Full Report
To answer the question in the title: It's SAST (Static Application Security Testing) + LLMs. Traditional static analysis tools are poor at detecting certain bug classes, such as authorization and business logic bugs. AI can sometimes understand code context and identify issues. At the beginning, they do outline some issues with it. First, is the cost of it. Tokens are cheap because they are subsidized. However, not that cheap; there's a ton of software to analyze. Secondly, there context rot. LLMs remember data from the beginning and the end, but not as much of the middle. Finally, LLMs are not deterministic; AI may review different code in different ways each time it sees it. The author sees there being four inputs for LLM native tools: main input, prompt, RAG and context. The main input is the suspected vulnerable code or code that we're trying to look at. The prompt is the objective such as "does this code have XSS in it?" RAG is a framework for retrieving data to add as context to the call with more specific information about the task, such as XSS payloads and descriptions of XSS. They have a few different mechanisms for using SAST with AI. The first one is Prompt + Code - simply give the AI code and tell it to analyze it. This is simple but better than not doing it at all. This can be paired with AI analyzing pull requests or using it as a classifier/triager before passing it to a more expensive model. The next mode of operation is Prompt + Agent. This is the process of prompting the AI to find issues, giving it a set of tools to work with, and coming back a few hours later to see what it's found. This is the same as the first one but asking more specific prompts on code and seeing if it can find anything interesting on the particular targets that you gave it. The third one is Tailored Prompt + SAST Result. This process is simple: run a SAST tool and give AI tailored prompts based on its findings. For very tailored SAST rules, this isn't helpful. For more "hotspot" types of issues, this can significantly reduce the noise. To make the AI more useful, we can add data flow analysis to it as well. The final one that raise is Agent + Code Graph + SAST MCP. The author mostly uses and recreates an existing tool called ZeroPath for this. According to them, they use Tree-Sitter to parse the function graph and then enhance the steps with AI, such as adding notes for CSRF protection. MCPs (Model Context Protocols) give AI the ability to use tools, such as SemGrep, source code reading, and many other things. They also explain Embedding Models that allow for better data retrieval than MCP. According to the author, the more you hold the AI's hand with tooling, the better the results will be. We still need the static analysis tools to augment the LLMs usage, as they can't purely understand complicated code on their own yet. Overall, a good post on the state of AI and how this engineer uses it themselves.
Analysis Summary
# Tool/Technique: AI-Native SAST (Static Application Security Testing)
## Overview
AI-Native SAST is an evolving application security methodology that integrates Large Language Models (LLMs) with traditional static analysis tools. Its primary purpose is to identify complex vulnerabilities—such as business logic flaws and authorization issues—that traditional rule-based scanners (e.g., Semgrep, CodeQL) frequently miss. It functions by combining code context, data flow analysis, and automated "agents" to triage or discover security defects.
## Technical Details
- **Type**: Technique / Tool Framework
- **Platform**: Multi-platform (Cloud-native and local source code repositories)
- **Capabilities**:
- Contextual code understanding (intent analysis).
- Automated vulnerability triaging and classification.
- Integration with Model Context Protocols (MCP) for tool interaction.
- Integration with Tree-Sitter for function graph parsing.
- **First Seen**: Technology popularized c. 2023–2024; article dated Oct 31, 2025.
## MITRE ATT&CK Mapping
*Note: As a defensive/analytical methodology, this mapping reflects the techniques the tool is designed to identify or the "Security Assessment" phase.*
- **[TA0007 - Discovery]**
- [T1083 - File and Directory Discovery] (Analyzing repository structures)
- **[TA0040 - Impact]**
- [T1495 - Firmware Corruption] (Logic bug detection)
- **[TA0001 - Initial Access]**
- [T1190 - Exploit Public-Facing Application] (Identifying XSS/Injection pre-exploitation)
## Functionality
### Core Capabilities
- **Prompt + Code Analysis**: Direct submission of code snippets to an LLM with specific security objectives (e.g., "Find XSS").
- **SAST Triaging**: Using AI as a pre-filter or classifier for "hotspot" results generated by traditional tools to reduce false positives.
- **RAG (Retrieval-Augmented Generation)**: Providing the LLM with a library of vulnerability descriptions and payloads to improve its accuracy during analysis.
### Advanced Features
- **Prompt + Agent**: Deploying autonomous agents equipped with a toolset to explore codebases over several hours.
- **Agent + Code Graph + MCP**: Utilizing Model Context Protocols to allow the AI to "call" tools like Semgrep or read specific source files dynamically.
- **Data Flow Analysis Enrichment**: Enhancing the LLM's understanding by providing parsed function graphs and notes on protection mechanisms (e.g., CSRF tokens).
## Indicators of Compromise
*Not applicable for this defensive tool. However, behavioral indicators of "AI-Native SAST" usage in a dev environment include:*
- **Behavioral Indicators**: High volume of API calls to LLM providers (e.g., OpenAI, Anthropic) originating from CI/CD pipelines or security workstations.
## Associated Threat Actors
- **Defensive Use**: Security Engineering teams, Penetration Testers.
- **Potential Offensive Use**: Any threat actor using LLMs to automate vulnerability discovery (e.g., XBOW-style "Hackbots").
## Detection Methods
- **Behavioral Detection**: Monitoring for non-deterministic patterns in security reports (different results for the same code block).
- **Audit Logs**: Reviewing MCP (Model Context Protocol) logs to see which tools/files the AI agent accessed.
## Mitigation Strategies
- **Data Privacy**: Ensure source code is not used for "training" by LLM providers.
- **Human-in-the-loop**: Mandatory manual verification of AI-generated findings to account for "context rot" and hallucinations.
- **Cost Management**: Implementing token quotas to prevent excessive expenditure on large codebases.
## Related Tools/Techniques
- **ZeroPath**: An existing tool focused on AI-native security analysis.
- **Semgrep / CodeQL**: Traditional SAST engines used as "hand-holding" mechanisms for LLMs.
- **Tree-Sitter**: Used for parsing source code into Concrete Syntax Trees (CST).
- **XBOW**: An automated AI-driven exploitation/security platform.