HoundDog.ai, a startup that helps developers keep their code from leaking personally identifiable information (PII), came out of stealth on Wednesday with a $3.1 million seed round led by E14, Mozilla Ventures, and XAnti. announced the round. Number of angel investors. Unlike other scanning tools, HoundDog actually looks at the code that developers are writing and uses both traditional pattern matching and large-scale language models (LLM) to find potential problems. .
HoundDog was founded by Amjad Afanah. He was previously a co-founder of DCHQ, which in 2016 was acquired by Gridstore (which, confusingly, has since been renamed HyperGrid). Afanah is also the co-founder of apisec.ai, a service that still exists today. I worked at Cruise, a self-driving startup. The inspiration for HoundDog, he told me, came while he was at the security startup Cyral, where he was talking to his team about data privacy.
Image credit: HoundDog.ai
“When I was at Cyral, we had a lot of data,” he said. “Cyral, like many other companies in the data security space, focuses on operational systems. These help discover and classify structured data and databases, and enforce access controls. But the overwhelming feedback I kept hearing from both security and privacy teams was, “We're being a little too reactive and not keeping up with changes in our code base.”
So HoundDog shifts this process further to the left. This is still in a continuous integration flow and not in a development environment (although it may be in the future), but the idea here is to avoid potential data leaks before the code is merged. is to find out. And most importantly, HoundDog does this by looking at the actual code, not the data flow it produces. “Our source of truth is the code base,” he says.
Image credit: HoundDog.ai
So, for example, if your development team starts collecting social security numbers, HoundDog will flag and alert them before the code is merged. Also alert your security team. After all, it can be a potentially big and costly problem.
The service currently supports code written in Java, C#, JavaScript, and TypeScript, as well as SQL, GraphQL, and OpenAPI/Swagger queries, with the company saying support for Python is coming soon.
Afana noted that tools like this have become especially important in the age of AI-generated code, a sentiment echoed by Replit CEO (and HoundDog angel investor) Amjad Massad. .
“As more companies leverage AI-generated code to accelerate development, it becomes imperative to incorporate security best practices to ensure the security of the generated code,” said Massad. “HoundDog.ai is leading the way in securing PII data early in the development cycle, making it an essential part of AI code generation workflows. This is why I chose to invest in this company. That’s why.”
However, HoundDog itself also uses AI. We currently rely on OpenAI's models for this, but it's important to emphasize that this is optional. Users who are concerned about their code being leaked from their private repositories can also choose to rely solely on the company's traditional code scanner.
A key part of HoundDog's value proposition is that it can reduce compliance costs for startups thanks to its automated reporting capabilities. The service can automatically generate Records of Processing Activity (RoPA). To do this, HoundDog uses generative AI to generate these reports and sends the data to OpenAI. The team emphasizes that only tokens that the service detects through its regular scanners are shared with OpenAI, not the actual source code.
The company offers a limited free plan, and paid plans that allow you to scan up to two repositories start at $200 per month.