DevRev wins ISO 27001 certification for AI security

DevRev has achieved ISO/IEC 27001:2022 certification, covering its information security management practices.

Widely used as an external benchmark for how organisations manage information security, the standard applies to DevRev's internal operations and employees rather than to individual products.

DevRev said the accreditation validates the governance and security controls behind Computer, its artificial intelligence platform. Those controls span infrastructure, access management and internal processes.

DevRev positions Computer as a platform that uses business data to provide answers and support actions within enterprise workflows. That data can include customer records, support histories, internal conversations and operational information, much of it sensitive.

The announcement comes as businesses face growing scrutiny over how artificial intelligence systems handle internal data and generate responses. DevRev cited a Gartner forecast that, by 2028, 50% of organisations will implement a zero-trust posture for data governance because of the spread of unverified AI-generated data.

Security focus

Against that backdrop, DevRev said the certification is intended to show that its internal security discipline matches the demands of operating data-heavy AI systems. It provides external validation that internal controls are in place across the organisation.

DevRev also drew a distinction between certifying an organisation and certifying a product. ISO/IEC 27001:2022 applies to the company's information security management system and related practices, rather than serving as a product approval mark.

Computer is built around what DevRev describes as a shared memory model that combines structured and unstructured data. The company says this is designed to give the system broader organisational context than a set of disconnected software tools.

That model matters because many enterprise AI deployments now depend on information drawn from multiple systems, including customer support, engineering and business operations software. DevRev said its approach is intended to keep answers grounded in permissions and linked to auditable actions.

Andy Elmhorst, Head of Infrastructure and Security at DevRev, commented on the wider shift in how businesses are using AI.

"AI is becoming an extension of teams, moving from a tool they toy with to a functioning part of how business workflows and processes are executed," Elmhorst said.

He also addressed the security questions that come with that shift.

"But with this growing responsibility comes the question of security, and organizations are now asking harder questions: can we actually trust this in production? For DevRev, our ISO 27001 certification is a commitment to our customers that we take this seriously, and it shows we've built the internal security discipline to back up our promises," he said.

Company background

Founded in 2020, DevRev develops software that connects data from existing workplace systems, including customer relationship management, support and engineering tools. It says that data is organised into a knowledge graph used by its conversational AI software.

The business is led by co-founder and chief executive officer Dheeraj Pandey and co-founder Manoj Agarwal. DevRev is headquartered in Palo Alto and operates from eight offices globally.

The certification adds a recognised security credential at a time when AI software providers are under pressure to show how they govern data access, internal controls and the reliability of automated outputs.

For DevRev, the result is external validation that it handles the sensitive data required for an organisation-wide knowledge graph securely and responsibly.