Apiiro, a leading Agentic Application Security Platform, is introducing the AutoFix Agent, an AI Agent for AppSec that auto-fixes design and code risks using runtime context tailored to your environment.
The agent operates natively in developers’ integrated development environments (IDEs), agnostic to IDE via a remote Model Context Protocol (MCP) connection, the company said.
Fortune 500 companies need a completely new way to automatically fix design and code risks: one that eliminates their security backlogs and reduces mean time to remediate (MTTR) without impacting development velocity.
Apiiro’s AutoFix Agent delivers on that need, according to the company. It acts as a force multiplier for AppSec teams, automatically generating threat models for risky features before code is written and fixing findings from SAST, SCA, secrets, and API security tools and other types of risks introduced by AI-generated code to prevent incidents at scale.
To extend risk context beyond code to runtime, Apiiro has partnered with ServiceNow to help Fortune 500 enterprises map code repositories and assets to business applications in their configuration management database (CMDB).
This allows enterprises to enrich application risks with business criticality and contextually trigger risk acceptance workflows in ServiceNow.
AppSec shifts from cost center to business enabler—lowering risk, accelerating development, and force-multiplying the security team’s impact.
“AI coding assistants have transformed developer productivity, but they lack critical context—like code assets inventory, software architecture, security policies and standards, compensating controls, runtime environment, and business impact,” said Idan Plotnik, co-founder and CEO of Apiiro. “As these ungoverned tools outpace AppSec teams, they introduce real risk. Apiiro’s AutoFix Agent goes beyond detection to fix risks intelligently, with the same context application security and risk management teams use to make informed decisions.”
Unlike AI Secure Coding Assistants that rely only on source code and generic risk scoring models like CVSS or EPSS, Apiiro’s AutoFix Agent uses critical, unique data generated by its platform. Its patented Deep Code Analysis (DCA), with Code-to-Runtime matching and Risk Graph engine, continuously maps the software architecture from code to runtime across all material changes to enable precise, risk-aware fixes that align with enterprise security standards, according to the vendor.
“Akamai and Apiiro partnered to bring deep code and deep runtime insight together. I’m happy to see Apiiro seamlessly connect these insights into the developer toolchain to uniquely generate fixes to reduce risks and developer's workload,” said Mani Sundaram, EVP security at Akamai.
Apiiro AutoFix Agent is currently available in preview to Apiiro customers.
For more information about this news, visit www.apiiro.com.