DEV Community: Oluwole Ajayi The latest articles on DEV Community by Oluwole Ajayi (@oluwole_ajayi). https://dev.to/oluwole_ajayi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3995680%2F073b54c8-6f54-49c4-9af5-a021b9d89a44.jpg DEV Community: Oluwole Ajayi https://dev.to/oluwole_ajayi en VeriLync- Application Security for SaaS Scale-ups Oluwole Ajayi Sun, 21 Jun 2026 19:25:39 +0000 https://dev.to/oluwole_ajayi/verilync-application-security-for-saas-scale-ups-3o0l https://dev.to/oluwole_ajayi/verilync-application-security-for-saas-scale-ups-3o0l <p>I studied MSc Applied Cybersecurity at the University of South Wales. My dissertation was titled "Developing and Evaluating an AI-Assisted SQL Injection Detection Framework Using ChatGPT and Machine Learning Techniques." The artefact combined ChatGPT with machine learning to detect SQL injection, return remediation guidance, and present best-practice educational material.</p> <p>As a proof of concept, it worked. But evaluation was part of the point, and evaluating it honestly surfaced three limitations I could not stop thinking about.</p> <p>First, detection alone is not the hard part. Telling someone they have a vulnerability is the easy part. Telling them what it means for their business, and exactly how to fix it in their stack, is the part that actually helps.</p> <p>Second, a general-purpose AI model is not trustworthy enough, on its own, for security decisions. It needs guardrails: deterministic detection first, AI for explanation only, with a fallback when it fails. Letting a model decide what counts as a vulnerability is the wrong architecture.</p> <p>Third, the people who need this most are not large enterprises with security teams. They are the 20-to-200-person SaaS companies that have a CTO, a board asking for SOC 2, and enterprise customers running security questionnaires, but no security engineer to make sense of any of it.</p> <p>I recorded these as future considerations at the end of the dissertation. One of them became VeriLync.</p> <p>VeriLync is a static application security platform for SaaS scale-ups. It analyses your source code, and every finding comes with two things: an executive summary for non-technical stakeholders, and a stack-specific remediation example for your developers. Findings are linked to relevant security controls commonly referenced in SOC 2, ISO 27001, GDPR, and Cyber Essentials Plus. The AI explains the findings; it does not decide them.</p> <p>The gap my dissertation pointed at is the gap VeriLync is built to close.</p> <p>VeriLync is in early access. If you run a SaaS company that has more code than security headcount, I would value having you on the waitlist.</p> <p><a href="http://www.verilync.com" rel="noopener noreferrer">www.verilync.com</a></p> security machinelearning