TLDR: Apiiro has launched its AutoFix Agent, an AI-powered solution designed to automatically identify, prioritize, and remediate design and code risks, including vulnerabilities introduced by AI-generated code. This industry-first AI Agent for Application Security (AppSec) integrates directly into developer environments, aiming to significantly reduce security backlogs and improve mean time to remediate (MTTR) for Fortune 500 companies.
NEW YORK – August 4, 2025 – Apiiro, a leader in Agentic Application Security Platforms, today announced the launch of its groundbreaking AutoFix Agent, an artificial intelligence-powered solution set to transform how organizations address design and code risks. Debuting at the Black Hat cybersecurity conference in Las Vegas, the AutoFix Agent is touted as the industry’s first AI Agent for AppSec that can automatically fix design and code risks by leveraging runtime context, tailored to specific environments.
The introduction of AI coding assistants such as GitHub Copilot, Gemini Code Assist, and Cursor has dramatically boosted developer productivity. However, this surge has also led to an increase in complex and ungoverned code, introducing new risks like unfamiliar frameworks, APIs, third-party dependencies, and AI-generated code that may bypass established architectural standards and policy guardrails. Research indicates that up to 50% of AI-generated code contains vulnerabilities, with 10% being actively exploitable. This trend has left AppSec teams grappling with flat headcounts, escalating volumes of findings, and growing backlogs, as traditional Application Security Testing (AST) tools, which rely on static rules and limited context, are ill-equipped for these evolving challenges.
Apiiro’s AutoFix Agent directly addresses these critical needs for Fortune 500 companies, offering a novel approach to automatically fix design and code risks, thereby eliminating security backlogs and reducing Mean Time to Remediate (MTTR) without hindering development velocity. The agent acts as a force multiplier for AppSec teams, capable of automatically generating threat models for risky features even before code is written. It also fixes findings from various security tools, including SAST, SCA, secrets, and API security tools, and mitigates risks specifically introduced by AI-generated code, preventing incidents at scale.
The AutoFix Agent operates natively within developers’ Integrated Development Environments (IDEs) via a remote Model Context Protocol (MCP) connection, ensuring IDE agnosticism. Unlike other AI Secure Coding Assistants that often rely solely on source code and generic risk scoring models, Apiiro’s AutoFix Agent utilizes unique, critical data generated by its patented Deep Code Analysis (DCA) technology. This technology, featuring Code-to-Runtime matching and a Risk Graph engine, continuously maps the software architecture from code to runtime across all material changes, enabling precise, risk-aware fixes aligned with enterprise security standards.
The platform’s core capabilities include AutoFix (automatically assessing, prioritizing, and fixing risks with runtime context), AutoGovern (enforcing policies, standards, and secure coding guardrails), and AutoManage (automating risk lifecycle management and measuring MTTR).
Apiiro has also partnered with ServiceNow to extend risk context beyond code to runtime, enabling Fortune 500 enterprises to map code repositories and assets to business applications within their configuration management database (CMDB). This integration enriches application risks with business criticality and contextually triggers risk acceptance workflows in ServiceNow, enhancing governance across the Software Development Life Cycle (SDLC).
Idan Plotnik, Co-Founder and CEO of Apiiro, emphasized the agent’s unique capabilities: “AI coding assistants have transformed developer productivity, but they lack critical context – like code assets inventory, software architecture, security policies and standards, compensating controls, runtime environment, and business impact. As these ungoverned tools outpace AppSec teams, they introduce real risk. Apiiro’s AutoFix Agent goes beyond detection to fix risks intelligently, with the same context application security and risk management teams use to make informed decisions.”
Deepak Kolingivadi, Senior Director, Security Business Unit, ServiceNow, added, “We’re excited about Apiiro’s industry-first AI Agent for AppSec, which delivers tailored fixes based on your environment and business risk – and integrates with ServiceNow to manage the full application risk lifecycle.”
Mani Sundaram, EVP Security at Akamai, also commented on the partnership, stating, “Akamai and Apiiro partnered to bring deep code and deep runtime insight together. I’m happy to see Apiiro seamlessly connect these insights into the developer toolchain to uniquely generate fixes to reduce risks and developer’s workload.”
Also Read:
- Qualys Revolutionizes Cybersecurity with Agentic AI-Powered Risk Operations Center
- Amazon Q Developer AI Tool Suffers Security Breach, Highlighting Generative AI Vulnerabilities
The AutoFix Agent is currently available in preview to Apiiro customers, aiming to prevent incidents at scale. Apiiro, backed by over $130 million from investors including Greylock and Kleiner Perkins, continues to empower Fortune 500 companies like USAA, TIAA, BlackRock, Bloomberg, SoFi, and Shell with its advanced application security platform.
