Legit Security Launches Autonomous Remediation Agents to Close the Gap Between AI-Led Attacks and AI-First Development

BOSTON--(BUSINESS WIRE)--Legit Security, the leader in agentic application security, today launched new remediation agents that independently prioritize issues, generate fixes, open pull requests, and confirm results using context learned from each organization’s distinct codebase.

As AI allows attackers to exploit vulnerabilities faster than ever, rapid remediation becomes critical. As part of Legit’s agentic AppSec platform, these agents offer parallel remediation across code bases – critical when a common authentication bypass vulnerability is introduced through reused code and propagated across multiple services – along with using business context to prioritize the real threats, and create the right fix, regardless of which AppSec testing tools are deployed.

AI-first development has fundamentally changed the math on application security, necessitating an entirely new approach to AppSec. Consider:

• AI coding agents account for most of the committed code
• AI generated code contains 2.74 times more vulnerabilities than human-written code
• The median time to remediate a vulnerability is 252 days, nearly six times longer than attackers need to move from disclosure to exploitation
• Attackers equipped with new frontier models exploit new vulnerabilities within minutes of deployments

The bottom line: the faster teams ship with AI, the faster risk compounds – and the faster attackers execute exploitation campaigns. These trends collide to create enormous risk that must be solved with automated, intelligent, agentic tools

“Security teams aren’t losing the war because they lack talent. They’re losing because the model has changed completely, but AppSec testing tools have stayed the same,” said Roni Fuchs, co-founder and CEO at Legit. “Legit’s new remediation agents were built for this reality by offering AI-speed remediation centered on the context of your business and codebase, so you can trust them.”

Key Features: Legit Remediation Agents
Unlike general-use AI coding tools like Cursor, Claude Code and GitHub Copilot, Legit’s agents have the security knowledge and business context to generate production fixes, rather than patches. In addition, Legit’s remediation agents:

• Unified risk posture: Legit's stores the full risk posture of your codebases and apps, created from continuous scanning across the SDLC and the ingestion of risk signal from 3^rd party tools. LLMs and coding agents do not have native access to this data.
• Know what really matters: Legacy AppSec tools find volumes of issues without clear prioritization. Legit’s agents are informed by each customer’s distinct environment so only issues that really matter – prioritized by factors such as reachability, exploitability and production status – reach the remediation queue.
• Close complete attack surface gaps: Vulnerabilities rarely live in a single repo; a critical CVE can exist across dozens of services simultaneously. Legit’s agents open pull requests across every affected repo in parallel, to close every gap in the attack surface.
• Validate before opening a PR: Legit’s agents run tests, confirm the remediation held, and then create the PR with a plain-language explanation of what was fixed and why.
• Create auditable records of agent activity: Legit records every action its remediation agents take – from the original finding to the PR, the validated fix, and what engineering did with it – providing a complete, auditable record of activity.

“Security teams tell us they’ve tried pointing AI coding tools at their vulnerability backlogs, but the results are thousands of patches that lack context and aren’t validated, some even try to fix false positives, which wastes a lot of time,” said Yoav Stahl, vice president of product at Legit. “Legit’s agents know your codebase, your risk profile, and your organizational policies, so when we deliver a fix, we know it works for you.”

To learn more about Legit’s new remediation agents, read our blog. In addition, security teams interested in participating in Legit’s early access program can contact us here.

About Legit Security
Legit Security is the Agentic Application Security company, purpose-built for a world where AI writes code. Legit's platform autonomously prioritizes and remediates the vulnerabilities that matter most and prevents new ones from being introduced at the moment AI code is generated. Legit continuously learns from your codebase to deliver secure AI-generated code at a speed and scale no traditional AppSec approach can match. Legit is trusted by security teams worldwide, including the FORTUNE 500, and is rated 4.8 on Gartner Peer Insights.