Machine learning is being explored as a potential game-changer for Static Application Security Testing (SAST), which finds security vulnerabilities in non-running source code, to improve speed, accuracy, and actionability. SAST has been around for a long time with incremental improvements but has not had significant disruption. The current limitations of SAST tools include computational intensity and providing actionable solutions. Machine learning can help address these issues by maintaining knowledge bases, detecting more vulnerabilities, and automating code fixes. However, the true disruption comes from applying machine learning to improve accuracy and actionability at scale. When implemented incompletely, machine learning can still be used as a distraction. To get the most out of SAST with machine learning, it's essential to consider whether some level of machine learning is already being applied, if the tool offers actionable solutions directly from developer tools, and if it integrates into an automated pipeline.