T-Bank: Safeliner AI Assistant

The main articles are:

• Virtual Assistants

2025: Assistant Launch

T-Bank has developed the first in Russia Safeliner information security assistant based on artificial intelligence, the introduction of which will significantly reduce the burden on product development teams, speed up response to threats and prevent vulnerabilities in the code at the development stage. The bank announced the launch of the service on May 21, 2025.

According to the press service of T-Bank, the use of the Safeliner AI assistant will help save the T-Technologies group more than ₽1 billion per year by minimizing risks in the field of information security and optimizing code in the T. In the future, the company plans to open access to Safeliner to other organizations on the market, and several partners are already testing this product.

𝓲

Фото: T-Bank

The developed AI assistant provides developers with the opportunity to significantly reduce the cost of fixing vulnerabilities, reduce the risks associated with defects in the code, as well as reduce the number of false positives of tools for searching for vulnerabilities in applications. In addition, Safeliner can reduce the "lifespan" of potential vulnerabilities several times and provides a deeper understanding of their nature through real-world training.

An AI assistant for information security was introduced inside T-Bank in August 2024, and since the launch, the processes of searching and fixing vulnerabilities in the company have accelerated up to 5 times. Safeliner is developed in a familiar environment for programmers GitLab and uses a large language model it to generate prompts and automatically correct problem areas of code. An important feature of the system is that all models work within the corporate loop, without the use of external API and third-party services.

In the face of high demand for experienced IT professionals, developers are focused on product development and can make mistakes that then turn into vulnerabilities. Training in secure development is time-consuming and deeply immersive, so some experts are not paying enough attention to code security. This creates additional cyber risks and jeopardizes the safety of products. With Safeliner, we implement a shiftleft approach that allows us to eliminate potential vulnerabilities even at the stage of writing code without distraction and deep immersion in developer security issues, said Dmitry Gadar, Vice President, Director of the Information Security Department of T-Bank.

The technology of the AI assistant for information security is based on the analysis of potential vulnerabilities discovered by static analysis tools. Safeliner filters false positives, generates hints and descriptions of security problems that developers understand. Defects are highlighted and corrected almost at the moment of appearance.

This technology is not tied to the specific static analysis tools (SAST) used in the company. It easily adapts to the requirements of the organization and allows you to work with any reports in the SARIF format - a standard format for exchanging data on the results of static code analysis. Safeliner integrates with both commercial and open source solutions.

Using RAG technology, which adds information from public and corporate knowledge bases, the AI assistant offers options for automatically fixing vulnerabilities. The context is enriched based on a variety of related data sources, such as:

• internal knowledge base;
• industrial standards and recommendations from communities (e.g. OWASP);
• analysis of the graph representation of the code (AST, DFG, CFG);
• vulnerability description from the SARIF report;
• user markup.

In addition, Safeliner collects feedback from developers on vulnerabilities found to further analyze this information and use it to adjust search rules and vulnerability correction algorithms.