AppSecAI delivers proven results showcasing AI-powered remediation as OpenAI's Aardvark confirms AI's AppSec potential

Benchmarked results demonstrate accuracy of automated code remediation

LOS ALTOS, CA, UNITED STATES, November 13, 2025 /EINPresswire.com/ -- Today, AppSecAI published validated proof of automated vulnerability fixes, along with transparent efficacy metrics across 25k+ SAST triage and remediation examples, demonstrating how AI-powered remediation can empower enterprise application security teams and free developers from overwhelming “shift left” security obligations. Following OpenAI’s recent announcement of Aardvark, a private beta for AI-powered vulnerability remediation, the data from AppSecAI further validates the capabilities and impact of automated application security. AppSecAI is available now for enterprise software delivery teams.

Enterprise application security teams have long struggled to manage complex and vulnerable code bases, facing challenges that include high levels of false positives, high remediation costs and growing backlogs of unmitigated risks. Enterprise application security requires integration that augments installed tools, preserves audit and compliance infrastructure, and provides centralized triage and remediation.
AI has exacerbated many of these challenges with both vibe coding and vibe hacking, but it also offers solutions, as the Aardvark announcement and the data generated using AppSecAI products demonstrate.

“AI needs to serve, enhance, amplify and give agency to security professionals - not bypass them or burden developers with security decisions they're not rewarded to make,” said Michael Cartsonis, Founder and VP of Product at AppSecAI. "AppSecAI gives application security teams the power to work with developers and drive security at portfolio scale, instead of impeding software delivery."

AppSecAI has published open-sourced transparent evidence, along with automated vulnerability fixes for OWASP Java Benchmark test cases on GitHub. The initial 100+ fixes were generated automatically in 42 seconds each and validated at 93% accuracy by independent application security experts reviewing novel code. Each automated fix took external security experts an average of 8.2 minutes (instead of days) to manually validate and approve—demonstrating practical efficiency gains for real-world AI-augmented security teams. The fixes are publically available, allowing anyone to examine fix quality, remediation approach, and effectiveness, and each fix eliminates the vulnerability while preserving code functionality.

Beyond Raw Functions: Empowering Application Security Teams, Enabling Developers

The challenge isn't whether AI can detect and fix individual vulnerabilities—Aardvark shows it can. The challenge is delivering this capability in ways that empower application security teams at scale and across time.

Many security approaches target developers directly, with an emphasis on DevSecOps, but in the era of the 10x developer, this puts unnecessary strain on them, leading to product development delays and, in some cases, major security lapses. Many developers are not security experts: they know how to build features, not evaluate threat models and security implications. Inefficient use of developer time on false positives, scanner triage, and developing fixes drains productivity, and many developers do not have the experience to identify and prioritize threats as effectively.

"Application security teams exist for a reason - they understand vulnerabilities, threats, compliance, and risk in ways developers cannot and should not be expected to," noted Cartsonis. "AI should amplify application security teams' agency to collaboratively remediate risks at scale, not burden developers with decisions outside their expertise that drive high costs and reduce productivity."

With AppSecAI, application security approval workflows enable security experts to quickly validate AppSecAI-generated code fixes using their expertise. Developers receive these validated fixes, not coded security remediations they're not trained to make. This approach scales expert knowledge, allowing one security professional to efficiently validate, facilitate and accelerate fixes across multiple teams.

AppSecAI Publishes Transparent, Validated, Verifiable Evidence

AppSecAI published fixes are publicly available for examination and fix vulnerabilities while preserving functionality.
The AppSecAI efficacy metrics also demonstrate 97% triage accuracy on 25,000+ OWASP test cases, validated triage decisions across comprehensive vulnerability categories. All performance data is available for verification at www.appsecai.io/performance-metrics.
The 100+ validated code fixes are published at github.com/AppSecureAI/AppSecAI-Public-Benchmarks.

About AppSecAI

AppSecAI transforms application security through AI-powered automation. This enables organizations to secure applications at portfolio scale at a fraction of the cost of today’s manual procedures. AppSecAI's results-based pricing model charges per vulnerability actually fixed, assuring alignment with security budgets and objectives. Founded by industry veterans and backed by security experts, AppSecAI combines existing security tools with advanced AI technologies that deliver efficient, accurate, and scalable application security solutions. Learn more at www.appsecai.io.

Media Contact:
Kira Wojack
Merritt & Rose Communications
Kira@MerrittAndRose.com
+1 415 419-4062

Kira Wojack
Merritt & Rose Communications
+1 415-419-4062
email us here
Visit us on social media:
LinkedIn
YouTube
Other

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.