Cycode, the leader in AI-native application security, today announced the launch of its AI Exploitability Agent, debuting at Black Hat 2025. This new capability empowers security teams with an AI Teammate to prioritize high-risk, exploitable vulnerabilities and fix them 99% faster.
AI is accelerating software development with tools like Cursor generating over a billion lines of code a day. Lurking in all that AI-generated code are millions of new security vulnerabilities. At conservative estimates of 1 security flaw per 10,000 lines of code, Cursor generates 100,000 security flaws every single day. The real number is likely much higher with an estimated 40% of AI-generated apps containing vulnerabilities and a report finding “Cursor consistently fails to generate secure code.”
“We were already facing an overwhelming tide of security alerts,” said Lior Levy, CEO and Co-founder of Cycode. “The AI coding revolution threatens to completely overwhelm traditional approaches. It’s no longer enough to just keep pace; security must take the lead, leveraging automation and AI that provides crystal-clear visibility, intelligent prioritization, and automated fixes. Cycode’s new Exploitability Agent is an essential part of our AI-native application security platform, fundamentally transforming the notoriously difficult and time-consuming process of triaging alerts and determining true exploitability.”
AI transforms how software is created. Cycode transforms how it is secured.
Cycode’s new AI Exploitability Agent expands Cycode’s suite of AI Security Teammates to automatically distill overwhelming alerts into clear risk-based priorities. The Exploitability Agent delivers answers to three critical questions:
Is a violation exploitable?
The presence of a vulnerability does not mean there is an exploitable risk. Cycode automates exploitability analysis to determine whether attackers can successfully target vulnerabilities in the real world.
What is the risk?
Severity is not the same as risk. A high-severity violation that is not deployed or exposed has less risk than a medium-severity vulnerability with a known exploit in a public-facing application. Cycode quantifies the relative risk of violations by leveraging code-to-runtime context in risk score calculations.
What is the root cause?
Often, multiple scanners will identify vulnerabilities that stem from the same root cause. Cycode correlates data across scans to consolidate alerts and connect signals between runtime risks, root causes in code, and owners.
By delivering critical exploitability answers in minutes, not days, Cycode’s AI Exploitability Agent fundamentally revolutionizes traditional analysis and triaging. Working in seamless concert, Cycode’s AI Exploitability and AI Fix Teammates empower customers to slash the Mean Time to Remediate (MTTR) critical issues by over 99%—dramatically reducing resolution time from over 10 months to a mere 3 days.
Measuring the ROI of AI Application Security
In addition to the AI Exploitability Agent, Cycode recently released an AI Security ROI Calculator. By analyzing the impact of AI across common use cases, organizations can calculate the potential return on investment using AI to address common pain points including:
- Remediation: Fixing issues faster with automation and AI-generated fixes
- Exploitability Analysis: Triaging faster with risk scoring and exploitability
- Risk Intelligence: Deriving insights within security data from natural language queries
Advancing Application Security for the AI Revolution
Cycode’s AI-native application security platform equips teams with insights from code-to-runtime context, risk-based prioritization, no-code automation, and AI fixes to reduce risk at speed and scale. Key capabilities include:
- Secure AI Development: Shift security left into vibe coding and AI-assisted workflows using Cycode’s MCP Server
- Change Impact Analysis: Identify material code changes that require additional scrutiny with AI-powered Change Impact Analysis
- Exploitability-Based Prioritization: Accelerate triage with context-aware risk scoring with Risk Intelligence Graph (RIG) and Exploitability Agent Teammates
- Automated Fixes: Reduce MTTR by connecting prioritized risks with owners and owners with fixes using no-code automation and Cycode’s AI Fix and Remediation Teammate
“Cycode delivers the security tool coverage, unified visibility, intelligent risk prioritization, and automation we need to improve our DevSecOps outcomes,” said Kimberly Mattheys, Head of Application Security and DevSecOps at Solaris. “Since partnering with Cycode, we now triage issues 99% faster, automate fixes for 46% of our critical vulnerabilities, and have reduced the mean time to remediate critical vulnerabilities by an impressive 99.4%.”