HoundDog.ai, a startup that helps developers ensure their code doesn’t leak personally identifiable information (PII), came out of stealth on Wednesday and announced a $3.1 million seed round led by E14, Mozilla Ventures and ex/ante, in addition to a number of angel investors. Unlike other analysis tools, HoundDog examines the code a developer writes, using both traditional pattern matching and large language models (LLM) to detect potential issues.
HoundDog was founded by Amjad Afanah, who previously co-founded DCHQ, which was later acquired by Gridstore (which, to complicate matters, later changed its name to HyperGrid) in 2016. Afanah also co-founded apisec.ai, which is still in operation. and running, and worked for the autonomous startup Cruise. The inspiration for HoundDog came during his time at data security startup Cyral and talking with the privacy teams there, he told me.
“When I was at Cyral, we had a lot of data,” he said. “What Cyral does, like many others in the data security space, is they focus on production systems. They help you discover, classify your structured data and databases, and then apply access controls. But the overwhelming feedback I was hearing from security and privacy teams was, “You know, it’s a little too reactive and it doesn’t keep up with changes in the code base.” »
HoundDog therefore moves this process even further to the left. Although it is still in the continuous integration flow and not yet in the development environment (although that might happen in the future), the idea here is to detect potential data leaks before the code not be merged. And more importantly, HoundDog does this by looking at the code itself, not the data stream it produces. “Our source of truth is the code base,” Afanah said.
With this, if a development team starts collecting social security numbers, for example, HoundDog will raise a flag and notify the team before the code is merged; this would also alert the security team. This could potentially be a major – and costly – problem after all.
The service currently supports code written in Java, C#, JavaScript, and TypeScript, as well as SQL, GraphQL, and OpenAPI/Swagger queries. Support for Python is imminent, the company says.
Afanah noted that a tool like this becomes especially important in the age of AI-generated code, which Replit CEO (and HoundDog angel investor) Amjad Masad also echoed.
“As an increasing number of companies turn to AI-generated code to accelerate their development, it becomes essential to incorporate security best practices and ensure the security of the generated code,” Masad said. “HoundDog.ai leads the way in securing PII data early in the development cycle, making it an indispensable component of any AI code generation workflow. This is the reason why I chose to invest in this company.
HoundDog itself also uses AI. To do this, it currently relies on models from OpenAI, but it is important to emphasize that this is optional. Users who are concerned about their code leaving their private repositories may also choose to rely solely on the company’s more traditional code scanner.
A big part of HoundDog’s value proposition is the ability to reduce compliance costs for startups with its automated reporting capabilities. The service can automatically generate a record of processing activities (RoPA). To do this, HoundDog uses generative AI to generate these reports and sends this data to OpenAI. The team emphasizes that only tokens discovered by the service through its regular scanner are shared with OpenAI and that the actual source code is not shared.
The company offers a limited free plan, with paid plans starting at $200/month to scan up to two repositories.
techcrunch
