We’ve recently launched AppSecAI with a clear vision: Use intelligent automation to transform application security from a business constraint into a strategic advantage.
Why We Started AppSecAI
Application security has historically frustrated practitioners, teams, and organizations. Current tools—while necessary—create more work through noisy false positives, which costs everyone time, money, and reputation.
We feel your pain. Our founding team has lived through these challenges firsthand, and we don’t like them any more than you do.
You should know that we are admittedly nerdy about AI technology. Since the release of GPT-3.5, we've been exploring AI's potential across various domains.
Bruce Fram and Michael Cartsonis previously partnered at Network General and launched Contrast Security. We recognized that AI could POTENTIALLY revolutionize application security.
We’re joined by Kevin Fealey, who brings 15 years of security program experience, including CISO roles at Block.One and Bullish, along with hands-on roles at Aspect Security and EY, and Lori Harmon, whose executive sales leadership experience includes Contrast, Blackberry, NetApp, and CloudFlare. We’ve assembled a team that combines security expertise with practical AI implementation experience and a strong desire to explore what’s possible in the AppSec world.
Our Mission: Automate the Tedious Work Out of AppSec
Here’s the thing. We truly believe that security does not have to be a bottleneck. We envision a fundamental shift in how organizations approach application security—from being considered a necessary burden to being recognized as a secure business accelerator.
We're building a platform that combines three powerful elements: existing security tools that organizations like yours already own, advanced AI technologies that can work at machine speed, and human expertise that ensures accuracy, alignment, and firm control.
Here’s the results we’re targeting:
- Applications should be secured against both current and AI-powered threats.
- Security teams will be able to focus on strategy, instead of drowning in manual work.
- Developers will be able to ship code faster, without security slowdowns.
- Organizations will change their perception of security from a cost center to a competitive edge
This isn't just about making security easier. It's about making security teams like yours work more effectively as business drivers, not burdens. When security scales efficiently, organizations can innovate faster while staying secure. And you should enjoy your job more too!
Introducing Expert Triage Automation (ETA)
We’ve recently released our first product, Expert Triage Automation (ETA), which directly addresses the overwhelming burden of today’s manual SAST triage.
Why Start with Triage?
Because as AppSec professionals ourselves, we know that’s where the bottleneck is. The data tell the story:
- Organizations need an improved security posture.
- SAST scanners provide critical automation, but produce unreliable results.
- False positive rates of up to 40% requires time consuming and tedious manual verification.
- The triage process consumes weeks of expert time, bottlenecking application delivery.
- High costs limit security assessment reach.
The bottom line: Manual triage clearly takes a LOT of time and money, and it sucks the energy out of AppSec professionals like you. By automating and eliminating manual triage work, ETA allows security teams to focus on real vulnerabilities. Developers can work on actual issues. Organizations can scale their security coverage effectively. And we can all feel better at the end of the day!
Backing Our Claims with Open Tests and Data
Why should you believe what we’re saying? Because we have the public data to back up our claims.
AppSecAI has validated ETA against the OWASP Benchmark, which contains thousands of findings, including those related to the OWASP Top 10, and published our results on GitHub.
Our validation includes over 25,000 findings from the OWASP Benchmark, which demonstrates the capabilities of ETA against a wide range of security vulnerabilities. Every accuracy claim and performance metric can be independently verified against this widely-respected benchmark. We intend to continue expanding this validation data as our product evolves—always using open, industry-standard benchmarks.
What's Next: How About Automated Fixing
While ETA represents the first step in our goal to make your job less tedious, we don’t intend to stop there. Next on our roadmap is Expert Fix Automation (EFA).
EFA will automatically generate and implement security fixes tailored to meet coding standards and requirements. This allows us to automate and optimize the entire application security lifecycle, freeing up you and your team to focus on more strategic initiatives and security challenges.
The Time for Automation is Now
The security industry faces its biggest transformation in decades, with AI as both a threat and opportunity.
As traditional security approaches are being disrupted by AI-powered threats, most security teams still maintain legacy processes. This creates opportunities for security leaders like you who are ready to drive positive change.
Early adopters of AI security automation will gain both operational advantages and career opportunities. Security leaders implementing AI now will shape its deployment, build practical expertise, and demonstrate measurable impact. The skills and experience from leading AI initiatives are becoming increasingly valuable as the industry transforms.
This applies to CISOs driving innovation, AppSec managers scaling their programs, and security engineers expanding their impact. The timeline for positioning yourself in AI-driven security is now.
About AppSecAI
AppSecAI transforms application security through AI-powered automation, enabling organizations to secure applications at portfolio scale. Founded by industry veterans and backed by security experts, we combine existing security tools with advanced AI technologies to deliver efficient, accurate, and scalable application security solutions.
Learn more at www.appsecai.io or contact us at automation@appsecai.io.
