AI Security Working Group

The charter of this working group is to drive AI Security across GitLab components.

Attributes

Property Value
Date Created June 12, 2025
End Date TBD
Slack #wg_ai_security (internal)
Google Doc Working Group Agenda (internal)
Epic Main Project Epic (internal)
Handbook Page AI Security Working Group

Context

The introduction of the Duo Agent Platform moves from separate GitLab Duo product features to a dedicated platform for AI at GitLab.

Secure development of GitLab Duo features becomes more critical for the business as we launch the Duo Agent Platform. We can expect to see rapid iteration of this platform and should leverage industry best practices and make features secure by default.

This working group will include a community of team members from Engineering and Security whom strive to make security simple for users and contributors alike.

Scope

The scope of this group includes the following GitLab components:

  1. AI Gateway
  2. CLI agents
  3. Duo Agent Platform
  4. Editor Extensions
  5. GitLab Language Server

Exit Criteria

  1. Best practices for implementing AI prompts are documented in our Contributor documentation.
  2. Proof-of-concepts are executed and recorded to understand what AI security tooling could offer SaaS, Dedicated, and Self-Managed customers.
  3. Our CI/CD pipeline will trigger code review of merge requests and provide actionable advice for contributors.
  4. Our CI/CD pipeline will block merge requests that do not meet secure development standards we establish for our AI offerings.
  5. Automated scripts are established to setup local working environment and help in testing AI features on the various AI projects.

Roles and Responsibilities

Working Group Role Team Member Name Role
Executive Sponsor Jamie Dicken Director, Security Platforms and Architecture
Executive Sponsor Julie Davila VP, Product Security
Executive Sponsor Tim Zallmann VP, AI Engineering
Functional Lead Erran Carey Staff Fullstack Engineer
Functional Lead Jessie Young Principal Engineer
Functional Lead Joern Schneeweisz Principal Security Engineer
Member Ameya Darshan Senior Application Security Engineer, Product Security
Member Daniel Hauenstein Application Security Engineer, Product Security
Member Dillon Wheeler Backend Engineer, AI-powered:Duo Chat
Member Vitor Meireles De Sousa Senior Manager, AppSec, Product Security
Member Katherine Wu Application Security Engineer, PSIRT, Product Security
Last modified September 24, 2025: Document AI Security working group background and scope (7f3d4dbf)
View page source - Edit this page - please contribute. Creative Commons License