Luis Bretones, Channel Director of Mend.io shares how the company is helping enterprises fix AI risks at speed while keeping developers productive.
Please describe the overall theme of your presence at GITEX 2025.
Our theme this year was “Fixing AI Risks at Speed.” At Mend.io, we wanted to show enterprises that it’s entirely possible to embrace AI innovation without compromising security or slowing down developers. The core idea was to make application security intelligent and frictionless — to infuse it into the innovation process itself, rather than treating it as an afterthought. We’re helping organisations secure the new AI-driven software supply chain in a way that supports, rather than hinders, their business velocity.
What were the flagship products, solutions, or use cases that you showcased?
At GITEX 2025, we showcased how Mend.io has evolved into a truly AI-native application-security platform. One of the key highlights was our Open-Source and Software Supply-Chain Security solution, which gives enterprises complete visibility and control over their open-source dependencies. We addressed everything from known vulnerabilities and malicious packages to license-compliance challenges — topics we explore deeply in our Ultimate Guide to Open Source Security. Many organisations visited our booth to see how they could automate SBOM generation, streamline dependency management, and prioritise vulnerabilities that really matter.
We also focused on our AI-Powered Application Security capabilities. This solution allows enterprises to detect and govern risks across AI models, prompts, agents, and datasets by automatically building a live AI Bill of Materials (AI-BOM). That visibility extends to the entire software supply chain — something traditional AppSec tools simply can’t deliver.
Another big attraction was AI Red Teaming, which automates adversarial testing of large language models and conversational agents. It can simulate thousands of prompt-injection or data-leakage scenarios and provide detailed risk scores and remediation guidance.
Finally, we presented AI-Generated Code Security, which analyses code created by AI assistants directly inside IDEs and pull requests. It provides instant feedback at the moment of generation, along with deeper static-analysis results in CI/CD pipelines. This really resonated with developers who are already using AI tools day-to-day.
Altogether, these capabilities gave visitors a clear view of how Mend.io can protect every part of the modern development lifecycle — from open-source components to AI agents and generated code.
How did Mend.io demonstrate the benefits and use cases of AI at GITEX?
We wanted people to experience how AI itself is transforming application security. At our booth, we demonstrated AI-driven risk detection — models that automatically map an organisation’s AI assets and prioritise vulnerabilities based on exploitability and business impact. We showed AI-assisted remediation, where developers receive secure code suggestions right inside their IDEs, drastically reducing time-to-fix.
We also showcased behavioural testing for AI agents, running live adversarial tests on chatbots to reveal risks such as hallucination or prompt injection. Visitors were fascinated to see real-time policy enforcement through our AI-BOM Governance Module, which ties together model discovery, licensing, and compliance.
At the same time, we demonstrated how these capabilities align perfectly with our roots in open-source security. Our modules for supply-chain risk governance identify vulnerable dependencies, monitor reachability, and automate license-policy enforcement — capabilities that are especially critical in regions rapidly adopting cloud and AI technologies.
What other transformative technologies were part of your showcase?
Beyond AI-specific modules, we featured Mend Renovate which reduces risk, improves code quality, cuts technical debt and improves time to release for all projects by automatically ensuring all dependencies are kept up to date. We alsohighlighted integrations with agentic IDEs — including Windsurf, CoPilot, Claude Code, Amazon Q Developer, and Cursor — ensuring that developers can move at AI speed without compromising security.
Tell us about your partnership with Bulwark Technologies at GITEX.
Our alliance with Bulwark Technologies remains the cornerstone of Mend.io’s growth strategy in the Middle East, Africa and India. Bulwark is our value-added distributor in the region, offering local enablement, training, and compliance support. At GITEX, we co-hosted sessions showing how the combination of Mend.io’s AI-native AppSec platform and Bulwark’s local expertise enables enterprises to deploy application security rapidly and in full alignment with regional regulations.
This partnership was also part of Bulwark’s 25-year anniversary celebration, where we jointly reaffirmed our mission to empower the region’s digital-transformation journey through secure AI adoption and channel-driven value creation.
Were there any major announcements or highlights during the event?
Absolutely. We officially launched our AI-BOM Governance Module, giving enterprises unprecedented visibility and control over AI assets. We also ran a live AI Red Teaming demo, where visitors could see real-time adversarial testing of conversational agents.
Another highlight was the preview of our AI-Generated Code Security feature integrated with agentic IDEs — a first in the AppSec industry. I also had the privilege of participating in a CISO panel discussion on securing AI-native applications, co-hosted with Bulwark. And finally, Mend.io was recognised as an AI-Native AppSec Innovator during Bulwark’s Cybershield 2025 Awards, which was an honour for our entire team.
