Apiiro has unveiled a new artificial intelligence–driven approach to static application security testing, aiming to address what it says is a growing gap between the speed of modern software development and the ability of security teams to manage risk.
The company announced the launch of Apiiro AI SAST, a tool designed to automate the detection, validation and remediation of code vulnerabilities with what Apiiro describes as the analytical rigor of an experienced application security engineer. The product is built on Apiiro’s patented Deep Code Analysis technology, which maps how software actually behaves across codebases, repositories and runtime environments before applying AI-based reasoning.
The release comes as AI-powered coding assistants dramatically accelerate software development. According to Apiiro, developers are now delivering code up to four times faster, while application risk has increased tenfold. Traditional SAST tools, the company argues, struggle to keep up, often flooding teams with alerts that fail to distinguish between theoretical vulnerabilities and real, exploitable business risks.
“Apiiro’s AI-SAST, powered by Deep Code Analysis, dramatically reduced false positives in our environment within weeks,” said Colin Barr, head of information security at Paddle. “By mapping SAST findings to API entry points, we can better prioritize the risks that matter most.”
Unlike legacy tools that scan code in isolation, Apiiro AI SAST combines application security testing with large language model reasoning and a detailed software architecture graph. This allows the platform to determine whether a vulnerability is reachable, exploitable and relevant to production systems, rather than flagging issues based solely on static patterns.
Moti Gindi, Apiiro’s chief strategy officer, said previous attempts to improve SAST by layering AI onto raw code have largely failed in complex enterprise environments. “They don’t understand the software’s architecture or the business context around it,” he said. “Apiiro AI SAST delivers highly qualified risks with clear, actionable fixes, rooted in deep architectural intelligence.”
Apiiro said the system mirrors the workflow of a human security researcher through several core capabilities. These include combining deterministic scanning with AI agents to validate findings, building a comprehensive software graph that maps data flow and dependencies, and linking code to runtime artifacts to separate real risks from hypothetical ones. The platform also generates targeted remediation suggestions by identifying the optimal fix point for each vulnerability and adapts over time using customer feedback.
Apiiro AI SAST is currently available in public preview.
Apiiro positions itself as an “agentic” application security platform, designed to help organizations secure software at scale in the AI era. The company said its technology is used by large enterprises including BlackRock, Bloomberg, Shell and USAA to continuously analyze software architecture from development through production.