Frequently Asked Questions
Snappy answers to common questions about AppSecAI
General Questions
What is AppSecAI?
AppSecAI is an AI-first application security company. Our mission is to build effective application security solutions that work FOR you by amplifying your skills at scale.
We are all about creating ROI by dramatically reducing the cost and time to identify and fix code security vulnerabilities.
In other words, AppSecAI is here to make you an AppSec hero.
What is AppSecAI Expert Fix Automation (EFA) and how does it work?
AppSecAI Expert Fix Automation (EFA) is an AI-driven tool that automatically fixed triaged vulnerabilities from Static Application Security Testing (SAST) findings. EFA complements and integrates with existing SAST tools to filter out false positives and created validated fixes for Application Security professionals and developers to approve.
We reduced the time to fix vulnerabilities from Months to minutes.
What is AppSecAI Expert Triage Automation (ETA) and how does it work?
AppSecAI Expert Triage Automation (ETA) is an AI-driven tool that automates the triage of Static Application Security Testing (SAST) findings. ETA complements and integrates with existing SAST tools to filter out false positives and document true vulnerabilities with up to 97% accuracy, saving you time and supercharging your productivity.
Triage less. Secure more.
Is AppSecAI a SAST Tool?
No.
AppSecAI improves static code scanners by automatically removing false positives from their notoriously noisy findings. Even better, it improves true positives with repo-aware dev-ready guidance and code. It does this automatically—in hours, not weeks, with no experts required—saving tens of thousands of dollars of manual triaging tedium per SAST scan.
ETA simply takes the output from your SAST scanner. It then analyzes the vulnerability findings within the files, using application code and highly tuned LLM technology to identify false positives. It then outputs the results in the same file format as it was received.
ETA can also seamlessly integrate with CI/CD tooling, vulnerability management systems, and more.
How are you different from other solutions?
AppSecAI Expert Triage Automation (ETA) stands out because it is:
• Up to 97% triage benchmark validated accuracy.
• SAST scanner agnostic: Improves the performance the scanners you already own.
• Dev-ready guidance: Provides insights that enhance understanding and speed resolution.
• Seamlessly integrates into existing operations and workflow.
As a company, we stand out because our focus is on providing real value to application security professionals first. We are as frustrated as you are with tooling that creates more work than it resolves. AI give us all the opportunity to flip that equation on its head for everyone's benefit.
Getting Started with Expert Expert Fix Automation (EFA)
How do I start using Expert Fix Automation?
Getting started with EFA is simple. Contact us to upload your SARIF file and source code, and our AI will begin analyzing your findings. Many enterprises use Open Source projects to get started, we can also provide ones that are not on web.
What SAST scanners does EFA support?
We support all major SAST scanners including Balckduck, Checkmarx, Fortify, SonarQube, Coverity, Veracode, CodeQL, and many more. Any tool that can produce a SARIF, JSON, or CSV file can be used with ETA.
Can I use AppSecAI without a SAST scanner?
No, AppSecAI (EFA) is not a SAST scanner—it enhances existing SAST solutions by eliminating false positives and verifying true vulnerabilities.
What programming languages does EFA support?
We currently support Java, Python, and JavaScript. Additional languages will be added based on customer demand. We can often add them in week and show you results. Ask us!
Getting Started with Expert Triage Automation (ETA)
How do I start using Expert Triage Automation?
Getting started with ETA is simple. Sign up for our free AppSec Analyst Edition, upload your SARIF file and source code, and our AI will begin analyzing your findings. The video on the Getting Started page shows the process and results.
What SAST scanners does ETA support?
We support all major SAST scanners including Blcakduck, Checkmarx, Fortify, SonarQube, Coverity, Veracode, CodeQL, and many more. Any tool that can produce a SARIF, JSON, or CSV file can be used with ETA.
Can I use AppSecAI without a SAST scanner?
No, AppSecAI (ETA) is not a SAST scanner—it enhances existing SAST solutions by eliminating false positives and verifying true vulnerabilities.
What programming languages does ETA support?
We currently support Java, Python, and JavaScript. Additional languages will be added based on customer demand - sometime in a week or less. Ask us!
Product & Features
Is there a limit to the size of the codebase that AppSecAI can analyze?
AppSecAI is designed to handle codebases of various sizes. For the free Analyst Edition, there are size limits. For the Analyst Edition, the general rule is be reasonable: Don't try to do the entire Internet! For exceptionally large projects, please contact us to discuss your specific needs.
The Enterprise Edition does not have any size limits.
How does your GitHub integration work?
GitHub integration automatically pulls security scan results, triages them, and pushes validated findings back to your repository as issues or PR comments. It works the same way you would, triaging and coloring vulnerabilities so they can be managed seamlessly within your existing application delivery processes.
Security & AI
How does AppSecAI assure strict data security?
At AppSecAI, safeguarding your data is our highest priority. Our approach to security and privacy is designed to ensure transparency, control, and protection for all our users.
* US-Based Infrastructure: All our AI models and processing are hosted within the United States, ensuring compliance with strict security and regulatory standards.
* No Data Training: We do not use your data to train or refine our AI models. Your information remains separate and is never incorporated into our systems.
* Data Privacy: You retain full ownership and control over your data at all times. We do not access, share, or store it beyond what is necessary for processing.
* Automatic Data Deletion: By default, we automatically delete all uploaded data within two weeks unless you explicitly request extended retention.
If you have any questions about our security practices or require a customized data retention policy, please contact us at security@appsecai.io
What AI models do you use?
All AI models are not created equal. We use a range of models that vary over time, depending on performance to the task and their compliance with our own strict security requirements.
Please contact us if you want to use a specific models for compliance or security reasons.
How does AppSecAI ensure AI accuracy?
We use proven open-source benchmarks and proprietary validation techniques to ensure high expected accuracy (97%) in triage results.
Can AppSecAI be used in both cloud-based and on-premises environments?
Yes, AppSecAI ETA is flexible and can be deployed in both our SaaS cloud-based service and private cloud environments to suit your organization's infrastructure and security requirements. It can even use your locally hosted LLMs.
Pricing & Licensing
What is your pricing model?
We only charge for what we fix! This is unique in the industry. See our pricing page for details.
Do you offer discounts for startups or open-source projects?
Yes. We contribute to and support open-source initiatives and non-profits. Email us at automation@appsecai.io for eligibility details.