In modern software development, security is critical—but still an afterthought. Enter, IBM Bob, our agentic IDE, which we first introduced in October. Bob is built with security-first principles, and understands an organization’s intent, repo and security standards, and has been purpose built to be a development partner for faster, smarter software development. With agentic workflows, built-in security and enterprise-grade deployment flexibility, Bob doesn’t just automate tasks—it transforms the entire software development lifecycle.

Since we started building Bob, we have embraced the “shift left” philosophy, Bob integrates security into development workflows helping to accelerate modernization, cut costs, and eliminate friction for developers and the enterprise.

As AI becomes embedded in development workflows, it doesn’t just accelerate coding—it transforms the security landscape. AI introduces new risks such as prompt injection, jailbreaks, and data poisoning, while amplifying broader enterprise threats. When AI-powered IDEs and agentic workflows handle builds, credentials, and deployments, attackers gain novel entry points. Prompt injection can manipulate outputs or trigger unsafe commands. Model jailbreaks bypass guardrails, exposing hidden capabilities.

Data poisoning can silently corrupt training sets, influencing model behavior long after deployment. Traditional firewalls and scanners can’t see these language-based threats. Enterprises need AI-aware security integrated into developer tools and CI/CD pipelines, to catch and mitigate threats before they reach production.

Shifting left in the software development lifecycle

To address these novel risks, IBM is taking a security-first approach, initially by delivering Bob integrated with Palo Alto Networks Prisma AIRS—purpose-built to secure AI systems. This approach applies the right tool at the right time, embedding protection early in the lifecycle and adapting to where development happens, whether in the IDE, during pull requests or across agentic workflows in CI/CD pipelines.

Bob acts as a developer partner in the IDE and as an agent in collaborative environments, ensuring security checks run continuously and contextually. This approach automates detection, enforces policy in near real-time, and validates AI behavior so developers can build with confidence without sacrificing speed or governance.

Key capabilities include:

• Prompt normalization: Intercepts and sanitizes prompts to block injection attempts.
• Sensitive data scanning: Detects PII, source code, and other confidential data in model outputs.
• Policy enforcement in near real-time: Applies governance across model calls and APIs.
• Shift-left security: Embeds checks into CI/CD pipelines so vulnerabilities are caught as code is written.

Bob also incorporates AI red-teaming before deployment. These tests generate measurable risk scores and remediation guidance that feed directly into developer backlogs, making security actionable and continuous.

Getting started with Bob

By integrating AI security early, Bob moves enterprises from reactive patching to proactive prevention, helping developers gain:

• Early detection of vulnerabilities and misconfigurations
• Faster remediation through automated suggestions and code fixes
• Continuous validation as models and data evolve

As Bob reaches GA and beyond, we will continue to develop Bob with a secure-by-design approach, with additional security integrations becoming available in Bob over time. Bob reflects IBM’s commitment to secure-by-design practices, enabling organizations to modernize confidently while protecting AI workflows from new and emerging threats.

To learn more about Bob, and the integration with Palo Alto Networks Prisma AIRS, watch the replay of our IBM Technology Summit and experience Bob.