Skip to content

NecessityWorks

Live · Early Access

The agents wrote it.
The agents shall review it.

AI-Native SAST, built from the ground up for the agentic era. 20+ specialist agents, a live call graph, kill-chain path tracing, inline remediation, and findings mapped to every secure-coding standard a PR can violate — OWASP Top 10, CWE, NIST SSDF, PCI-DSS, ISO 27001, SOC 2. In the minutes a PR deserves, not the hours it used to take.

Early access is live. We onboard partners personally.

0.91
OWASP Benchmark · Youden
20+
Specialist Agents
Minutes
Time per Review
Inline
Fixes, Not Reports

Agentic development, and agentic threats, already outpace humans.
The only thing that can keep up with agents are agents themselves.

Why Now

The code is being written by agents.
Ask an agent for a security review — before the attackers do.

A decade ago, exploitation lagged disclosure by years. Now it lags by hours. Coding agents generate more code, faster, than any team that has ever shipped software. Legacy SAST — pattern matchers and linters — was built for the old clock. It cannot keep up with the new one.

CSA, SANS, and OWASP’s GenAI Security Project converged on the same recommendation in their joint “AI Vulnerability Storm” briefing: LLM-powered review agents need to be in every SDLC. AI-Native SAST is no longer optional. It's a requirement today, not next year.

Source → CSA · SANS · OWASP GenAI Security Project · April 2026

Real Attack · March 19, 2026

When the security scanner became the attack vector.

On March 19, 2026, threat actors compromised Aqua Security's trivy-action— a scanner running in thousands of CI/CD pipelines. They force-pushed 76 of 77 version tags to a malicious commit that harvested SSH keys, cloud credentials, Kubernetes tokens, and crypto wallets. The compromised tags were active for up to 12 hours before remediation.

We replayed the exact diff against NecessityWorks. The specialist-agent swarm caught it in under 3 minutes — not as a generic pattern match, but as a complete understanding of intent: memory scraping, credential harvesting, RSA-encrypted exfiltration, and a fallback channel using the victim's own GitHub PAT.

1
CRITICAL finding
consolidated from 25 raw detections
8 / 9
Routed specialists confirmed
9 routed from a 20+ specialist swarm
< 3 min
End-to-end review
$2.53 total compute cost
100%
Detection confidence
zero-day classified CWE-506

What legacy SAST saw

  • No SQL injection patterns
  • No XSS vectors
  • No buffer overflows
  • No known CVE signatures
  • Valid bash syntax
  • No rule matches

What NecessityWorks saw

  • Base64-encoded executable payloads
  • Process memory access (/proc/PID/mem)
  • Mass credential file harvesting
  • RSA public key for asymmetric encryption
  • Exfiltration to typosquatted domain
  • GitHub API abuse via stolen token
  • GitHub repo misconfiguration (unsigned tags, force-push permitted)

We caught it 5 ways across the kill chain.

AI-Native SAST is live today — that’s how we caught the malicious diff. The rest of the NecessityWorks platform would have caught the same attack at four other stages— without ever needing an IoC, because the IoCs didn’t exist yet. Defense in depth, automated.

01AI-Native SASTLive today

The diff itself: 20+ specialist agents traced the malicious payload in under 3 minutes— not as a pattern, but as a complete understanding of intent (memory scraping, base64-encoded Python, RSA-encrypted exfil, GitHub PAT abuse, fallback exfil channel). 25 detections across 8 CWE categories, deduped to one actionable alert.

02CI/CD Configuration AuditComing

Continuous config assessment of your own pipelines would have flagged the floating [email protected]reference as a CIS GitHub Actions baseline violation. Plus: CI runners with unrestricted egress, secrets scoped too broadly, no SBOM-on-build. Pre-incident: “you’re one misconfig away from supply-chain catastrophe.”

03Runtime Process BehaviorComing

Streaming runner telemetry would have lit up the moment the payload executed: read access to /proc/PID/mem (near-zero baseline in CI), base64 piped to python3(anomalous), and unprivileged code escalating via sudo on a runner that’s never used sudo before. Process-tree shape alone fires the alert.

04Behavioral SIEMComing

The exfil itself shows up as a network anomaly long before anyone publishes an IoC. A CI runner that normally only speaks to your container registry and the GitHub API suddenly opens HTTPS to a newly-registered, typosquatted domainwith encrypted payload sized in kilobytes. Weird destination, weird timing, weird traffic shape — three independent behavioral signals on the same connection, flagged on their own. No threat-intel feed required to know something’s wrong.

