Legit Security has launched new remediation agents designed to autonomously prioritize issues, generate fixes, open pull requests, and confirm results by leveraging context from an organization’s unique codebase. These agents are integrated into Legit’s agentic AppSec platform, aiming to address the escalating speed of vulnerability exploitation by AI-equipped attackers. The system enables parallel remediation across codebases and uses business context to prioritize critical threats and create appropriate fixes, irrespective of the AppSec testing tools deployed. The company states that AI-first development necessitates a new approach to AppSec.
AI coding agents are now responsible for the majority of committed code, and AI-generated code contains 2.74 times more vulnerabilities than human-written code. The median time to remediate a vulnerability stands at 252 days, which is almost six times longer than the time attackers typically require to move from disclosure to exploitation. Furthermore, attackers utilizing new frontier models can exploit new vulnerabilities within minutes of their deployment. Legit Security asserts that as teams accelerate shipping with AI, the rate of risk compounds, and attackers execute exploitation campaigns faster, creating a need for automated, intelligent, agentic tools.
“Security teams aren’t losing the war because they lack talent. They’re losing because the model has changed completely, but AppSec testing tools have stayed the same,” stated Roni Fuchs, co-founder and CEO at Legit. “Legit’s new remediation agents were built for this reality by offering AI-speed remediation centered on the context of your business and codebase, so you can trust them.”
Legit Remediation Agents are designed to generate production fixes rather than patches, distinguishing them from general-use AI coding tools such as Cursor, Claude Code, and GitHub Copilot.
Key features of Legit’s remediation agents include a unified risk posture, derived from continuous scanning across the SDLC and ingestion of risk signals from third-party tools. They prioritize issues based on factors such as reachability, exploitability, and production status within each customer’s distinct environment. The agents can address vulnerabilities across multiple repositories simultaneously by opening pull requests in parallel across all affected repos. Before opening a pull request, Legit’s agents run tests to confirm the remediation, then create the PR with a plain-language explanation. The system also maintains auditable records of all agent activity, from the initial finding to the validated fix and subsequent engineering actions.
“Security teams tell us they’ve tried pointing AI coding tools at their vulnerability backlogs, but the results are thousands of patches that lack context and aren’t validated, some even try to fix false positives, which wastes a lot of time,” said Yoav Stahl, vice president of product at Legit. “Legit’s agents know your codebase, your risk profile, and your organizational policies, so when we deliver a fix, we know it works for you.”
Further information on Legit’s remediation agents is available on their blog. Security teams interested in participating in Legit’s early access program can contact the company directly.
Legit Security positions itself as an Agentic Application Security company, developed for environments where AI generates code. Its platform aims to autonomously prioritize and remediate vulnerabilities while preventing new ones from being introduced during AI code generation. The platform continuously learns from the codebase to facilitate secure AI-generated code at a pace traditional AppSec methods cannot match. The company is used by security teams globally, including those in the FORTUNE 500, and holds a 4.8 rating on Gartner Peer Insights.
