Qwiet AI Lights the Way to the Future of AppSec/DevSecOps Security with Blacklight


Newest feature of Qwiet AI’s preZero platform is the first in the industry to bring a security threat feed into real-time analysis of code; reduces average cost per finding by nearly 25%

Disruptive startup led by cybersecurity AI pioneer Stuart McClure offers first look at RSA 2023, Moscone North Expo, booth #5177

San Francisco, CA. April 24, 2023—Qwiet AI, the first in the AppSec industry to provide AI-powered detection of vulnerabilities in code, today announced the launch of Blacklight, which brings a security threat feed into the real-time analysis of code.

The announcement comes after rigorous testing of the technology by Qwiet AI  customers who reported that Blacklight reduced their average cost per vulnerability by nearly 25%. (*)

“A key attribute of our value is reducing the cost and complexity associated with finding and fixing critical vulnerabilities in code,” said Stuart McClure, CEO of Qwiet AI. “Blacklight empowers developers to prioritize fixes in a meaningful way by illuminating vulnerabilities that are being actively exploited. It provides related exploits, threat actors, ransomware, and botnets that are exploiting discovered vulnerabilities in the wild. The result gives developers a way to distinguish between reachability and exploitability, so they can fix what matters most.”

A Threat Feed for Application Security

Threat feeds are valuable parts of any security organization’s arsenal, pulling information from various sources such as telemetry from network security tools, honeypots, scanning and crawling forums and open-source repositories, human intelligence and others to provide timely information on the latest security threats.

Qwiet AI’s preZero platform integrates a security threat feed into real-time code security analysis. With Blacklight, organizations can now see what exploits are out in the wild taking advantage of vulnerabilities, allowing for easier prioritization of fixes.

Utilizing EPSS to Determine Exploitability

Ranging from 0 to 1 (representing 0% to 100%) the Exploit Prediction Scoring System (EPSS) is an open model that utilizes machine learning to predict how likely a Common Vulnerability & Exposure (CVE) is to be exploited in the wild. This data is pulled from various public and private sources, including real-world information from Security Information & Event Management (SIEM) tools. Such contextual intelligence helps Qwiet AI customers understand the severity of a vulnerability in a way that a simple enumeration of Common Vulnerability Scoring Systems (CVSS) and CVEs alone do not.

Blacklight Qwiets the Noise around Fixes

One of the biggest issues organizations face is prioritization. Thanks to Blacklight, Qwiet AI customers have another tool to prioritize issues found during a scan. When managing the balancing act between time-to-market and security, knowing which vulnerabilities pose a real threat helps focus engineering efforts on the fixes that will have the biggest impact and provide the largest reduction in risk.

McClure added, “Blacklight is the newest way Qwiet AI is helping customers reduce the noise generated by false positives and focus on what’s important: releasing secure code at scale without increasing tech debt.”

About Qwiet AI

Qwiet AI, formerly ShiftLeft, reduces the noise inherent in the AppSec and DevSecOps space and allows developers to focus on high-fidelity results that have the greatest impact in their environment. Driven by a powerful AI engine developed by NumberOne AI, Qwiet AI’s platform is the first in the industry to provide AI-driven detection of zero-day and pre-zero-day vulnerabilities in code. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in San Jose, California. For information, visit: www.qwiet.ai.



Bill Lessard
Publicist – Qwiet AI
[email protected]

(*) Figures are based on data provided by customers during a product satisfaction survey. Average company size: 500M-1B.

About ShiftLeft

ShiftLeft empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, ShiftLeft CORE scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use ShiftLeft ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, California. For information, visit: www.shiftleft.io.


See for yourself – run a scan on your code right now