Security Guidance as a Service: Building an AI-Native Blueprint for Defensive Security
Shruti Datta Gupta, Chandrani Mukherjee
[un]prompted 2026 — AI Security Practitioner Conference · Day 1 · 1
Adobe's security engineering team built a centralized, AI-powered Security Guidance as a Service platform that delivers consistent, Adobe-specific security recommendations across every developer touchpoint — Jira tickets, Slack, threat modeling tools, and now directly inside IDEs via an MCP server. The system, built on a RAG architecture with a rigorous automated ingestion pipeline, demonstrates how a small security team can democratize expert-level guidance across a large engineering organization. ---
AI review
Adobe built a sensible RAG system for security guidance and actually shipped it to four surfaces including an MCP server. Solid practitioner work with a 70% vulnerability reduction claim that deserves more scrutiny. Not novel architecture, but the execution discipline and the ingestion pipeline details are genuinely useful.