Apiiro AI SAST: Transforming Application Security Testing

Apiiro, a prominent name in application security, has introduced its latest breakthrough: Apiiro AI SAST. This innovative approach to static application security testing (SAST) automates the identification, validation, and correction of code vulnerabilities with the accuracy of a seasoned security engineer. By utilizing Apiiro's proprietary Deep Code Analysis (DCA), the new AI SAST merges call flow, data flow, and reachability analysis with AI reasoning to reduce false positives, confirm risks, and tackle genuine business threats.

The advent of AI coding assistants has significantly accelerated code delivery rates, but it has also amplified application risk substantially. Traditional SAST tools are struggling to keep pace with the rapid and complex nature of modern software, often producing numerous false positives without evaluating the relevance or exploitability of vulnerabilities. This leads to excessive noise, diminished developer productivity, and overburdened security teams.

Transforming Application Security Testing

Colin Barr, Head of Information Security at Paddle, remarked, "Apiiro’s AI-SAST, powered by Deep Code Analysis (DCA), significantly reduced false positives in our environment within weeks. By aligning SAST findings with API entry points, we can better prioritize the risks that are most critical.”

Moti Gindi, Chief Strategy Officer of Apiiro, highlighted the shortcomings of traditional solutions: "Many vendors have tried to incorporate AI into raw code to reduce SAST noise, but these solutions often fall short in enterprise settings because they lack an understanding of software architecture or business context. Apiiro AI SAST offers enterprise teams highly qualified risks and actionable solutions, leveraging the deep software architectural intelligence unique to our DCA technology."

Core Features of Apiiro AI SAST

Apiiro AI SAST integrates application security testing (AST) scanning, Large Language Model (LLM) reasoning, and Apiiro's patented Deep Code Analysis (DCA) to identify and resolve exploitable risks based on software architecture. The technology mimics the cognitive process of an expert security researcher through five key capabilities:

• AST + LLM Symbiosis: Swift, deterministic detection of potential issues through AST scanning, followed by AI validation for precision comparable to human analysis.
• Deep Code Analysis (DCA): Develops a comprehensive Software Graph of the entire codebase, mapping control flow, data flow, APIs, OSS dependencies, and more to detect risks and generate customized solutions.
• Code-to-Runtime: Employs "Applicative Fingerprinting" to map code resources with build and production artifacts, distinguishing theoretical risks from actual business threats.
• AI Remediation: Tracks vulnerabilities to their root causes, identifying optimal fix locations for thorough application security.
• Adaptive Feedback: Customizable detection logic and human-in-the-loop feedback enhance AI understanding of security standards and business logic.

Apiiro AI-SAST is currently available in public preview, providing a glimpse into the future of automated application security.

About Apiiro

Apiiro is an Agentic Application Security Platform, enabling security and development teams to deliver secure software efficiently in the AI era. Trusted by Fortune 500 companies, Apiiro's DCA technology facilitates continuous discovery, inventory, and visualization of software architecture from code to runtime, supporting automated risk assessment, detection, prioritization, and remediation at scale.