Apiiro introduces AI-SAST in public preview

Apiiro introduced Apiiro AI-SAST, a new Static Application Security Testing (SAST) approach that automates detection, validation and remediation of code vulnerabilities; the company framed the release against a backdrop where Artificial Intelligence (AI) coding assistants had increased code delivery fourfold while raising application risk by 10x.

The company said traditional SAST tools could not keep pace with accelerated code delivery, producing high volumes of false positives and failing to determine whether findings were reachable, exploitable, or relevant to the business, which created noise, reduced developer productivity, and overwhelmed security teams.

Apiiro described AI-SAST as combining Application Security Testing (AST) scanning with specialized Large Language Model (LLM) reasoning and its patented Deep Code Analysis (DCA) to apply call-flow, data-flow and reachability analysis before AI validation. The offering also maps code resources to build and runtime artifacts using “Applicative Fingerprinting,” traces vulnerabilities to root causes to identify single optimal fix locations, and supports customizable detection logic with Human-in-the-Loop (HITL) feedback.

The company said the product cut through noisy alerts to surface highly qualified, exploitable risks and generate tailored code-level remediation across APIs, Operations Support System (OSS) dependencies, frameworks and coding patterns; Apiiro AI-SAST is available in public preview and is grounded in the organization’s patented DCA technology.

“Apiiro’s AI-SAST, powered by Deep Code Analysis (DCA), dramatically reduced false positives in our environment within weeks. By mapping SAST findings to API entry points, we can better prioritize the risks that matter most,” said Colin Barr, Head of Information Security at Paddle.

“Plenty of vendors have tried bolting AI onto raw code to tame SAST noise, but these legacy fixes fail in enterprise environments because they simply don’t understand the software’s architecture or the business context around it,” said Moti Gindi, Chief Strategy Officer of Apiiro. “Apiiro AI SAST delivers what enterprise teams need: highly qualified risks with clear, actionable fixes, rooted in the deep software architectural intelligence only our DCA technology can deliver.”

Apiiro said the platform enables automated assessment, detection, prioritization, remediation, and prevention of application risks at scale.