Transparent performance. Open-sourced results.

We publish our triage and fix accuracy on industry benchmarks. Every number below is backed by open-sourced results you can inspect yourself.

97%
Overall triage accuracy
93%
Automated fix rate
93.5%
False positive reduction
25,123
Findings published and open sourced

Fix benchmarks — OWASP BenchmarkJava100

Expert Fix Automation (EFA) generated validated pull requests for 133 of 135 vulnerabilities across 6 CWE categories.

93%
Automated fix rate
(133 / 135 vulns)
98.5%
Security validation
pass rate
0
Security regressions
introduced
1
Scan

SARIF input from any SAST scanner

2
Triage

AI classifies true vs false positives

3
Fix

EFA generates code remediation

4
Validate

Security, functionality & quality checks

See all fix results on GitHub →

Triage benchmarks — OWASP Benchmark by scanner

AppSecAI triage accuracy compared to each scanner's native true-positive identification rate.

Tool integration Total findings AppSecAI accuracy FP reduction Tool-only TP rate
AppSecAI + SAST (aggregate) 25,123 97.2% 93.5%
GitHub CodeQL 4,161 98.2% 96.0% 35.8%
Semgrep 6,092 97.0% 92.9% 38.0%
SonarQube 981 95.4% 75.5% 49.9%
Commercial Product 1 11,598 91.0% 84.8% 33.7%
Commercial Product 2 3,687 91.4% 55.0% 46.1%
Triage benchmarks on GitHub →   |   Fix benchmarks on GitHub →

How we measure performance

OWASP Benchmark

Regular validation against OWASP's comprehensive security benchmark suite across all supported scanners.

Production validation

Performance measured across real production applications, not just synthetic test cases.

Continuous testing

New AI and deterministic triage techniques are evaluated weekly against our full benchmark suite.

Test it with your own findings.

Upload your scanner results and see the triage in action. Initial results in 30 minutes.

Schedule a Demo →