CIO Influence
CIO Influence News Machine Learning Security

Legit Security Launches Autonomous Remediation Agents to Close the Gap Between AI-Led Attacks and AI-First Development

by Business Wire
Legit Security Launches Autonomous Remediation Agents to Close the Gap Between AI-Led Attacks and AI-First Development

Legit Security Logo

New agents prioritize, fix, and validate SAST and SCA vulnerabilities simultaneously across affected services to close gaps before attackers exploit them

Legit Security, the leader in agentic application security, launched new remediation agents that independently prioritize issues, generate fixes, open pull requests, and confirm results using context learned from each organization’s distinct codebase.

Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX

As AI allows attackers to exploit vulnerabilities faster than ever, rapid remediation becomes critical. As part of Legit’s agentic AppSec platform, these agents offer parallel remediation across code bases – critical when a common authentication bypass vulnerability is introduced through reused code and propagated across multiple services – along with using business context to prioritize the real threats, and create the right fix, regardless of which AppSec testing tools are deployed.

AI-first development has fundamentally changed the math on application security, necessitating an entirely new approach to AppSec. Consider:

  • AI coding agents account for most of the committed code
  • AI generated code contains 2.74 times more vulnerabilities than human-written code
  • The median time to remediate a vulnerability is 252 days, nearly six times longer than attackers need to move from disclosure to exploitation
  • Attackers equipped with new frontier models exploit new vulnerabilities within minutes of deployments

The bottom line: the faster teams ship with AI, the faster risk compounds – and the faster attackers execute exploitation campaigns. These trends collide to create enormous risk that must be solved with automated, intelligent, agentic tools

“Security teams aren’t losing the war because they lack talent. They’re losing because the model has changed completely, but AppSec testing tools have stayed the same,” said Roni Fuchs, co-founder and CEO at Legit. “Legit’s new remediation agents were built for this reality by offering AI-speed remediation centered on the context of your business and codebase, so you can trust them.”

Key Features: Legit Remediation Agents
Unlike general-use AI coding tools like Cursor, Claude Code and GitHub Copilot, Legit’s agents have the security knowledge and business context to generate production fixes, rather than patches. In addition, Legit’s remediation agents:

  • Unified risk posture: Legit’s stores the full risk posture of your codebases and apps, created from continuous scanning across the SDLC and the ingestion of risk signal from 3rd party tools. LLMs and coding agents do not have native access to this data.
  • Know what really matters: Legacy AppSec tools find volumes of issues without clear prioritization. Legit’s agents are informed by each customer’s distinct environment so only issues that really matter – prioritized by factors such as reachability, exploitability and production status – reach the remediation queue.
  • Close complete attack surface gaps: Vulnerabilities rarely live in a single repo; a critical CVE can exist across dozens of services simultaneously. Legit’s agents open pull requests across every affected repo in parallel, to close every gap in the attack surface.
  • Validate before opening a PR: Legit’s agents run tests, confirm the remediation held, and then create the PR with a plain-language explanation of what was fixed and why.
  • Create auditable records of agent activity: Legit records every action its remediation agents take – from the original finding to the PR, the validated fix, and what engineering did with it – providing a complete, auditable record of activity.

“Security teams tell us they’ve tried pointing AI coding tools at their vulnerability backlogs, but the results are thousands of patches that lack context and aren’t validated, some even try to fix false positives, which wastes a lot of time,” said Yoav Stahl, vice president of product at Legit. “Legit’s agents know your codebase, your risk profile, and your organizational policies, so when we deliver a fix, we know it works for you.”

Catch more CIO Insights: What Does “Job-Ready” Really Mean in IT and Cybersecurity?

[To share your insights with us, please write to psen@itechseries.com ]

Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing professionals rely on Business Wire for secure and accurate distribution of market-moving news and multimedia. Founded in 1961, Business Wire is a trusted source for news organizations, journalists, investment professionals and regulatory authorities, delivering news directly into editorial systems and leading online news sources via its multi-patented NX network. Business Wire’s global newsrooms are available to meet the needs of communications professionals and news media worldwide.

Related posts

DSM Announces Acquisition of Managed IT Services Provider Cipher Integrations

CIO Influence News Desk

Resilience With AWS Cyber Insurance Competency Provides Next-Generation Cyber Risk Management

GlobeNewswire

edgeTI Partners with OnSolve to Deliver Comprehensive Risk Management and Strengthen Organizational Resilience

CIO Influence News Desk