Visa has introduced a new AI-powered framework called **Visa Vulnerability Agentic Harness (VVAH)**, designed to transform the way organizations manage software security vulnerabilities.
The company participated in Anthropic’s Project Glasswing, which provides access to advanced AI models capable of identifying vulnerabilities and security weaknesses in applications.
However, Visa argues that the real challenge is no longer just discovering flaws, but validating, prioritizing, and remediating them quickly.
Traditionally, vulnerability management and security testing have operated separately from software development, relying on periodic assessments, manual reviews, and penetration testing exercises.
Visa believes AI is driving a transformation similar to the one software quality assurance (QA) experienced over the past two decades. Just as automation tools like Selenium enabled the shift from manual testing to continuous validation, security may evolve toward a model of continuous vulnerability testing.
As a result, VVAH was developed to:
- Automatically validate identified vulnerabilities;
- Generate remediation recommendations;
- Verify whether fixes have been successfully implemented;
- Continuously retest systems to ensure no new issues have been introduced.
Visa views this development as another step in its “shift left” philosophy, which involves introducing security activities earlier and earlier in the software development cycle.
Subra Kumaraswamy, Visa’s CISO, stated that the company already uses agent-based AI to:
- Find code errors more quickly;
- Reduce incident investigation time;
- Integrate security checks directly into engineering workflows.
According to him, AI does not replace good security practices, but rather serves as a catalyst for efficiency.
The original article via QA Financial can be read here.
