Bex AI helps you to build applications and services that are secure by design, because it embeds security guidance straight into the tool you use to collaborate on the design - Jira.

By giving you insight into the risk associated with your Jira tasks, as well as recommending actions that you can take immediately to improve the security of your application.

Absolutely! Bex AI does not require any security experience, it gives you the security guidance you need in a way that is easy to understand and act on. And if you have questions, you can always just tag Bex AI in a comment to continue the conversation.

Bex AI automatically analyzes the security risk of your Jira task, giving you an easy to understand risk rating. It also gives you a summary of the risk as well as suggested changes to the Jira task description that would clarify the security posture. Bex AI will also generate recommended actions to take to improve the security, along with the threat context and implementation details such as source code examples.

Simply install Bex AI from the Atlassian marketplace here.

Bex AI is currently only available for Jira Cloud.

These happen automatically when the Bex AI plugin is loaded for a Jira task for the first time. You can later regenerate the assessment at the click of a button.

Virtually anything, depending on the context of the Jira task. If the task is about implementing a web form, you’ll get recommendations related to protecting forms. If it is about building a cloud service, it’ll give you recommendations about cloud controls. 

Yes, Bex AI will work with any issue type including Epics, Tasks, and Stories.

No, Bex AI is focused on helping developers take action to improve security as early and as easily as possible. It is not a replacement for compliance or security reports.

Generating the security rating takes just a few seconds. Creating the recommended actions can take a minute or two because behind the scenes we’re assessing potential attacks, rating them, identifying potential mitigations, rating them, then giving you the ones that matter.

Bex AI does not formally follow any security frameworks, although it is very compatible with most threat modeling and Secure by Design activities.

Whenever you’ve asked for them to be updated. After some time you may want to generate a new set of recommended actions. This might be because some have been implemented, or because the context of the Jira tasks has changed.

Bex AI only stores Jira information and the generated content for 30 details to ensure we’re delivering the best quality guidance. Your Jira data is sent to OpenAI and they store it for 30 days, but your data is not used to train any AI models.

No, our focus is on ease of use and simplicity. There is no configuration required, just install Bex AI and you’re ready to go.

Secure by Design (SbD) is a principle in software engineering which focuses on baking security in the design phase instead of doing it later on the software development lifecycle (SDLC). Resulting in products which are secure from the start and more resilient to potential cyber attacks.

This principle is being adopted and even mandated by certain organizations such as CISA, which states ‘Every technology provider must take ownership at the executive level to ensure their products are secure by design’. In the UK, these principles are mandatory for government departments; ‘The foundations required for embedding cyber security practices in digital delivery and building resilient digital services.’

This approach is becoming more popular and widely used due to a need for increased cybersecurity to manage risk, anticipate and respond to vulnerabilities, while creating a secure and reliable product or service.

Bex AI is able to understand the entire context of the Jira task, and so can infer the best recommendations given the available context. Bex AI is not designed to replace traditional approaches to threat modeling, where you may need to model and visualize inter-connected systems at a high level. Complex vulnerabilities that arise as a result of different disparate systems working together can be identified by threat modeling. Having said that, if your Jira task such as an Epic describes this high level context (and isn’t for example a detailed task or user story), then Bex AI will also identify high-level threats and recommended actions.

Yes! Bex AI can work for individuals as well as large development departments, because it is centered around the Jira tasks.

Not at the moment.

If you need help with Bex AI, check out our website. If you’re still having issues, you can contact our support team here.