I studied MSc Applied Cybersecurity at the University of South Wales. My dissertation was titled "Developing and Evaluating an AI-Assisted SQL Injection Detection Framework Using ChatGPT and Machine Learning Techniques." The artefact combined ChatGPT with machine learning to detect SQL injection, return remediation guidance, and present best-practice educational material.
As a proof of concept, it worked. But evaluation was part of the point, and evaluating it honestly surfaced three limitations I could not stop thinking about.
First, detection alone is not the hard part. Telling someone they have a vulnerability is the easy part. Telling them what it means for their business, and exactly how to fix it in their stack, is the part that actually helps.
Second, a general-purpose AI model is not trustworthy enough, on its own, for security decisions. It needs guardrails: deterministic detection first, AI for explanation only, with a fallback when it fails. Letting a model decide what counts as a vulnerability is the wrong architecture.
Third, the people who need this most are not large enterprises with security teams. They are the 20-to-200-person SaaS companies that have a CTO, a board asking for SOC 2, and enterprise customers running security questionnaires, but no security engineer to make sense of any of it.
I recorded these as future considerations at the end of the dissertation. One of them became VeriLync.
VeriLync is a static application security platform for SaaS scale-ups. It analyses your source code, and every finding comes with two things: an executive summary for non-technical stakeholders, and a stack-specific remediation example for your developers. Findings are linked to relevant security controls commonly referenced in SOC 2, ISO 27001, GDPR, and Cyber Essentials Plus. The AI explains the findings; it does not decide them.
The gap my dissertation pointed at is the gap VeriLync is built to close.
VeriLync is in early access. If you run a SaaS company that has more code than security headcount, I would value having you on the waitlist.
Top comments (0)