Contrast Security Adds GitHub Copilot and Sumo Logic Integrations to ADR Platform
This week at the Black Hat USA 2025 conference, Contrast Security added integrations with GitHub Copilot and the security information and event management (SIEM) platform from Sumo Logic to the Northstar edition of its application detection and response (ADR) platform.
The ADR platform from Contrast Security maps live attack paths and correlates runtime behavior to surface how vulnerabilities, threats and assets are connected. A Contrast Graph built into the platform makes it possible for security operations teams to see application-layer attacks as they happen, stop them instantly, and leverage generative AI tools to create plans, write code, create test scripts and draft pull requests or reduce remediation time.
Contrast Security CTO Jeff Williams said the integration with GitHub Copilot extends the reach of the platform to now allow fixes to code generated using AI tools to be validated by live runtime evidence. The Contrast SmartFix tool works with GitHub Copilot to generate secure code fixes based on runtime vulnerability details, proven exploitability, attack details, defenses available, and additional context surfaces via the Contrast Graph. That capability streamlines remediation by delivering ready-to-review pull requests to enable developers to fix real application security issues faster without disrupting their workflow and ship with confidence, he added.
The integrations with Sumo Logic, meanwhile, enable the attack telemetry data collected by Contrast Security to flow directly into the Sumo Logic SIEM platform to enable security operations teams to better triage, investigate, and respond to issues, said Williams. Security teams gain real-time visibility into exploit attempts, vulnerable code paths, and application behavior, all enriched through the Contrast Graph.
These capabilities extend an overall effort to provide application security teams with more control over how issues are resolved, said Williams. Instead of relying more on application developers to discover and, hopefully, remediate issues, Contrast Security has been making a case for an ADR platform that makes it possible for application security teams to resolve issues in a way that application developers only need to review and approve.
While a lot of responsibility for application security has been shifted left in recent years, it’s clear that this approach will not fundamentally resolve application security issues. Developers of varying levels of skill will continue to make mistakes, an issue that may only be further exacerbated by the introduction of AI tools and AI agents that are often trained using examples of flawed code that have known vulnerabilities. In fact, many of the vulnerabilities that application developers may be asked to fix in the future may not involve code they are actually familiar with because it was written by a machine.
The best vulnerability will always be the one that was never created in the first place, but the odds that there will ever be a day any time soon that code doesn’t contain one or more vulnerabilities are slim to none. That means there will always be a need to fix software after it has been deployed in a production environment. The only thing left to be resolved will be how quickly those vulnerabilities can be discovered and remediated before cybercriminals, who are also increasingly using AI to discover them, are able to exploit them.
