Introducing Jit's Agentic AppSec Platform That Gets Real Work Done
Updated April 9, 2025.
I am beyond excited to announce that we are launching the first ever Agentic Application Security Platform, which will revolutionize the way AppSec teams and engineers work. Jit will enable customers to build the teams of the future, a blend of human experts who collaborate with purpose-built AI Agents that can operate and remediate risks within your existing stack, exposed by Model Context Protocol (MCP). Humans will lead and delegate their desired tasks to agents, which will carry out predefined workflows or execute ad-hoc actions within any tool and data stream – breaking silos, driving better decisions and creating a new way to work.
This exciting evolution improves the productivity of AppSec teams by 10x or more, and is designed to be easily set up and trained. In working with our design partners, we have been able to reduce the human hours invested in structured processes from hours to minutes. This is the only way AppSec teams can effectively support engineering teams who are heavily investing in vibe coding and AI-based dev tools.
It’s an amazing time to build and collaborate. We’ve taken learnings from hundreds of our enterprise customers and over 50 industry-leading partners to redefine AppSec and take it into the future. Let’s go!
Dudu Yoseph, LinearB:
“Shift Left” is not enough anymore
From speaking with customers over the past year, we understood that there was a need for security to make a leap forward.
For years, AppSec platforms have been focused on enabling customers to “shift left”, integrate security controls into the SDLC, and leverage engineers to solve security problems early. I believe that Jit has built the BEST platform to do so and, with our built-in controls, is providing the fastest way to get full coverage and a superb developer experience to drive developer adoption.
However, the Gen AI revolution is driving exponential growth in code generation. Unfortunately, despite all of the promises to the contrary, this generated code often contains a significant amount of vulnerabilities. With vulnerabilities skyrocketing, AppSec teams are left drowning in alerts, without a chance to succeed with current tools and processes.
As a result, “shifting left” is not enough anymore. We must accelerate the productivity of AppSec teams by leveraging AI to stay ahead of security risks.
The AppSec Teams of the Future: Humans, Agents and Tool Orchestration (MCP)
The future of security will be based on collaboration between humans and agents. This will be achieved by leveraging AI and various tools exposed through MCP servers to retrieve and crunch vast amounts of data from siloed sources in real time, enable data-driven decisions, and reduce the amount of tabs open during investigations, thereby reducing MTTR by orders of magnitude. Speaking with customers, we found two areas of impact:
Recurring Workflows: AppSec Teams operate in structured processes that allow, for example, top-down risk assessment and reporting. These processes are the fundamentals, and in many ways generate the prioritized tasks for the team. We started by defining the key processes that our customers see every day across AppSec and Compliance use cases.
The best example is the Risk Assessment workflow. Our agents are able to run the whole process, which can take days to weeks depending on the scope, in a matter of minutes, leveraging any product security scanning tool (built-in, commercial or cloud-native) and provide immediate feedback and a mitigation plan based on the customer’s internal security guidelines and business context.
We will continue to “agentify” workflows that our customer base will find valuable and launch purpose-built agents to execute flows that users demand. The agents will provide full transparency into their work and thought processes every step of the way, along with continuously learning and improving based on the feedback of the customer (just like talented new team members!).
Triage, Investigations and Ad-Hoc Tasks: AppSec engineers have a lot of free-form work. Triaging alerts, deep dive investigations, and research projects require constant juggling across various security products and dashboards, internal and external data sources, and sparsed company policies and documents. The constant context switching is both time-consuming and tiresome, making it difficult to keep up with newly introduced product security risks.
The answer is building a knowledge graph to centralize siloed data and provide the ability to query any data source ad-hoc using MCP servers. For those who may be new to the concept, MCP is a protocol standard introduced by Anthropic, and recently adopted by OpenAI, that is growing exponentially with thousands of servers available to connect any API. We have created the ability for AppSec teams - humans and AI Agents - to leverage MCPs to easily leverage tools and systems, while working in Jit as the unifying platform.
