For the complete documentation index, see llms.txt. This page is also available as Markdown.

How Aikido Uses AI

Aikido uses AI throughout the full software development lifecycle. It starts in the IDE, continues in pull requests and scans, helps teams fix and enforce security standards, and extends into runtime protection and pentesting.

We never use, store, or train on any customer data. Small, anonymized code fragments may be used to guarantee the accuracy of triaging and fixing vulnerabilities.

All AI operations are inference-only, meaning data are processed transiently in memory and never retained or reused.

For a detailed overview of our controls, environments, and compliance measures, please refer to our AI Policy, available upon request through our Trust Center.

AI across the SDLC

From first code to production, Aikido uses AI to:

  • prioritize issues early

  • interrogate findings with contextual AI chat

  • analyze dependency CVEs against real code usage

  • generate and refine fixes

  • generate API specs

  • enforce custom code and cloud rules

  • learn repo-specific standards through extra code context

  • track AI usage in production

  • validate security with AI-powered pentests

1. Start in the IDE

Aikido brings AI directly into the IDE. Developers can prioritize findings and apply fixes before code reaches a pull request.

2. Reduce noise during scans and review

As code moves through scans and pull requests, Aikido uses AI to cut noise and surface what matters first. It checks exploitability, reads real code context, and reprioritizes issues based on likely impact. Check out Denoise via SAST AutoTriage.

Aikido applies the same approach to secret findings. Secrets AutoTriage filters out false positives and prioritizes exposed secrets by whether they are still active and how much access they grant.

For dependency findings, Aikido also runs CVE Exploitability Analysis. It uses AI agents to inspect how a vulnerable package is used in your repository and decide whether the CVE is actually exploitable in your environment. Based on your settings, Aikido can downgrade, upgrade, snooze, or ignore the finding automatically.

When you want to inspect one finding in more detail, use Ask Aikido: Contextual AI Chat. It helps you validate severity, understand realistic attack paths, and ask whether an issue is actually reachable or exploitable in your app. For dependency CVEs, it can also explain the reachability path and the full impact of the vulnerable package in plain language.

Code Quality is also AI-powered. It reviews newly introduced pull request changes and helps enforce engineering standards across many languages. More info in Code Quality Overview.

You can also add extra code context. This gives Aikido AI more signal and less noise. Use it to explain accepted exceptions, architectural choices, and repo-specific standards. Aikido then uses that context to make Code Quality comments more relevant. Check out how to Add Extra Code Context.

3. Fix issues with AutoFix

Aikido generates reviewable fixes for code, dependencies, infrastructure, and containers. You can apply fixes in the IDE or open pull requests for review.

You can also refine generated fixes with follow-up instructions, so the patch better matches your codebase and standards.

4. Generate specs and enforce policies

Aikido can generate an OpenAPI specification directly from backend code. That helps teams start API scanning without maintaining the spec by hand.

Aikido also uses AI for custom rule creation. Teams can define custom code checks in natural language and generate custom cloud misconfiguration checks for their environment.

5. Track runtime AI usage

Zen Firewall tracks LLM provider usage, model activity, token consumption, and estimated cost. That gives teams visibility into how AI is used in running applications.

6. Validate security with Pentests

Aikido Pentest uses autonomous agents to discover, exploit, and validate vulnerabilities across applications, APIs, and infrastructure.

Last updated

Was this helpful?