Ghost Security Releases Groundbreaking Research: AI-Driven Analysis Exposes Flaws in Static Application Security Testing

AUSTIN, TX, UNITED STATES, April 21, 2025 /EINPresswire.com/ --
Ghost Security, a next-gen application and API security startup, today released a data-backed research report that challenges the status quo of static application security testing (SAST).

The report pulls back the curtain on the ineffectiveness of traditional rule-based tools, quantifies the noise, and introduces a new approach powered by AI—Contextual Application Security Testing (CAST).

“As security practitioners, we know the challenges of SAST firsthand—the near endless alerts that take hours to triage with most not amounting to a real risk. We knew there had to be a better way, and this report captures that. We set out to rethink the whole approach from first principles—and we’ve developed CAST: a smarter, AI-powered system that deeply analyzes the structure of your codebase to surface real, validated risks.” —Brad Geesaman, Head of Security Research, Ghost Security

Ghost’s research team analyzed thousands of open-source repositories and ran real-world scans using common SAST tools. The result? An avalanche of low-quality findings—most of which were either false positives or irrelevant. Ghost’s CAST methodology, a unique take on expert systems enhanced by large language model (LLM) agents, was able to cut through the noise and reduce triage volume by over 90%, identifying only high-fidelity issues grounded in real application context.

“We’re not just throwing source code at a model and hoping for a miracle,” said Josh Larsen, Co-Founder and CTO at Ghost Security. “For every app,we carefully curate contextual cues and language-specific guidance to enable high-leverage AI analysis that is rooted in understanding the true structure, intent, and logic of the code. That’s what enables us to surface materially relevant security risks, not just theoretical ones. Imagine an application security platform that’s a true force multiplier for your security team rather than a burden bogging them down with useless noise – that’s our north star and a capability we’re thrilled to introduce to the market. ”

Key findings from the report include:

● Over 80% of traditional SAST alerts were false positives or non-actionable.
● AI-powered CAST reduced triage workload by 90%, surfacing only real, context-aware threats.
● Legacy SAST tools miss modern, complex, and nuanced vulnerabilities tied to application logic, data flow, and custom business workflows.

The release of this report is timed ahead of RSA Conference 2025, where Ghost Security will host a private briefing and happy hour on 29th April at 3 pm PST with select security leaders and press at the Southside Spirit House. For more information, please visit https://lu.ma/hottestinnovators

The company is using this momentum to double down on its mission: to reinvent application security by automating vulnerability detection and triage at scale—without sacrificing depth or accuracy.

The full report, “Exorcising the SAST Demons: How Ghost is Replacing Rule-Based Scanning with AI-Powered Triage”, is available for download at https://ghostsecurity.com/report

For media briefings or interview requests at RSA, please contact press@ghostsecurity.com

---

About Ghost Security
Ghost Security is re-imagining how modern organizations secure their applications and APIs. Built by seasoned security leaders and backed by top-tier investors, Ghost’s AI-powered platform helps teams eliminate shadow APIs, detect complex vulnerabilities, and automatically triage threats in real-time.

Learn more at www.ghostsecurity.com

Sonia Awan
Outbloom Public Relations
soniaawan@outbloompr.net
Visit us on social media:
LinkedIn