The application security landscape is at an inflection point. Development teams are shipping
code faster than ever with the help of AI coding assistants, and while productivity is soaring, so
is risk. Organizations adopting generative AI tools in software development are experiencing
10x more security risks, particularly around design flaws, data exposure, and policy violations.

Against this backdrop, IDC has published its inaugural IDC MarketScape: Worldwide Application
Security Posture Management 2025 Vendor Assessment (doc # US53001925, September
2025), evaluating 18 vendors. Apiiro is honored to be recognized as a Leader in this first-ever
MarketScape, which to us is a milestone that validates our vision for securing software in the AI era.

As AI-Assisted Development Creates 10x More Risk, Visibility and Automation Are Must-Have

The IDC MarketScape report states, “Application security posture management (ASPM) is a continuous, contextual, and risk-based approach to managing application-layer security across the entire software development life cycle (SDLC), from code creation through deployment and operation.” The inaugural IDC MarketScape highlights how vendors are addressing the realities of today’s development environment.

Security teams are overwhelmed by noisy alerts, disconnected tooling, and uncertainty about which risks truly matter. The challenge has grown more acute as AI accelerates software creation. AI coding assistants write technically sound code, free for the most part of syntax errors. But they don’t have deep context and insight into your codebase and runtime environments, causing a sharp uptick in design flaws, misconfigurations, and insecure dependencies, risks that require visibility, context, and automation to manage. It’s a category-defining shift in how application-layer risk is discovered, understood, and managed.

IDC MarketScape Recognizes Apiiro’s Strengths

“The IDC MarketScape is built on a comprehensive evaluation process that combines vendor briefings, customer insights, and market analysis. Apiiro’s position as a Leader in the IDC MarketScape for ASPM reflects its strengths in code-informed visibility, risk detection at the design stage, and highly responsive customer partnerships that support effective contextual prioritization and remediation.”
– Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC.

Apiiro was named a Leader in the report. The report notes, “At the core is Apiiro’s patented Deep Code Analysis (DCA) engine, which powers an extended software bill of materials (XBOM) enriched with technologies, frameworks, contributors, and deployment details. This foundation supports retroactive and continuous analysis of code commits, pull requests, and builds to detect material changes that may impact security or compliance.”

The report also noted, “Customers report high levels of satisfaction with Apiiro’s customer success and support experience, citing responsiveness, preparation, and consistent follow-through.”

We believe the IDC MarketScape’s recognition highlights the tangible outcomes customers achieve with Apiiro: fewer false positives and duplicate alerts, faster remediation, and risk visibility that extends from code to runtime.

AI Puts the Pressure on Application Security Teams

Recent research reinforces the urgency of these capabilities. We’ve found that enterprises adopting AI coding assistants experience:

• 10x increase in security risks introduced by AI-assisted development.
• A surge in design flaws and data exposure issues, which traditional vulnerability scanners rarely catch.
• A widening gap between development velocity and the ability of AppSec teams to keep up.

These findings mirror what the IDC MarketScape identifies in the report: the need for platforms that provide continuous, contextual, and risk-based visibility across the SDLC. Without this, organizations risk falling behind as the software they depend on becomes both more powerful and more fragile.

Governing AI-Generated Code with Agentic Application Security

To us, recognition as a Leader marks an important milestone and validates the approach we’ve built with our customers. It also sets the stage for the next evolution of application security: the agentic era.

Agentic application security involves embedding intelligent, autonomous capabilities that can analyze, prioritize, and remediate risk continuously, not just surface it. Apiiro’s AI AppSec Agent, powered by DCA, represents this next step. It brings automation to every stage of the risk lifecycle:

• Detecting design flaws in planning tools like Jira and GitHub Issues.
• Mapping vulnerabilities to business impact and runtime exposure.
• Automating remediation with suggested fixes in the developer’s IDE and pull requests.
• Enforcing governance with policy-based workflows.

IDC MarketScape Codifies New Expectations for AppSec

IDC MarketScape brings much-needed clarity to a crowded and fast-evolving space. Security leaders have been grappling with the limitations of traditional scanning tools for years, but what this inaugural evaluation does is codify a new set of expectations: visibility that spans design to runtime, prioritization that reflects business impact, and automation that scales with modern development.

The report notes, “The pace of vendor innovation, the blurring of boundaries with adjacent markets, and the diversity of approaches make it challenging for buyers to determine which solutions best align with their needs. As such, this research is a timely response, providing an independent, structured evaluation of ASPM vendors to help create clarity that enables buyers to evaluate fit against their technical environments and identify vendor partners that can address both current requirements and long-term application security goals.”

We believe Apiiro’s recognition reflects the qualities the IDC MarketScape called out as critical for enterprises today: code-informed visibility, contextual risk prioritization, and automation that reduces noise and accelerates remediation.

Looking Ahead

We believe recognition in the 2025 IDC MarketScape affirms that the market now prioritizes principles we’ve championed from the start: code-informed visibility, contextual prioritization, and automated remediation.

As AI reshapes how software is built, we will continue to push application security beyond posture management, toward a truly agentic future. Our mission is to enable enterprises to design, develop, and deliver secure software at the speed their business demands.

We are grateful to IDC for the rigorous evaluation process, to our customers for their trust and feedback, and to our team for their relentless dedication.

You can access a complimentary excerpt of the IDC MarketScape: Worldwide Application Security Posture Management 2025 Vendor Assessment here.