scanner are shared with OpenAI and that the precise supply code isn’t shared.
The corporate affords a restricted free plan, with paid plans beginning at $200/month for scanning as much as two repos.
