Our AI Assistant is handling 60% of incoming triage work for customers

Semgrep Assistant, a tool designed to triage static application security testing (SAST) findings, has demonstrated remarkable efficacy by accurately filtering out false positives in over 60% of cases, with a user agreement rate exceeding 96%. The Assistant's performance is not based on internal benchmarks but on real-world application, where customers consistently corroborate its decisions. The tool improves the efficiency of small application security teams, often overwhelmed by the sheer volume of potential vulnerabilities, by using local security context and the Semgrep detection engine to provide accurate assessments. Despite the inherent challenges of binary classification in security tasks, the Assistant's design emphasizes accuracy and utility by acting only when confident, thereby maintaining a reliable triage accuracy of over 95%. Recent enhancements, such as the introduction of "Memories," enable the system to remember critical context, further reducing noise and improving decision-making. As AI models evolve and integrate more contextual data, the Assistant continues to enhance its capabilities, helping security teams focus on genuine threats rather than wading through false alarms, thereby reclaiming valuable time and resources.