Highlights from the OWASP AppSec Conference 2025: Auto Remediation with AI and Beyond
Last week, we attended the OWASP AppSec Conference 2025, one of the most anticipated cybersecurity events of the year. As part of the broader OWASP AppSec series, the conference brought together experts, vendors, and practitioners to explore the rise of auto remediation with AI, share new security strategies, and highlight cutting-edge tools shaping the future of secure software delivery.
Live Product Demos Featuring Auto Remediation with AI
Moreover, during OWASP Global AppSec, we had the chance to reconnect with many of our customers and meet new teams discovering Xygeni for the first time. Our live demo of Auto Remediation was one of the main highlights for those interested in practical applications of AI in DevSecOps.
What is Auto Remediation?
Basically, Auto Remediaton is our AI-driven remediation engine that analyzes code, detects vulnerabilities, and generates secure fixes directly in your CI/CD pipeline. As a result, by integrating into the development workflow, it helps cut down on triage time and reduces alert fatigue. This is a clear example of how AI in DevSecOps can reduce manual work and accelerate security response.
A Preview of Smarter SCA with Remediation Risk: Safer Upgrade Decisions
At OWASP Global AppSec, we showcased Xygeni’s upcoming Remediation Risk feature for SCA, built to help teams make safer upgrade decisions. It surfaces fixed issues, flags new risks, and highlights breaking changes across available versions. Instead of blindly applying the latest patch, developers receive a smart recommendation that balances security with stability.
Stay tuned! Exciting updates are coming soon. Want to be the first to know? Subscribe to our newsletter for product updates, security insights, and exclusive previews.
Voices from OWASP Global Appsec: Security in the Age of AI
After that, we joined the recorded panel Voices from OWASP Global AppSec a community-driven session that brought together vendors and practitioners to discuss what modern application security looks like in the era of Auto Remediation with AI.
Specifically, we heard from two leaders tackling the challenge from different angles:
- Antoine Carossio, co-founder and CTO at Escape, addressed the risks and complexities of securing AI-generated code.
- Morten Ruud, Product Manager at Promon, shared a broader perspective on protecting applications beyond the developer’s IDE, especially in runtime environments like mobile.
Their combined vision echoed the main theme of both OWASP AppSec and OWASP Global AppSec: application security must evolve with how software is built and deployed.
Escape – Antoine Carossio: AI is Writing (and Securing) Our Code
To begin with, Antoine explored how auto remediation with AI is transforming software creation and the associated risks for AppSec:
- Because AI is generating more code, there’s more to test—and more false positives.
- Consequently, alert fatigue is increasing and slowing down developer productivity.
- Traditional tools struggle to keep pace with AI-generated code, amplifying security gaps.
- Regulatory frameworks like the EU AI Act will soon demand transparency in how AI-generated code is produced and audited.
He emphasized the growing need for:
- Trust boundaries in workflows where code isn’t fully human-authored.
- Lightweight guardrails that prevent “autocompleted vulnerabilities.”
- Continuous scanning and validation of AI code, treating it more like third-party software.
Promon – Morten Ruud: Beyond Secure Code
Following that, Morten focused on protecting applications after development, tying into the broader goals of both OWASP AppSec and OWASP Global AppSec: securing the full SDLC from pipeline to runtime.
Key takeaways from his talk included:
- Vulnerabilities don’t just emerge during coding they appear in build, deployment, and especially runtime.
- Developers can’t be expected to be experts in every runtime environment their applications will face.
- Runtime threats such as mobile credential harvesting or overlay attacks demand integrated protection.
Morten highlighted how:
- Promon protects mobile apps at runtime through anti-tampering and in-app protection.
- Xygeni secures earlier stages in the pipeline with supply chain visibility, secrets scanning, IaC checks, and more.
Their shared conclusion echoed a key theme of the OWASP AppSec Conference: Real-world threats don’t stay in silos and neither should security. Shift Everywhere is not a slogan; it’s a necessity.
Upcoming SafeDev Talk: Orchestrating AI-Powered DevSecOps
During the event, we hosted a special edition of our 𝑵𝒆𝒙𝒕 𝑺𝒂𝒇𝒆𝑫𝒆𝒗 𝑻𝒂𝒍𝒌 𝑨𝑰-𝑷𝒐𝒘𝒆𝒓𝒆𝒅 𝑫𝒆𝒗𝑺𝒆𝒄𝑶𝒑𝒔. 𝑶𝒓𝒄𝒉𝒆𝒔𝒕𝒓𝒂𝒕𝒊𝒏𝒈 𝑺𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝒂𝒕 𝑪𝒍𝒐𝒖𝒅 𝑺𝒄𝒂𝒍𝒆, as part of OWASP Global AppSec, featuring Ashwini Siddhi—OWASP Global Board Member and Women in Cyber Security advocate. The session focused on a timely topic: AI in DevSecOps and how to orchestrate security across the SDLC at cloud scale.
During the talk, we explored how:
- Auto Remediation with AI improves speed, visibility, and consistency across workflows
- Teams can prioritize real risk through smart vulnerability management
- It’s now possible to secure pipelines, code, and runtime environments seamlessly
- Intelligent orchestration helps reduce alert fatigue for developers and AppSec teams
- All of this aligns with OWASP AppSec principles like “Shift Left” and “Shift Everywhere”
Closing Thoughts on OWASP AppSec 2025
The OWASP AppSec Conference 2025 showed just how quickly the AppSec space is evolving. From AI-driven remediation to smarter SCA and runtime defense, modern security must integrate deeply with development. Events like OWASP Global AppSec prove that collaboration between vendors, developers, and advocates is key to staying ahead.
At Xygeni, we’re proud to be part of that movement building tools that help teams embrace automation and secure software delivery at cloud scale.
