Aikido Launches AI Code Audit Tool for Multi-Step Vulnerability Detection
Tags AI · Security · Developer Tools · Enterprise
Aikido Security released Code Audit, an AI-powered source code analysis tool that uses agentic reasoning to find logic-based vulnerabilities — such as multi-step IDOR chains, ReDoS patterns, and unauthenticated admin routes — that traditional SAST scanners miss. The tool sits between SAST and full pentesting, working on static source code without needing live environments or credentials. Internal benchmarks show Code Audit covers roughly 70–80% of a full pentest engagement at approximately 10x lower cost, finding a median of ~25 security issues per codebase with zero clean audits in early testing. Each finding includes root cause, code evidence, and an AutoFix that generates a pull request.
Technical significance
Code Audit directly responds to the 'attacker will gain access to increasingly capable models' dynamic created by tools like Claude Fable 5: defenders need equivalent agentic capabilities. By working on static source, it removes the staging-environment dependency that slows pentests and can audit mobile apps, smart contracts, and legacy codebases that SAST tools handle poorly. The ~25 issues-per-codebase median suggests most production codebases have undetected logic flaws, meaning this category of vulnerability scanning has significant unmet demand.