AI-Powered Security for GitHub Actions
Protecting CI/CD pipelines from supply chain attacks
AWS GenAI Accelerator 2025
GitHub Actions in the marketplace
Use third-party actions
Security monitoring tools for actions
A single compromised action can inject malicious code into thousands of deployments overnight
GitHub Copilot
Amazon CodeWhisperer
Creates workflows & actions
uses: unknown-action@v2
No security validation
Instant production deploy
As AI generates more code, it unknowingly imports vulnerable dependencies
FlowGuard provides the missing security layer for AI-accelerated development
Scan all GitHub Actions across your repos every 6 hours
Know immediately when actions change ownership or permissions
Risk assessment for every action based on maintenance, ownership, and usage
Zero configuration required - connect GitHub and start monitoring in 60 seconds
100% of FlowGuard built by Claude using Amazon Bedrock
Proving AI can build production infrastructure
Part of the emerging GenAI security tech stack
Track AI-generated code entering pipelines
Monitor actions created by AI coding assistants
Essential infrastructure as AI writes more code
• Amazon Bedrock for threat pattern analysis
• SageMaker for custom security models
• CodeWhisperer integration for safe AI coding
• Lambda + API Gateway serverless architecture
GitHub developers
DevSecOps market size
Annual growth rate
Every company using GitHub Actions is a potential customer
No direct competitors in the action security monitoring space
✓ 5 private repos
✓ Weekly reports
✓ Basic monitoring
✓ 50 private repos
✓ Real-time alerts
✓ AI-powered analysis
✓ Unlimited repos
✓ Slack integration
✓ API access
Target: 10,000 paying customers by end of Year 2
• MVP on AWS Lambda
• Basic threat detection
• Amazon Bedrock integration
• Fine-tune security models on SageMaker
• Natural language policies
• CodeWhisperer plugin
• Custom FM for code analysis
• Real-time threat prediction
• AWS Marketplace launch
• Access to Amazon Bedrock and SageMaker experts
• Credits for training custom security models
• Integration with AWS security services
• Part of the emerging AI infrastructure ecosystem
Founder
AWS expert, Chief Cloud Economist
Lead Developer
Built 100% of codebase
Accelerator Partner
Help us scale with AI
Proven track record: Founded and scaled The Duckbill Group to 8-figure revenue
• Lambda for serverless compute
• RDS PostgreSQL for data
• SQS for job processing
• API Gateway for REST APIs
• CloudWatch for monitoring
• Amazon Bedrock for threat analysis
• CodeWhisperer for fix suggestions
• SageMaker for custom models
• Textract for license scanning
• Comprehend for alert summaries
AWS GenAI Accelerator will help us become the first AI-native security platform
• Build critical security layer for AI-generated code
• Train custom models for threat detection on SageMaker
• Showcase AI building AI infrastructure
• Create new category: GenAI Security Monitoring
• Providing critical services in the AI tech stack
• Model monitoring and infrastructure provisioning focus
• Already building on AWS (Lambda, RDS, API Gateway)
• Ready to leverage Bedrock and SageMaker at scale
🌐 flowguard.dev
📧 corey@flowguard.dev
🦋 quinnypig.com on Bluesky
Built with ❤️ by Claude and Corey
The future of software development is human-AI collaboration