All case studies
Fintech

Razorpay Scales Secure Design Reviews with Seezo

How Razorpay automated security design reviews across every Jira epic with Seezo โ€” freeing AppSec engineers to focus on high-impact security work at scale.

Ashwath Kumar
Ashwath Kumar
Head of Security, Razorpay

Today's threat modeling approach is manual, resource-intensive, and inconsistent. This makes security teams limit it to their crown jewels. However, I want to ensure coverage across all applications, for every feature being built. With Seezo, this is achievable.

Ashwath Kumar
Ashwath Kumar
Head of Security, Razorpay

About Razorpay

Razorpay is one of India's leading fintech platforms, powering payments and financial infrastructure for millions of businesses. With dozens of teams building and deploying new features every week, security design reviews quickly became a scaling challenge.

The Challenge: High-Quality Reviews That Were Hard to Scale

Razorpay's AppSec team has always prioritized depth and accuracy in their security design reviews. Developers filled out security questionnaires, attached architecture diagrams to Jira epics, and worked closely with AppSec engineers who provided detailed, contextual guidance.

While this process produced extremely high-quality results, it became increasingly hard to scale as product velocity grew.

  • Growing volume: Hundreds of Jira epics every quarter meant increasing review demand.
  • Limited bandwidth: Senior AppSec engineers spent significant time on repetitive assessments.
  • Timeline pressure: Developers often had to wait for feedback before proceeding.

The challenge wasn't quality โ€” it was capacity. Reviews became a bottleneck delaying releases and stretching AppSec capacity thin.

The Solution: Automated Security Design Reviews in Jira

To retain the same depth of review while improving speed, Razorpay integrated Seezo directly into its Jira pipeline. For every new Jira epic, Seezo analyzes the attached artifacts โ€” diagrams, tables, and text โ€” and automatically generates:

  • Security Summary: Captures the feature's core security-relevant aspects.
  • Actionable Security Requirements: Developer-ready guidance contextualized to the feature (e.g., "Mask PII in logs using utils.logger(PII=off)").
  • Open Questions: Clarifications for incomplete or missing information, added as Jira comments.

The Impact

  • Consistent coverage: Every Jira epic undergoes automated analysis, ensuring no feature is overlooked.
  • Developer-first workflow: Security insights appear directly in Jira, within the developer's workflow.
  • Efficient AppSec operations: Engineers can now focus on higher-impact risks rather than repetitive checks.

With Seezo, Razorpay built a continuous and automated AppSec workflow without slowing down feature delivery.

Why It Matters

Razorpay's approach shows that scaling security reviews doesn't mean adding more steps. It's about integrating security in existing workflows. By using Seezo, Razorpay ensures every new feature is secure by design โ€” a scalable model for continuous security design reviews without compromising on quality.