AppSec in the AI Era: Closing the Loop on AI-Driven Exploits

The barrier to exploitation just collapsed. For most of software history, finding an exploitable flaw and chaining it into a real breach took skill, time, and patience, the scarce resources that kept attacker volume in check. Frontier large language models removed that constraint. The moment the first AI-discovered zero-day went live, the economics of attack changed, and they are not changing back.

Gartner put the consequence bluntly. In an April 2026 report, the firm warned that "as LLM-driven exploits become easier with models like Claude Mythos, cybersecurity leaders must speed up patching and scale their roadmap efforts, moving faster toward autonomous exposure remediation."² The same report found that "fewer than 1% of the potential vulnerabilities Anthropic has discovered using Mythos Preview have already been fully patched by their maintainers. Over 99% of vulnerabilities Anthropic has discovered using Mythos have not been patched, and have not been disclosed to the public."² Read those findings together and the implication is hard to avoid: discovery is accelerating, remediation is not, and the gap between them is now the security program's central liability.

The defensive posture that follows is simple to state. Think like an AI attacker, and move at AI speed. Today Data Theorem is shipping the platform built to do exactly that: three new AI security capabilities that work as one closed loop, namely AI Exploits, AI Auto-Remediation, and AI Active Protection, all without the need for source code.

"The attack surface changed the moment the first AI-discovered zero-day went live. Attackers can now use AI to chain exploits faster than any engineering team can patch them," said Doug Dooley, COO of Data Theorem. "The answer is a platform that can find the exploitable chains, automatically fix them, and enforce guardrails at runtime, at scale. That's what we're shipping today for all customers."

A year ago, the opening question in most security conversations was some version of what AI do we even have? That question matters, but it is no longer the one that keeps leaders up at night. The question now is sharper and more uncomfortable: which exploitable attack chains are inside our applications right now? Very few teams can answer it.

The stakes behind that question are rising with the market. According to the Gartner® Magic Quadrant™ for Application Security Testing, "the AST market is projected to reach $5.1 billion in 2025, continuing a trend of rapid expansion."¹ That growth tracks a structural change in how software gets built. Enterprise applications now run on AI, and AI introduces a class of risk, including AI-generated exploits that chain together at machine speed, that traditional security tooling was never designed to handle.

Data Theorem's platform follows a three-step loop built on a decade of application and API security experience: discover every exploitable attack chain, automatically remediate the riskiest findings, and protect applications at runtime. Each of the three capabilities announced today owns one stage.

This is the heart of the launch, and the part most likely to change how leaders think about their exposure. Frontier models have made source-code exploit discovery dramatically more accessible, yet production applications rarely arrive with complete, perfectly reconstructable source. AI Exploits closes that gap. It performs AI-powered exploit-chain discovery against running applications, drawing on reverse-engineering, dynamic, static, and binary analysis as needed, so it can chain exploits at runtime without requiring source code.

That distinction is the whole point. Where frontier-model exploit chaining generally depends on having the source, AI Exploits works against the production-grade application as it actually runs, which matters because supplying all the right sources to faithfully reconstruct a live application is frequently impossible. Built on Data Theorem's award-winning Analyzer Engine, AI Exploits chains attack primitives to simulate real-world breaches, pinpoints exploitable vulnerabilities rather than theoretical risks, and reverse engineers compiled apps with no source code in hand.

The engineering choice underneath is what makes this practical, and Gartner says so directly. In its Innovation Insight for Agentic Application Security Testing, the firm found that "the design of the agentic AST harness matters more than the strength of the LLM for vulnerability discovery,"³ while cautioning that "token consumption with frontier LLMs makes agentic AST significantly more expensive than traditional static analysis, with long-term pricing models still maturing."³ Pointing a raw LLM at a code repository is both expensive and unreliable. That is why Data Theorem built an AI harness that lets LLMs leverage the capabilities of the Analyzer Engine directly, grounding exploit discovery in proven analysis for accuracy rather than naive scanning.

Detection is no longer the hard part. What happens after a new exploit chain lands is. AI Auto-Remediation triages the most critical exploits and vulnerabilities and drives them toward an automatic fix, with no human required in the loop. Most enterprises will still prefer to keep a human in the loop to review and approve changes to their most critical application code, and that remains fully supported. For teams that want the loop closed end to end, the platform fixes the code automatically and pushes the change to the production cloud as fast as possible to prevent a breach.

