ArmorCode Launches Anya, the First Agentic AI for AppSec Teams, at RSAC 2025

At RSAC 2025, ArmorCode introduced Anya, a breakthrough in application security technology: the first agentic AI champion built specifically for AppSec and product security teams. Following a successful early access program, Anya is now generally available to all ArmorCode enterprise customers, promising to change how security teams prioritize, triage, and act on risks across sprawling environments.

For years, application security teams have struggled under the weight of tool sprawl, endless dashboards, and an overwhelming volume of alerts. Now, rather than juggling dozens of siloed systems, Anya serves as a conversation-driven virtual teammate — cross-correlating findings from over 285 integrations covering code, cloud, apps, and infrastructure.

“Anya is changing the game. Not just because it's powerful, but because it's usable,” said Nikhil Gupta, CEO and Founder of ArmorCode. “It builds on years of AI innovation at ArmorCode, and now it's fully integrated, generally available, and ready to transform how security teams operate—without bias. The possibilities from here are truly limitless.”

An AI Designed for Real-World AppSec Pain Points

Security leaders cite widening attack surfaces, rising technical debt, and an acute shortage of AppSec talent as critical challenges in 2025. Reading dashboards and parsing thousands of vulnerabilities manually simply doesn’t scale anymore — especially when false positives clog the pipeline. Anya addresses this by functioning like a senior security analyst who not only understands the organization's specific context but can also explain next steps in plain language.

“One of the challenges organizations face is empowering developers with guidance on how to remediate different vulnerabilities,” said Dheeraj Khanna, VP of Cloud Product Security at NetApp, an early access user. Khanna praised ArmorCode’s AI capabilities for “generating targeted and instructive remediation activities” and helping teams normalize vulnerabilities across disparate tools like vulnerability management and software composition analysis platforms.

How Anya Works

Unlike AI chatbots bolted onto existing platforms, Anya was designed from the ground up to operate within ArmorCode’s ASPM ecosystem. Key capabilities include:

• Natural Language Understanding: Users can ask Anya questions and receive contextually accurate insights without navigating multiple dashboards.

• Smart Correlation: Automatically links findings across tools, highlighting emerging risks and bottlenecks.

• Persona-Aware Recommendations: Tailors insights for CISOs, AppSec managers, developers, and engineers alike.

• Continuous Learning: Leverages retrieval-augmented generation (RAG) techniques to personalize responses based on private organizational data.

• Actionable Prioritization: Filters noise to surface the vulnerabilities that matter most — based on severity, exploitability, and team ownership.

"ArmorCode has enabled us to quickly bring together all of the findings from our AppSec, infrastructure, and cloud sources in one central place as an independent governance layer," said Gaurav Saxena, Head of Cloud Security for S&P Global. "And now with their agentic AI, Anya, anyone on the team can communicate naturally with the ASPM Platform and get answers in seconds."

The Next Evolution of AppSec Platforms

While dashboards remain critical for reporting and historical tracking, security leaders at RSAC 2025 emphasized that dynamic, context-rich conversations — not static charts — will drive future security operations.

“Dashboards still have a place, but Anya goes further,” said Mark Lambert, Chief Product Officer for ArmorCode. “It facilitates the conversations those dashboards were meant to support. What does this mean? Why does it matter? What should I do next? Anya answers those questions immediately and intuitively — for everyone, from DevSecOps to the CISO.”

Paolo del Mundo, Director of Application Security for The Motley Fool, echoed this sentiment, noting that "AI for AppSec is compelling because we need to achieve more with fewer resources. It's the logical next step to quickly determine if a vulnerability is both genuine and truly risky."

Why Anya Matters

ArmorCode’s credibility in bringing Anya to market is reinforced by the scale of its platform: over 25 billion findings processed, 285+ integrations supported, and more than 3,500 security engineers managing the risks of 175,000 developers worldwide.

This vast pool of data equips Anya with unprecedented context, enabling it to deliver responses that are not only fast but also trusted.

Availability

Anya is now available to all ArmorCode customers as part of its ASPM platform subscription. Organizations can schedule a live demonstration at www.armorcode.com/meet-anya or visit ArmorCode at booth S-3339 at RSA Conference 2025.