ArmorCode today released its agentic AI solution, Anya, for AppSec and product security teams.
The point of Anya was to create a conversational, virtual security champion that can look at data from hundreds of code, app, cloud and infrastructure scans to provide insights that lead to action.
“Anya is a governance layer over the scanners,” Mark Lambert, chief product officer at ArmorCode, told ITOps Times from the RSA Conference. “It can create tickets, automate alert communications and provide quicker insight into the root cause of an event.”
Security teams have to deal with application and deployment complexities that create the potential for wider attack surfaces, while using siloed tools. In its announcement, ArmorCode wrote: “Specifically, for AppSec teams, the time and expertise required to interpret dashboards and alerts and align findings across code, apps, cloud and infrastructure are in short supply.” Anya, ArmorCode noted, addresses these challenges by understanding the context of an event and prioritizing risk, leading to better decision-making as to how to deal with the issue.
ArmorCode introduced AI-powered scanning tool correlation, remediation guidance, and PenTest management in 2024, and Anya builds on that by adding natural language intelligence and delivering insights that adapt to a person’s role.
“Traditional reporting really will continue to have a place in the industry, but one of the biggest challenges that organizations face is interpretation of that data,” Lambert said. “So a CISO looking at a dashboard, will see that the risk score is 900 whereas yesterday it was 300. They have a whole bunch of questions from that, like why is that, and what changed?”
That has required human-to-human interaction, where a security analyst or leaders would dig through data to find answers, and then generate a report to share with the CISO. Now, a user can ask the natural language question and get a short summary.
Finally, Anya is optimized via retrieval-augmented generation (RAG), so it can refine the model with each query and interaction “within the user’s private data context,” according to the company announcement.
Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit www.armorcode.com/meet-anya to request a demo and see Anya live at the RSA Conference 2025 Expo in booth S-3339.
