Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Jit helps AppSec prioritize security risks with new AI agents - VMblog QA

interview-jit-melamed 

In today's fast-paced development environment, security teams face an uphill battle. With AI code generation tools pushing code to production 70% faster and 30% of that AI-generated code containing security vulnerabilities, AppSec teams are drowning in a flood of potential issues. David Melamed, CTO and Co-Founder of Jit, explains to VMblog how their new AI Agents are changing the game by automating the manual labor of vulnerability management while keeping security professionals in control of the process. By leveraging rich contextual information about runtime environments, compliance requirements, and business priorities, Jit's approach enables AppSec teams to focus on strategic work rather than ticket triage—potentially closing the productivity gap that has long plagued security operations.

VMblog:  Tell our readers what Jit is all about and what problem(s) it is uniquely qualified to help solve?

David Melamed:  Code is pushed to production 70% faster with AI code generation tools, but a recent Cornell study found that 30% of AI generated code snippets contain security vulnerabilities. As a result, product security vulnerabilities are often introduced faster than they can be remediated.

Jit's AI Agents offload the manual labor of detecting, evaluating, and prioritizing security issues, while closing the loop on remediation. AppSec teams work in tandem with Jit's AI Agents to verify findings and direct action, without having to determine the exploitability of every scanner-detected issue, filtering out false positives, and managing remediation tickets. Only Jit provides the context needed for AI Agents to understand what truly matters to the business, including runtime context to determine exploitability, compliance context to flag violations, and business context to align with internal security priorities.

As a result, AppSec teams easily keep up with the incoming flow of vulnerabilities and spend less time on tedious work.

VMblog:  You launched new AI agents today - they can do a lot of things: assess risks, automate compliance, enhance operational efficiency. How should AppSec think about leveraging these agents to make their lives easier?

Melamed:  The process of prioritizing and remediating product security issues is largely manual: AppSec teams review newly introduced issues, determine whether they can be exploited and introduce real risk to the business, create tickets that explain the risk to developers, and manage tickets as vulnerabilities approach SLAs.

After Jit's scanners (or existing scanners) detect security findings, Jit's AI Agents automatically determines their priority based on the customer's runtime environment, internal policy requirements, and relevant compliance standards - eliminating false positives and ensuring flagged issues introduce real risk to the business. AppSec teams stay in the loop by confirming agentic decisions, and can direct AI Agents to close the loop on remediation by creating context-rich tickets and automatically following up with them if needed.

 VMblog:  There are a lot of agentic AI stories happening now. I think it's hard for readers to know what is fluff and what is legitimate. Can you explain why Jit's approach translates to real value for users?

Melamed:  Jit's AI Agents stand out because they aren't just generative tools. They're decision-makers trained on the full context of your business, runtime environment, and security priorities - while executing actions with input from AppSec teams.

Jit's AI Agents operate atop Jit's Company Knowledge Graph, which synthesizes signals from your source code manager, cloud environment, DevOps pipelines, compliance frameworks, and internal policies. This context enables Jit's AI Agents to accurately determine whether a scanner-detected issue introduces real business risk-like whether it's internet-facing, affects sensitive data, or violates compliance standards like SOC 2 or PCI-DSS. Agents are only as useful as the data and context they have, and Jit's AI Agents are neck deep in it.

 VMblog:  Will security ever catch up to the pace of development? Or do you think security folks, by definition, will always be behind the eight ball?

Melamed:  Security can absolutely catch up-but not without a fundamental shift in how AppSec operates. Jit's AI Agents were built to close the productivity gap between fast-moving dev teams and under-resourced AppSec teams. Manually evaluating vulnerabilities, creating tickets, and chasing down remediations simply doesn't scale when vulnerabilities are introduced at machine speed.

Jit flips the script: AI Agents automatically assess risk based on business context, prioritize exploitable issues, create detailed remediation tickets, and follow up-so security teams can focus on strategy and security-related tasks, not ticket triage. It's not about catching up once. It's about staying caught up, continuously. With Jit, AppSec can finally move at the speed of development-without sacrificing control or confidence.

##

Published Tuesday, April 08, 2025 8:00 AM by David Marshall
Filed under: ,
Get This Featured White Paper: How to Develop a Multi-cloud Management Strategy
You may also be interested in this white paper: Solving the BIG problems in cloud computing
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
DTW-NA
innovatrix
GISEC
vExpert
Calendar
<April 2025>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910