HomeCompaniesRemy

Resolve product security risks early with AI

Use Remy to discover upcoming engineering work, perform automatic triage and speed up your design reviews.
Remy
Founded:2023
Team Size:4
Location:San Francisco
Group Partner:Tom Blomfield

Active Founders

Sten Sjöberg, Founder

I'm co-founder and CEO at Remy Security. Before Remy, I was a security automation PM at Microsoft's security team. My team owned the product security review process including secure development lifecycle assessments, design reviews and penetration testing. Before Microsoft, I took all the security classes they offered to Princeton CS undergrads and published research in the Symposium on Usable Privacy and Security (SOUPS).
Sten Sjöberg
Sten Sjöberg
Remy

Kevin Kim, Founder

Founder @ Remy Security. Previously SWE at ExtraHop, Rice CS.
Kevin Kim
Kevin Kim
Remy

Company Launches

Hi everyone! We’re Sten and Kevin, founders of Remy Security.

Remy helps security teams conduct security design reviews more quickly and effectively. Using LLMs to analyze the design documents, Remy generates targeted insights and questions to raise to the authors.

Problem

Security design reviews are essential during the software development cycle as they mitigate risks before they become problems down the line. It’s more expensive to address breaches than it is to look for potential weaknesses at design time.

It’s difficult and expensive to review designs. The types of threats that the reviewer must consider are endless, and it’s easy to miss key risk areas even for experts. Security team and engineering team members must meet in order to discuss the design’s context and the risks that need to be addressed. Such meetings are expensive, time-consuming, and often disorganized.

Security teams are understaffed. A 1:60 ratio is common for headcount between security and engineering staff. With such a skew, security teams often struggle to keep up with requests, forcing them to skip reviews or delay the development lifecycle.

Solution

Remy finds designs that the security team should be aware of and makes a first pass at reviewing them using LLMs. It hands off its assessment to members of the security team, who make the final judgements on what questions/comments need to be raised in the document.

Users can view a list of designs to review, view their risk levels, and prioritize the most important ones to work on.

For each document, Remy generates questions and feedback for you to send to the authors. Leveraging LLMs, Remy provides targeted insights into the specific risks of each design.

Asks