Semgrep Announces the Private Beta of AI-Powered Detection to Uncover Business Logic Vulnerabilities

News provided by

Semgrep

Nov 12, 2025, 09:00 ET

SAN FRANCISCO, Nov. 12, 2025 /PRNewswire/ -- Semgrep, a leading application security platform, today announced the launch of private beta for AI-powered detection to augment its popular static application security testing (SAST) engine. Participants in the private beta can leverage Semgrep's AI-powered detection to uncover the types of business logic vulnerabilities, such as broken authentication and insecure direct object references (IDORs), that can lead to high profile security breaches.

Business logic flaws differ from the types of vulnerabilities such as SQL injection or cross-site scripting that organizations have historically used SAST tools to resolve. According to recent bug bounty data, broken access control vulnerabilities, including IDORs and authorization issues, now account for roughly half (49%) of all high and critical severity findings. These flaws require understanding developer intent and application context, which traditional SAST approaches were not designed to detect reliably without significant customization.

"Most of our high-severity responsible disclosure findings involve authorization logic flaws. Semgrep's AI-powered detection now identifies those automatically, giving us the benefit of an internal researcher integrated right into our CI pipeline," says Minh Nghiem, Senior Security Engineer at Homebase.

Addressing Critical Security Challenges
AI-powered detection addresses three converging challenges facing modern security teams. For security engineers, business logic vulnerabilities like IDORs increasingly dominate bug bounty programs and penetration testing findings, yet most teams lack effective tools to detect them before production. For developers, AI-assisted coding tools accelerate development but introduce new security risks that existing scanners can't assess accurately, creating friction between velocity and security. Security leaders are looking for demonstrable AI capabilities that deliver measurable security improvements while maintaining governance and compliance requirements.

While large language models (LLMs) have shown promise in many areas, they lack the reliability required for code security. To address this, Semgrep applies a hybrid system that harnesses the benefits of LLM contextual reasoning in a way that enforces a level of predictability by blending traditional SAST capabilities (e.g. rules, policies, and guardrails). By leveraging both approaches' complementary strengths, the system delivers high-fidelity, actionable findings that span vulnerability classes with minimal false positives.

"AI is transforming the way we approach code security, and Semgrep is at the forefront of that shift," said Isaac Evans, CEO and Co-Founder at Semgrep. "With AI built into Semgrep, every improvement in large language models translates into exponential gains for our customers. Our hybrid approach delivers compounding results that go beyond what LLM-only systems can achieve."

Early Results From Alpha Program
Semgrep's alpha program, with design partners scanning private repositories, demonstrated AI-powered detection's effectiveness across multiple dimensions.

  • Roughly 80% of participating customers discovered at least one critical or severe IDOR.
  • In comparative testing, Semgrep's AI-powered detection achieved 1.9 times better recall on IDOR detection compared to standalone AI coding assistants like Claude Code.
  • When tested on traditional vulnerability detection, pure LLM approaches showed 95-100% false positive rates for SQL injection detection, demonstrating why hybrid approaches combining deterministic analysis with AI reasoning are necessary for reliable security coverage.

AI-Powered Detection Availability
The AI-powered detection private beta is available now to select Semgrep customers. Interested organizations can sign up here to get on the early access waitlist. Spots are limited.

For more information on AI-powered detection, read the full blog post.

About Semgrep
 Semgrep  is the leading code security platform for builders – helping teams catch, flag, and fix real issues before they ship, with security that learns as you build. Its developer-first platform unifies SAST, SCA, and secrets detection, embedding security directly into the development workflow so protection begins where code happens. Semgrep combines deterministic static analysis with AI reasoning that powers detection, triage, and remediation to help teams uncover real vulnerabilities, prioritize reachable risks, and fix issues faster. Backed by Menlo, Felicis, Lightspeed, Redpoint, and Sequoia Capital, Semgrep is trusted by global organizations, including Snowflake, Dropbox, and Figma.

SOURCE Semgrep

21%

more press release views with 
Request a Demo

Also from this source

Semgrep Named in Fortune's 2025 Cyber 60 List For Third Year in a Row

Semgrep Named in Fortune's 2025 Cyber 60 List For Third Year in a Row

Semgrep, a leading Application Security platform, today announced it has been named in Fortune's 2025 Cyber 60 List for the third, consecutive year...
Semgrep Recognized in the 2025 Gartner® Magic Quadrant™ for Application Security Testing

Semgrep Recognized in the 2025 Gartner® Magic Quadrant™ for Application Security Testing

Semgrep, a leading Application Security platform, today announced it has been recognized in the 2025 Gartner® Magic Quadrant™ for Application...
More Releases From This Source

Explore

High Tech Security

High Tech Security

Computer & Electronics

Computer & Electronics

Artificial Intelligence

Artificial Intelligence

Computer Software

Computer Software

News Releases in Similar Topics