Learn how AI agents like XBOW and Auspex are revolutionizing AppSec. GitLab’s CISO explains how to adapt security teams to machine-scale vulnerability discovery.

The New Stack is a publication covering trends and technologies in cloud-native development, DevOps, and software delivery. Developers can learn about containerization, Kubernetes, and cloud computing, as well as explore topics such as microservices architecture, serverless computing, and continuous integration/continuous delivery (CI/CD) pipelines.

The New Stack

AI agents are transforming application security by discovering vulnerabilities at machine scale and speed. XBOW's autonomous penetration tester submitted over 1,060 vulnerabilities in 90 days, topping HackerOne's leaderboard, while JPMorgan Chase's Auspex system compresses threat modeling from weeks to minutes using tradecraft prompting. AppSec teams must adapt by building queryable security intelligence, fine-tuning models with RAG for their environments, embedding AI into CI/CD pipelines and IDEs, applying AI-driven threat modeling at scale, and using AI to reduce SAST false positives. The core argument is that human-only security review can no longer keep pace with modern development velocity, and teams that proactively integrate AI into their workflows will achieve stronger security coverage at lower cost.

AI agents are accelerating vulnerability discovery. Here’s how AppSec teams must adapt.

AI red teaming: No longer theoretical or optional