# Asana Catches Security Risks Before Anyone Writes a Line of Code with AI Teammates > See how Asana's security team uses AI Teammates to identify security risks before designs are finalized, giving one engineer 10–15x the coverage across the software development lifecycle. Source: https://asana.com/fr/resources/asana-catches-security-risks-with-ai-teammates ## Asana catches security risks before anyone writes a line of code with AI Teammates Security is what makes it possible to build and ship software with confidence. But in fast-moving engineering teams, it can drift into an afterthought—a final hurdle before launch rather than a voice at the table from day one. Varun Prusty, staff security engineer on Asana's security architecture team, believed it didn't have to work that way, so he built something to prove it. Varun’s solution was an AI Teammate that works alongside him at every stage of the software development process, from the first idea to the final release. The result: one engineer with the reach of a team 10 to 15 times his size. ## Keeping pace with security reviews in a fast-moving engineering organization As Asana's engineering org grew, so did the volume of products and features needing security review. With a small team, some conversations were happening too late in the process—after designs were finalized and code was written—when changes are hardest to make.Varun's goal was straightforward: get security into the conversation earlier, at every stage, for every team. It's given us the bandwidth, scaled our team, and enabled us to focus on what we enjoy. It's almost like a mini-me coworker. ### Putting AI Teammates to work across the software development process Varun built his workflow inside an Asana project, mirroring how Asana's engineering teams actually build software. Each phase of the process is powered by AI with a human check before anything moves forward. ### Step 1: Security guidance before the design process even starts When an engineering team member has a new feature idea, they submit it through an intake form in Asana. An AI Teammate reads the description, cross-references Asana's known risks, past security reviews, and internal security standards, and responds with a plain-language list of things the team should think about before they start designing. This happens automatically, the moment a submission comes in. No waiting for a security engineer to have a free moment. Teams get guidance at the start, not a surprise at the end. "Security needs to be a collaborator at every part of the software development lifecycle, starting from the inception of an idea to the delivery," Varun said. ### Step 2: A full security risk review before anyone writes code Once a team has a design document for the feature, they bring it back to the process. The AI Teammate first checks that everything needed for the security review is included—like architecture diagrams, data flow diagrams, and a record of the security requirements from Step 1. If anything is missing, it asks the submitting team for it before going further. Then the AI Teammate does a full risk review. Drawing on past security reviews, known bugs, and Asana's data policies, the AI Teammate works through the design and sorts the risks it identifies into three buckets: must fix before launch, fix soon after launch, and nice to have. It provides the security and engineering teams context and rationale behind how it assessed the risks and offers suggestions and follow-up questions. From there, Varun and the engineering team go through the findings together and answer the AI Teammate’s questions. They reply in comments to provide context, accept certain risks, and agree on what needs to be addressed. Both teams own the outcome. "The final deliverable is a comprehensive set of risks and their severity, so the whole team, including security and engineering, is aligned," Varun said. ### Step 3: A final human check before anything ships Once the design is approved and the team has built the feature, the process hands off to a real security engineer for a final review. This isn't a full re-review; it's a confirmation that all the agreed-upon risks have been addressed and all the boxes are checked. The human makes the final call. Now it kicks it over to one of our team members—the final human check, cross your T's, dot your I's. ## Security reviews at every stage, for every team Security reviews that once took days now start the moment a team submits an idea. Every engineering team at Asana, regardless of time zone or sprint schedule, has access to security guidance at every stage of development, not just when a security engineer happens to be available. And all of this documentation improves the next feature review."There's this flywheel effect,” said Varun. “AI just has more context, and more context, and more context.” The repetitive parts of security work, the conversations that happen the same way across dozens of teams, are handled by AI. Varun and his team spend their time on the work that actually needs their expertise. #### Supercharge your teams with AI that gets work done Give your teams AI that understands their work, keeps projects moving, and gets better the more your teams use it. - [Contacter le service commercial](http://asana.com/ai-teammates-sales?utm_medium=website&utm_source=blog&utm_campaign=aitga-sl27) - [Contacter le service commercial](http://asana.com/ai-teammates-sales?utm_medium=website&utm_source=blog&utm_campaign=aitga-sl27) - [IT](/resources/it) - [Faut-il une alternative à Jira ? Comment aligner la Tech et le Business avec un OS Produit](/fr/resources/jira-asana-integration-decision-intelligence) l’IA au travail #### Auteur Le fossé se creuse souvent silencieusement. D'un côté, vous avez des équipes techniques ultra-sollicitées, concentrées sur leur dette technique et la nécessité absolue de scaler l ... - [Gestion des demandes IT : en finir avec le chaos grâce à l'IA](/fr/resources/ending-it-ticket-chaos-ai) l’IA au travail IT Intégrations Automatisation des processus Opérations #### Auteur Pour les équipes Tech en phase de scale, le véritable ennemi n’est pas la complexité technique, mais le « bruit » opérationnel.Chaque jour, votre service secrétariat est bombardé. ... - [Plan de projet informatique](https://asana.com/templates/it-project-plan) IT - [La définition d’objectifs de direction : une approche scientifique](/fr/resources/executive-goal-setting) Le Work Innovation Lab Stratégie commerciale Données du secteur Marketing IT Opérations Objectifs #### Directrice du Work Innovation Lab Goal setting is crucial to hitting your most important targets. But it’s not enough to simply set goals—you need to set the right goals. The Work Innovation Lab, a think tank by A ... - [Asana catches security risks before anyone writes a line of code with AI Teammates](/fr/resources/asana-catches-security-risks-with-ai-teammates) IT l’IA au travail - [Content marketing manager](/author/lauren-johnson) Security is what makes it possible to build and ship software with confidence. But in fast-moving engineering teams, it can drift into an afterthought—a final hurdle before launch ...