New updates eliminate noise and deliver faster remediation; support OWASP AI Top 10; empower developers to adopt vibe coding, AI code assistants
Legit Security, a global leader in AI-native application security posture management (ASPM) and security for AI-led application development, announced expanded SCA and SAST capabilities within its ASPM platform that enable smarter decision-making, strengthen compliance, and deliver real risk reduction across modern application environments, while consolidating AppSec tools.
With advancedย reachability and license detection, security and development teams can eliminate noise, focus on actionable risks, and remediate faster. These capabilities also position customers to better manage risk associated with AI-first development programs, including those leveraging vibe coding tools such as Cursor and Windsurf, or AI code assistants, including GitHub Copilot.
Legit’s enhancedย SCA and SAST transform application security scanning by connecting code-to-cloud content with business criticality and a precise development ownership model. This unique approach filters out noise and pinpoints what is truly exploitable, ensuring that the highest-impact issues reach the right developers at the right time. In addition, these updates expand coverage to AI or LLM-specific vulnerabilities that generic SAST tools would miss, such as prompt injection, use of insecure models, and insecure AI third parties.
Read More onย CIO Influence:ย The Road to AI-Native Wireless: Why Traditional RAN Must Evolve
These developments come at a critical time. Right now, security teams are overwhelmed by high volumes of alerts, and at the same time, developers are expected to accelerate development with AI-assisted coding tools. Without the right guardrails, this shift introduces significant risk to organizations.
“SCA and SAST are critical parts of effective AppSec, especially with AI code generation, because they help identify vulnerable code anywhere,” saysย Liav Caspi, co-founder and CTO at Legit. “However, many traditional code scanning tools lack context, leading to too much noise, which ultimately blocks adoption by developers. Our advancements resolve the common pain points of existing tools and provide intelligent context that reduces false positives and the friction they create, positioning us to secure vibe coding.”
Key enhancements for Legit’s scanners include:
- SCA reachability: Analyzes whether vulnerable dependencies and functions are used by the application, helping teams focus only on exploitable risks
- SCA license risk analysis: Flags open-source license types and potential legal or policy violations to support governance and compliance
- AI-specific detections: Expands Legit’s static analysis (SAST) engine with new detection rules for OWASP Top 10 AI vulnerabilities and adds support for a range of scan engines to improve coverage across AI and LLM-integrated codebases
With these SCA and SAST enhancements, Legit has strengthened its core platform to meet the growing demands of modern application development, offering deeper visibility, smarter prioritization, and expanded protection against emerging AI-driven risks.
Catch more CIO Insights:ย What is Shadow IT and why does it matter for enterprise security?
[To share your insights with us, please write toย psen@itechseries.com ]
