Harness acquires Qwiet AI to power application security in the AI era, embedding reachability analysis to cut noise and prioritize real risks.
By Sanjay Nagaraj, SVP Global Engineering, Harness; Co-founder and CTO, Traceable by Harness
Today, I am excited to share that Harness has acquired Qwiet AI (formerly ShiftLeft), a leader in agentic AI-powered vulnerability detection and reachability analysis. This is more than an acquisition — it is our commitment to empower engineering and security teams to build and ship software securely in an era when AI is transforming how code is written, tested, and deployed.
Faster Code, Safer Delivery
Software development is moving faster than ever, fueled by AI coding tools and practices like vibe coding that lower the barrier to writing code. But more people writing code more quickly is not the same as shipping it safely. Faster paths to code creation usually come with insecure patterns, fabricated or unvetted dependencies, and rarely come with built-in safety, often introducing hidden vulnerabilities across services and APIs. Independent studies estimate that roughly 45 percent of AI-generated code maps to OWASP Top 10 categories, with recurring issues such as weak input validation, hardcoded secrets, and insufficient rate limiting.
The challenge isn’t just more vulnerabilities — it’s the amount of noise they create. Security teams are buried in low-value alerts, while developers struggle to identify which issues truly matter. The result: slower remediation cycles, wasted effort, and growing enterprise risk.
At Harness, we have always believed that speed and security should never be a trade-off. Our merger with Traceable brought runtime application security into the Harness platform. Now, with the acquisition of Qwiet, we are doubling down on our commitment to deliver end-to-end secure software delivery. Security must evolve to meet today’s reality: embedded directly into the developer workflow, automated by intelligence, and resilient against AI-driven threats.
Harness + Qwiet AI: The Future of Application Security in the AI Era
I’ve spent much of my career working on application security, and it’s something I care deeply about. Before joining Harness, I co-founded Traceable, where our mission was to secure modern, API-driven applications. Now, as SVP of Global Engineering at Harness, I am even more focused on ensuring that security isn’t an afterthought but a foundational part of how software gets built and delivered. With Qwiet now part of Harness, we are deepening that commitment.
Qwiet AI began with a philosophy we share: security should fit how developers actually work. Originating from ShiftLeft, Qwiet pioneered reachability-aware analysis that starts in source code and provides the context needed to separate signal from noise. At the center is the Code Property Graph, created by Fabian Yamaguchi, now Principal Code Security Scientist at Harness.
In our conversations, Fabian captures the intent behind CPG, and what it unlocks inside Harness:
“We built the Code Property Graph to model how an application behaves, including data flows, control paths, and execution. That lets us show which findings are actually reachable and exploitable. Inside Harness, that context becomes continuous across authoring and delivery, so teams can focus on real risk and act before issues ship.”
Chetan Conikee, Qwiet’s founder and now Advisor to Harness, shares how this helps developers move fast with confidence:
“Our aim was clarity, not noise. The Code Property Graph is like Google Maps for your codebase. It not only marks problems, but it also reveals the routes an attacker could take. With Harness, that clarity reaches every commit and every pipeline, paired with policy and AI-guided fixes, so teams keep their speed and raise their security bar.”
When Qwiet’s Code Property Graph meets Harness AI’s Software Delivery Knowledge Graph, which includes Traceable’s runtime insights, security teams gain:
- Reachability analysis is built into everyday delivery.
- Context-aware code analysis at commit time.
- Severity ranked by reachability, not just CVE scores.
- Policy-enforced risk gates in pipelines that stop unsafe changes before production.
- AI-guided remediation tailored to each codebase’s patterns.
Taken together, these capabilities reduce noise, accelerate remediation, and make protection built-in rather than bolted on, so speed and security move forward together.
The Road Ahead
The era of AI-assisted development is accelerating. Our responsibility is to help teams build and deploy faster and safer. With Qwiet and Traceable integrated into the Harness platform, we are creating a complete, AI-native DevSecOps experience that unifies build, test, deploy, and secure delivery in one system.
We’re investing in application security for the long run. Rahul Sood has joined as General Manager of Security, and together with leaders like Chethan and Fabian, Harness brings a team of industry veterans into this next chapter.
Together, we are defining what end-to-end secure software delivery looks like in the AI era.
All this author’s posts
Sanjay Nagaraj is SVP Global Engineering at Harness, where he leads the global engineering organization and also serves as General Manager of the company’s Application Security business, overseeing product management and strategy. Previously, he was the co-founder and CTO of Traceable, and before that, VP of Engineering at AppDynamics/Cisco, where he led high-impact teams responsible for driving over $500M in revenue. With more than 20 years of experience building enterprise software, Sanjay holds multiple U.S. patents and a BS in Computer Science from the University of Mysore.
