Legit Security has unveiled new functionalities that leverage AI to help security teams more quickly shore up gaps in their AppSec programs. Specifically, Legit now leverages AI to drive advanced discovery for code-to-cloud correlation, increased precision in issues prioritization and scoring, and AI-assisted remediation.
“While AI enables developers to write complete applications in seconds, security has taken a backseat,” said Liav Caspi, co-founder and CTO, Legit. “With AI allowing faster development, the code generated is often susceptible to exploitable vulnerabilities, bugs, and security risks. In addition, organizations’ understanding of the governance of code and logic they create has dropped dramatically. This has become a pressing issue, with the European Union and United States introducing new compliance requirements to address AI. We are solving this challenge by leveraging AI within our ASPM platform to rapidly find, fix, and prevent vulnerabilities.”
Legit’s AI-native ASPM platform empowers organizations to identify exploitable vulnerabilities, weaknesses, and misconfigurations and to enforce better application security throughout the entire AppSec lifecycle. Legit leverages AI to get ahead of vulnerability overload and reduce time and costs by preventing issues making their way into software releases.
Platform utilizes AI broadly across the entire lifecycle, from discovery to prioritization and remediation. Additionally, users have full control over when and where these AI capabilities are employed based on their organization’s policies and risk tolerance. With these enhancements, organizations can safely accelerate AI development while mitigating risks.
Key AI-powered features and benefits include:
- Discovery for code-to-cloud correlation: Legit extended its existing discovery capabilities with the ability to deliver consolidated code-to-cloud correlation powered by AI, which expands coverage to more development pipelines and greatly increases the accuracy of discovery results. Organizations can minimize their risk by automating detection of malicious models and insecure implementations of AI and gain real-time visibility into how and where AI-developed code is being used across all development environments.
- Prioritization: Legit applies AI to expand the platform’s ability to prioritize risk and reduce noise. Legit’s risk score is now AI-assisted and has greater accuracy, precision, and explainability. Legit’s prioritization features continue to build upon its notable contextual capabilities and enable AI to analyze dozens of risk factors, delivering a contextual risk score that is much more accurate and precise than simple math-based formulae. This also extends Legit’s AI-based secrets scanning that uses AI to reduce noise and prioritize real secrets.
- Remediation: Legit’s new remediation component offers proactive methods to fix at speed with AI-generated remediation guidance. Integrated into the developer flows like pull-request checks, embedded code suggestions help developers save time on code validation.
ASPM opportunities:
The Legit ASPM platform provides a complete, real-time view of the software factory, including its assets, owners, security controls, vulnerabilities, and how they all relate to improve developer productivity and manage security. By enabling secure, AI-powered development and mitigating AppSec risk, Legit empowers teams with the ability to address multiple use cases as they relate to AI use, including:
- Securing applications that are customer-facing with AI-based enhancements
- Securing fast-moving development teams and using AI to generate and validate secure code so they can build quickly and ship faster
- Securing AI-generated code and apps for development teams
For example, with discovery, Legit’s AI-enabled code-to-cloud capabilities provide a vendor-agnostic approach to pull data from multiple scanners. Legit uses AI to then correlate scans and run code analysis so that organizations can quickly identify business risks and provide contextual depth unlike any other platform.
Additionally, through prioritization, security teams can easily deliver deep, contextual insights through the detection of AI false positives, exposed secrets in code, and risk scoring mechanisms, highlighting fixes that are top priority.
