In a move that underscores the evolving relationship between software delivery and security, Jyoti Bansal has decided to merge Harness and Traceable, two companies he founded, to create a more seamless DevSecOps experience. The newly combined entity will operate under the Harness name, aligning developer and security personas into a unified platform.
The decision reflects a growing trend: DevOps and security teams are increasingly intertwined, with companies demanding integrated solutions that lower friction in software development and deployment. According to Traceable co-founder and CTO Sanjay Nagaraj, customer needs and business objectives have converged to the point where combining the two firms was the logical next step.
"We saw the convergence of personas happening from a DevSecOps perspective overall, and it just makes sense to build a DevSecOps platform to address both sides of the need, from a DevOps perspective and a SecOps perspective," Nagaraj told Information Security Media Group.
A Unified Approach to Software Delivery and Security
Harness, founded in 2017, boasts nearly 1,200 employees and secured $150 million in financing from Silicon Valley Bank in May 2024. Meanwhile, Traceable, established in 2019, employs 229 people and has raised $110 million in funding, including a $30 million investment last May from a group led by IVP. Their merger is set to streamline DevSecOps workflows and enhance security automation.
Historically, developers have focused on rapid software delivery while security teams worked to ensure compliance and protection. However, as DevSecOps gains traction, these responsibilities are blending, necessitating an all-in-one platform.
"The expectation of these developers is that they are continuously delivering value to the business," Nagaraj explained. "That means the writing of code, which is shipping continuously. What happens to the security aspects of those things in that delivery itself? Bringing two amazing companies that were growing very well independently to create a much stronger company just made sense."
The rapid adoption of AI-powered code generation has further accelerated software development, but it has also heightened security risks. Addressing these vulnerabilities post-deployment is no longer viable, Nagaraj emphasized.
"Continuous delivery in itself is not enough," he said. "Continuous security is also very much required as part of it. And that's where the companies are coming together, and the personas are also starting to see the same thing."
What the Merger Means for Customers
For organizations using both Harness and Traceable, the integration promises a more streamlined experience, eliminating the need to manage separate systems, integrations, and administrative tasks. The merger will enhance visibility into security risks earlier in the development pipeline, giving security teams deeper insights into the software lifecycle.
"The team philosophy in terms of the culture that's built, the product philosophy in terms of how they are built, to the customer value delivery is all exactly the same, right?" Nagaraj said. "That means that the customers get the added benefit of now having not only the DevOps knowledge, but also the security knowledge coming together in one single company."
The first six months of the transition will focus on platform-level integrations, including role-based access control, user management, and licensing. Over the next year, product integrations will deepen, enhancing data sharing, automation, and security automation capabilities.
"In the next 12 months, we truly believe that combined value for some of the products that Harness has will start to come to our customers as we progress," Nagaraj stated.
The API Security Landscape: A Point of Contention
While Harness and Traceable are betting big on DevSecOps convergence, some industry experts believe the merger leaves gaps in API security. API security and bot management firm Cequence sees this move as a shift toward integrating security as a feature within development pipelines rather than a dedicated security function.
"Today's merger highlights a fundamental difference in approach. Harness has long been a developer-focused company, and while this merger broadens its portfolio, its core emphasis is unlikely to shift. Given Harness’s target market, Traceable will likely become a CI/CD module used by non-security personnel — leaving a gap in true API protection. Effective API security requires more than generating a ‘to-fix’ list; it demands real-time mitigation and detection of business logic abuse," said Ameya Talwalkar, CEO and founder of Cequence.
Talwalkar argues that companies must go beyond API discovery and testing, a limitation that many standalone API security vendors face. Effective API security, he says, requires robust runtime security and advanced threat detection capabilities.
"While others pivot, Cequence remains steadfast in delivering comprehensive API security and bot management. Security is not just a feature — it’s our core mission. As businesses recognize the need for a proactive, risk-based approach to API security, we remain committed to continuous innovation, best-in-class customer support, and proven protection at scale."
Talwalkar also points to the rise of Agentic AI, a development that complicates security risks.
"This includes the secure adoption of AI, as we realize that attackers have access to the same tools. With the rise of Agentic AI, our focus extends beyond protecting APIs to securing the agents themselves—ensuring they operate safely and cannot be weaponized by adversaries. From development to deployment, we provide all the security you need to safeguard your most critical assets."
Measuring Success
Nagaraj believes the success of the Harness-Traceable merger will be determined by how many Harness customers adopt Traceable’s security solutions and the extent to which Traceable’s security tools are deployed in production.
"At Traceable, we have an adoption rate where 95% of our customers were deployed in production," Nagaraj noted. "And the motto that we had was, 'We want to be the single largest security provider with the most amount of deployments in production.'"
With the software supply chain under increasing scrutiny, the Harness-Traceable merger represents a step toward a more unified DevSecOps approach. However, as API security concerns mount, the industry will be watching to see whether developer-led security is enough—or if standalone security players like Cequence will continue to lead the charge in API protection.