05Identity Behavior & Auto-RotationComing

Continuous identity behavioral analysis would have caught the maintainer’s stolen GitHub token used from an anomalous IP/device before tags were force-pushed. Downstream: when exfiltrated credentials were replayed against cloud accounts, the deviation from baseline triggered automatic credential rotation within seconds.

Read the full technical analysis →
.91
OWASP Benchmark · Youden Index
Legacy SAST baseline: ~.24

0.91 is the highest published commercial SAST Youden we’ve found on the OWASP Benchmark.

We ran NecessityWorks AI-Native SAST against the OWASP Benchmark — the same standardized test every SAST tool in the industry is measured against. No private corpus. No cherry-picking. Just the scorecard.

0.91 Youden Index. Nearly 4× the industry baseline. We published the full methodology, per-CWE breakdown, and adversarial validation results so you can verify every number yourself.

Read the benchmark →

Preview · Compensating-Control Credit

The path decides the score.
Not the CVE database.

Every control on the path subtracts severity. Every gap on the path adds to it. The CRITICAL you triaged out might be smaller after compensation. The MEDIUM you ignored might be the one that gets you breached. CVSS base preserved alongside.

FINDINGS
ENTRY
MIDDLEWARE
SERVICE
SINK
api_gateway()ENTRYwebhook_handler()config_loader()auth_handler()file_handler()user_service()aws_client()db_query()SINKfs_read()
SEVERITY · RESCORED ON THIS PATH
CRITICAL9.8
Raw CVSSUser input flows to an unparameterized query at the db_query sink
HIGH8.8-1.0
api_gatewayTenant-scoped JWT — exploit limited to one tenant's row partition
HIGH7.8-1.0
auth_handlerRead-only DB role on this code path — no INSERT/UPDATE/DDL reachable
MEDIUM6.8-1.0
user_serviceSink reaches only the users-table partition for this caller's role
EXPLOIT PATHapi_gatewayauth_handleruser_servicedb_query
Walking the path…The math runs both ways: controls credit down, gaps debit up.

Live · Actionable

Findings in the diff.

Severity. CWE. Explanation. Fix code. All inline, all in the pull request, exactly where your developers already live. No new tool to learn. No dashboard to ignore.

app/services/user_service.py2 FINDINGS
142 async def get_user(user_id: str, db: Session):
143 """Fetch user by ID from database."""
144- query = f"SELECT * FROM users WHERE id = '{user_id}'"
NWNecessityWorksCRITICAL · CWE-89

SQL Injection: User-controlled input user_id is interpolated directly into the query. Use parameterized queries — fix suggested on line 145.

145+ query = text('SELECT * FROM users WHERE id = :uid')
146+ result = db.execute(query, {'uid': user_id})
147 return result.fetchone()
148
149 def validate_file_path(path: str) -> str:
150- return os.path.join(UPLOAD_DIR, path)
NWNecessityWorksHIGH · CWE-22

Path Traversal: Unsanitized path input allows ../../etc/passwd access. Normalize and validate components.

151+ safe = os.path.normpath(path)
152+ if '..' in safe.split(os.sep):
153+ raise ValueError("Path traversal detected")
154+ return os.path.join(UPLOAD_DIR, safe)

Fits your stack

Whatever you ship with,
NecessityWorks reviews it.

GitHub, GitLab, Bitbucket, Azure DevOps. First-class support for the languages, frameworks, and clouds your team actually ships with — and growing every release. No rip-and-replace.

The Gap

Four things legacy SAST can't do.

Agent Swarm

20+ specialist agents — language experts, framework specialists, threat modelers, compliance auditors — orchestrated to the right subset for every PR.

Call Graph Intelligence

Full AST parsing, entry-point discovery, taint propagation. We don't stop at pattern matching — we trace how untrusted input reaches dangerous sinks.

Kill-Chain Analysis

Every finding mapped to an attack path overlaid on the graph. Not just “CWE-89 here” — the full story from recon to exfil.

Inline Remediation

Every finding ships with fix code, not a warning. Developers apply the change with a click. Mean-time-to-remediate measured in minutes.

Early access is live.
Be first.

Bring your hardest repo. We'll bring the agents.

Join the Waitlist