Back
Cookies Notice
This site uses cookies to deliver services and to analyze traffic.
The Impact of AI SAST: Paddle + Apiiro
We sat down with Jed, Senior Application Security Engineer at Paddle, to talk about the biggest challenge security teams face day to day: cutting through the noise. Jed shared how high false-positive rates and low-context findings can slow teams down, making it harder for developers to confidently prioritize the issues that truly matter.
Here are the highlights:
Q: What was broken with legacy AppSec tools?
A: From my experience — and what I’ve seen other Application Security Engineering colleagues deal with — it creates a lot of noise.
I think that’s really the core issue.
With such a high rate of false positives, and findings that often lack context, it makes it difficult for me and other developers to confidently say, “Okay — which of these issues actually matter and should be prioritized?”
When you’re staring at a sea of massive amounts of results, it’s hard to identify what’s truly important.
I really think the high false positive rate is the main issue for a lot of other Application Security Engineers, too.
Q: How does the high rate of false positives impact developers?
A: Sometimes we try to filter things down and only pass off results that we think should be looked at.
But we’ve seen in the past that when we try to get developers to own their areas of development, it’s hard to even get started if there are massive amounts of results.
If you see thousands of false positives, it’s like… where do I even begin?
It often turns into paralysis by analysis.
You try to contribute and be productive, but you eventually just give up because it’s not useful in the end.
Q: What impact did Apiiro have?
A: Apiiro massively reduced the false positives.
In our environment, we’ve seen something like a 90%+ reduction in findings.
And when I say “findings,” I mean the bad kind — the ones that weren’t useful — so we were able to cut that off entirely.
It also made things better because the new AI capabilities from APO with SaaS help give more context into why a finding matters.
It helps you understand how to address it, and what the actual core issue is.
So it dramatically reduced the false positive rate — which was the main issue — and it helps surface the issues that truly matter.
It makes our lives easier.
Work becomes faster, easier, and more productive in that area.