Hi all, I’ve added a new post to my blog “AppSec Untangled” exploring using AI to scan code for vulnerabilities, and showing how this can detect many false-negatives SAST tools currently miss.
The use case I’ve covered in the post which is most relevant to this forum is using AI code scanning to verify whether whether the mitigations mentioned in the Threat Model implemented correctly which was very interesting to me.
In the post, I’ve used a tool called “Corgea” as an example, interested to know if anyone have come across other tools that can be used to scan code for vulnerabilities in a similar way.
Here is the link, Hope you find it useful: How AI Code Scanning Breaks SAST’s Limits - Corgea as an Example | by Mohamed AboElKheir | AppSec Untangled | Mar, 2025 | Medium