In practice that means a continuous scan-and-patch engine for open-source supply chains, developer-first CLI workflows and APIs built for LLM-driven remediation, and native Model Context Protocol support for AI-enabled IDEs through Code Patch Central. The headline outcome for leaders: zero-day vulnerability exposure time compressed from days to milliseconds.

For the leaders watching their AI spend, the cost model matters as much as the speed. Token consumption has quietly become one of the largest line items in agentic security, and naive remediation, pointing a frontier model at an entire codebase and asking it to reason from scratch, burns tokens fast. Data Theorem's harness changes that math. Because it does the remediation research up front on the Analyzer Engine, it hands the model a tightly scoped, well-researched fix to implement rather than an open-ended problem to solve. Organizations that bring their own AI models spend a fraction of the tokens they would otherwise consume, which turns autonomous remediation from an unpredictable budget risk into a controllable, optimized cost. That is a decisive advantage at a moment when AI spend is under scrutiny in nearly every enterprise.

This is Data Theorem's answer to the mandate Gartner laid out, moving "faster toward autonomous exposure remediation."² When AI can find flaws faster than humans can write fixes, the only way to keep pace is to automate the fix itself.

When an application or API is under active attack, posture management does not help. AI Active Protection extends Data Theorem's existing API Protect and Mobile Protect runtime SDKs, already deployed in enterprise production today. Customers get guardrails, runtime protection, and automated remediation without a new architecture or a lengthy integration project. Shipping today: AI-driven attack-path mapping and LLM-abuse detection, runtime protection with AI-scraping and behavioral detection at scale, and defense against memory scraping, prompt injection, and data exfiltration.

The case for runtime defense is the unpatched gap itself. When more than 99% of AI-discovered vulnerabilities remain unpatched and undisclosed,² compensating controls at runtime carry the load while code catches up. And because every OWASP LLM Top 10 risk, from prompt injection to unbounded consumption, has an API attack vector, Data Theorem's existing API security engine is the natural place to enforce them.

The AST market is splitting. On one side, the old workflows are in decline: manual triage at scale, raw vulnerability lists as the deliverable, point-in-time scans feeding an ever-growing backlog. On the other, demand is spiking for auto-remediation, runtime guardrails, coverage of AI and LLM attack surfaces, and converged platforms that close the loop.

The reframe is simple but consequential. The old model treated the list of vulnerabilities as the product and asked AppSec teams to scale linearly with engineering, a losing proposition when AI agents discover flaws faster than humans can fix them. The new model treats the closed loop, from exploit discovery to active protection, as the product. Vendors that bridge both halves, automating the declining workloads with AI while shipping the new runtime and AI-coverage capabilities teams need now, are the ones positioned to win. Longer vulnerability lists are not.

The uncomfortable truth for 2026 is that your AI attack surface is already live, your most dangerous exposures are exploit chains you cannot currently see, and the rate of AI-driven discovery has decoupled from your ability to patch. That is not a tooling gap you close by buying another scanner that produces another backlog. It is a structural problem that calls for a structural answer: discover the exploitable chains, fix what's exploitable automatically, and enforce guardrails at runtime when code can't keep pace, as one continuous loop rather than three disconnected tools.

That is what Data Theorem is shipping today. AI Exploits, AI Auto-Remediation, and AI Active Protection are available now to all customers, and the AI Active Protection runtime SDKs are already deployed in customer production environments.

If you're scoping your AI security program, start with how the closed loop fits together at

datatheorem.com/solutions/ai-security, where you can also grab the AI Security Solutions Brief. And when you're ready to watch an exploit chain get discovered and closed live, schedule an overview.

¹ Gartner, Inc. "Magic Quadrant™ for Application Security Testing," Jason Gross, Mark Horvath, Giles Williams, Shailendra Upadhyay, Dionisio Zumerle, Aaron Lord. October 6, 2025. ID G00795930.

² Gartner, Inc. "First Take: With Claude Mythos Preview, Anthropic Shows That Creating Exploits Is Easier Than Creating Fixes," Jeremy D'Hoinne, Dionisio Zumerle, Dennis Xu, Charlie Winckless. April 21, 2026. ID G00853958.

³ Gartner, Inc. "Innovation Insight for Agentic Application Security Testing," Dionisio Zumerle. June 5, 2026. ID G00856894.

GARTNER is a registered trademark and service mark, and MAGIC QUADRANT is a registered trademark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.