We believe that our vision is transformational:
Humans lead all strategic decisions and design the operational flows.
AI agents drive the routine tasks with full business context and situational awareness, triaging and remediating the issues that introduce real risk to the business.
An MCP-powered platform orchestrates dozens of tools that enable the remaining tasks to be handled with speed and accuracy across the entire technical stack.
AI Agents are only as good as the data and context that they have. Jit’s Company Knowledge Graph is unique for every customer, and continuously develops over time, containing all of the data predicted to be needed to support the agentic decision-making process. The Company Knowledge Graph indexes the data and allows agents to prioritize risk by connecting data points coming from different perspectives:
Business context: Vulnerability prioritization that is based on the priorities, policies, and requirements put forth by the business. Upload your internal policies to Jit to help our AI Agents understand your risk mitigation strategy, business priorities, and desired workflows.
Compliance context: Select the standards, regulations, and frameworks that matter to you like OWASP ASVS, CIS Benchmarks, MITRE ATT&CK, PCI-DSS, SOC 2, and more.
Runtime environment context: By integrating with your source code manager, cloud environment, and existing security stack (like Cyera, Orca, Wiz, Checkmarx, and many others) our AI Agents automatically aggregate and correlate issues and priority factors - i.e. internet-facing or exploitable - to provide a holistic understanding of the security risk. All while keeping a reference of the security products for explainability.
The combination of Jit’s AI Agents, the Company Knowledge Graph, and the MCP provides a unique way to streamline the most complicated workstreams and support the ad-hoc cases executed daily by teams all around the globe.
How it works: Example of the Risk Assessment Agent
With Jit’s AI Agents, your AppSec Engineer can simply ask, “what are the top risks in my application?”
This will prompt Jit’s Sera (Security Evaluation and Remediation Agent) to automate the first eight steps in the above workflow using its understanding of your internal security policies, runtime environment, and business-critical applications and data – ensuring the focus is on the risks that really matter to your business. In addition, it will provide detailed information and prioritization regarding the most critical risks in the environment, followed by a tailored and actionable mitigation plan to be reviewed by the team.
From there, teams can work directly within the Jit workspace to engage with their existing security stack—using native integrations to investigate risks more deeply, validate findings, review remediation recommendations, and collaborate seamlessly. Sera’s decisions can be verified, expanded upon, or challenged, giving AppSec teams full control over the process.
Whether it’s generating a Notion summary for documentation, pulling enriched context from tools like Wiz or Orca, checking historical issues via automated JIRA searches, spinning up a Slack channel with full risk context, or even modifying an S3 bucket’s ACL in response to a PII exposure—everything can be done in one place, without breaking focus.
When security risk mitigation is faster, more security risk mitigation gets done.
This is just the start; there’s so much more to come
Today marks a major leap forward in how AppSec teams operate.
We’ve introduced a new era of collaboration—where AI Agents work with you to offload manual, repetitive tasks, all from within Jit’s unified UI via our new Multi-Context Platform (MCP). This isn’t just a product update—it’s the foundation for a smarter, faster, and more efficient way to secure software.
And we’re just getting started.
In the weeks and months ahead, you’ll see a steady stream of new AI Agents that automate even more of your workflows—and new integrations that pull in rich context from across your stack, so you can investigate, act, and remediate without ever leaving Jit.
Imagine a developer experience so seamless, every code change triggers an automated scan that flags security and quality issues, explains their business impact, and suggests actionable fixes—all powered by AI.
And soon, you won’t just use our workflows—you’ll build your own. With custom agents tailored to your environment, you’ll be able to automate the security tasks that matter most to your team, using the tools you already love. No more context switching. No more bottlenecks. Just real, meaningful progress.
This is the future of AppSec—and we’re proud to be at the forefront.
Want to see what it looks like in action? Reach out—we’ll show you the only AppSec platform built to actually get work done.
