CIO Influence
CIO Influence Interviews Cloud Machine Learning Security

CIO Influence Interview with Liav Caspi, Co-Founder & CTO at Legit Security

by Paroma Sen

Liav Caspi, Co-Founder & CTO at Legit Security discusses the current market trends impacting data and security protocols in this catch up with CIOInfluence.com:

_____________

Hi Liav, tell us about yourself and the story behind Legit Security.

Iโ€™m an engineer at heart with a passion for security, especially where security meets engineering. Before founding Legit, I led the AppSec product at Checkmarx and worked closely with large enterprise security groups trying to build secure software. What I kept seeing were the same gaps: security tools werenโ€™t keeping pace with modern software development, and teams spending too much time understanding and fixing risk.

Legit was born out of that frustration. We wanted to give organizations a unified, developer-friendly way to build secure software from code to cloud. This is where our vision to unite engineers and security and provide the missing source of truth emerged.

Take us through the core features of your Legit MCP (Model Context Protocol) Server and how it enables security and developer teams?

The Legit MCP Server is our first step into the revolution that is AI in software development. For the first time, there is a real opportunity to shift good security context directly into the development workflow in a way that is actually helpful, using the benefits of AI to fix and create secure code.

When Google claims 50% of their code is AI-generated (and growing), we see that the future of engineering belongs to AI and that the developer role will change. We are adapting our security tools for this revolution. Developer teams can directly pull vulnerabilities into their IDE and generate a fix within minutes, rather than going through the long cycle of tickets, sprints, and prioritization. This is a revolution in risk reduction.

Also Read:ย CIO Influence Interview with Chuck Schauber, CPO at Black Kite

What are the top challenges that modern data and security teams face in end-to-end vulnerability management?

Thereโ€™s currently a massive signal-to-noise problem. Most scanners focus narrowly on code and flood teams with findings that lack context. That creates alert fatigue and wastes time.

The real challenge is prioritization and remediation. Without understanding how vulnerabilities relate to real business riskโ€”whether itโ€™s in the cloud, CI/CD pipeline, or an AI dependencyโ€”you canโ€™t manage it effectively.

Teams also struggle with stitching together siloed insights across applications, infrastructure, and supply chain layers. Thatโ€™s exactly where we focus: providing the missing correlation and context to help teams address risks that actually matter.

For modern developers, what best practices would you share as they use more AI in code and workflows?

Start by treating AI components like any other software dependencyโ€”but with higher scrutiny:

  • Evaluate the trustworthiness of AI models and providers
  • Establish visibility into where and how AI is being used in your organization
  • Define clear usage policiesโ€”donโ€™t wait for something to go wrong
  • Run AI-specific threat modeling exercises. Itโ€™s not just about what the model generates; itโ€™s also about how itโ€™s trained, where it runs, and what data it touches.

AI is powerful. But when itโ€™s a black box, itโ€™s a liability.

What trends are dominating the AI-native ASPM ecosystem today?

Weโ€™re seeing two dominant trends:

  1. Security for AI-generated code and AI-powered software: Developers are using AI assistants like Copilot every day. That opens the door to subtle yet critical issues in quality, legal, and security. ASPM platforms must now integrate with those tools directly, assess whatโ€™s being generated, and help secure code as itโ€™s written. Additionally, building secure AI applications is a big challenge.
  2. AI-enhanced AppSec: Not just using AI to find issues, but also to contextualize and fix them. Weโ€™re applying AI to correlate signals across pipelines, infrastructure, and code, and surface the few that matter. Itโ€™s smarter, faster triage.

Five thoughts youโ€™d leave every CIO with before we wrap up?

  1. Shift from visibility to insights. More data isnโ€™t betterโ€”actionable data is.
  2. Secure the software factory, not just the software. Your pipelines, tools, and AI generators are part of the attack surface. The more automated they get, the more critical it is to make sure they are safe and secure.
  3. AI is your next supply chain. Treat it with the same rigor.
  4. Developer experience drives adoption. Security must meet developers where they are and contextualize risk for them.
  5. AI is a superpower. It creates new problems, but it can also solve them. Prioritize AI-native tools built with that paradigm in mind.

Catch more CIO Insights:ย Hyperautomationโ€™s Global Spotlight: How IT Leaders Are Transforming Processes Across the Tech Landscape

[To share your insights with us, please write toย psen@itechseries.comย ]

About Legit Security

The Legit Security ASPM platform is a new way to manage application security in a world of AI-first development.

About Liav

Liav Caspi, is Co-Founder & CTO at Legit Security

Paroma is a contributing editorial director for CIOInfluence.com

Related posts

NVIDIA Inference Breakthrough Makes Conversational AI Smarter, More Interactive From Cloud To Edge

CIO Influence News Desk

GPU Demand Surges, But AI Adoption Forces Companies to Reevaluate Resource Use

Molly Presley

Alteryx Is Acquired by Clearlake Capital Group and Insight Partners for $4.4 Billion

PR Newswire