What innovations have shaped Mend.io’s product portfolio over the past year?
The last 12 months have been incredibly dynamic for us. We launched the Mend AI module, which provides visibility into over 350 000 AI models, automatically identifies versions and licenses, and flags security or compliance issues — all integrated directly into our platform. We also introduced AI System Prompt Hardening to proactively manage prompt-injection risk.
Beyond AI, we expanded our open-source and supply-chain security capabilities with deeper reachability analysis and automated license-compliance auditing. The AI Red Teaming Automation and AI-Generated Code Security features are now live within IDE and CI/CD environments. And with our new Developer Analytics Dashboard, enterprises can measure mean-time-to-remediate, risk-reduction rates, and AppSec ROI with real accuracy.
Looking ahead, we plan to extend our AI-BOM coverage into agentic workflows, enhance our governance controls, and localise more services through Bulwark to address regional compliance frameworks.
How are AI and GenAI embedded within your solutions?
AI and GenAI are at the heart of our platform. We use AI to discover and classify models, datasets, and agents inside applications, building a complete AI Bill of Materials that shows exactly what’s running and were. Our algorithms correlate risk factors to business impact, allowing teams to focus on what truly matters.
Through AI Red Teaming, we apply GenAI techniques to simulate adversarial scenarios and strengthen model resilience. With AI-Generated Code Security, we integrate directly into AI coding assistants and agentic IDEs so that every line of generated code is scanned and remediated instantly. This combination of automation, behavioural testing, and contextual remediation transforms how developers and security teams collaborate.
How are end-user skills evolving to take advantage of these innovations?
The shift to AI-native development requires a new skillset. Developers now need to understand not only code vulnerabilities but also AI-specific threats like prompt injection, model drift, or licence misuse. DevSecOps teams must manage both open-source and AI assets under a single governance framework. And governance officers need to oversee compliance for everything from datasets to AI models.
When these disciplines work together, the ROI becomes very tangible: mean-time-to-remediate drops dramatically, compliance costs fall thanks to automation, and developers can innovate faster because security is built into their workflow instead of blocking it.
What are the key expectations and current pain points among enterprise users?
Most enterprises are moving faster with AI than their security tools can keep up. They struggle with hidden AI assets, complex open-source dependencies, and legacy AppSec solutions that don’t understand AI behaviour or supply-chain risk. Many teams still face the classic challenge of balancing developer speed with governance.
Our role is to make that balance achievable. By embedding security inside AI-coding tools, by providing automated AI-BOMs, red-teaming, and open-source risk management, we give CISOs a single view of risk while keeping developers productive. And through our partnership with Bulwark, customers in the MEA region receive the local enablement and compliance support they need to operationalise these innovations quickly.
Which verticals and market segments are you focusing on regionally?
Our sweet spots include banking, government, telecommunications, energy, and critical-infrastructure sectors — industries that are aggressively adopting AI while facing stringent regulatory oversight. We primarily serve mid-to-large enterprises undergoing digital transformation with strong DevSecOps cultures.
In the MEA region, we see significant demand for AI-enabled compliance frameworks, especially around NCA, NESA, and PDPL standards. We’re helping customers embed AI-native AppSec directly into their SDLCs and manage both AI and open-source supply chains at scale. The outcome is measurable ROI: faster releases, lower risk exposure, and stronger compliance assurance.
What do you see as the biggest market opportunities and challenges ahead?
The opportunities are enormous. AI and GenAI adoption are accelerating across the region, and enterprises now understand that securing AI-driven applications and open-source components is mission-critical. Regulatory frameworks are emerging that demand precisely the kind of visibility and governance Mend.io delivers. Our channel with Bulwark will be key to meeting that demand at scale.
The challenges, however, are equally real: a shortage of AI security talent, inconsistent regional regulations, and the complexity of managing vast software-supply chains. Our strategy is to offset these through automation, education, and strong partner enablement so that our customers — and their developers — can innovate safely and confidently.
Any closing remarks following GITEX 2025?
“At GITEX 2025, Mend.io demonstrated that securing traditional software is no longer enough. The future belongs to AI-native security — covering every model, dataset, agent, and open-source component that powers modern innovation. From live AI-BOM discovery and adversarial red-teaming to in-IDE security for AI-generated code and automated license-compliance for open source, we’re helping enterprises fix AI risks at speed while staying compliant, innovative, and future-ready.”
