Jit

Our agent says: “What can I help with?” But honestly… it should be saying:  “So… what are we fixing today?" Because it doesn't just give you answers - it rolls up its sleeves and gets to work. Build custom agents that match your workflows and policies - so every team can automate the work that’s unique to your environment, with the same approvals, oversight, and auditability. Meet the new Jit → https://www.jit.io

“Agentic” only matters if it works in practice. Customers are live. Automated security workflows are running in production. Execute product security work with AI agents - from detection to done. Kicking off a New Year with New Look. https://www.jit.io Shai Horovitz David Melamed, PhD Aviram Shmueli

Foosball fever has taken over the Jit office! 🎉 For the past two weeks, we've been running a full foosball tournament — brackets, hype, rivalries, and all. Today we wrapped it up with cheering, dramatic saves, and a few questionable victory dances. Huge shoutout to Yifat Bardugo for making it happen, and a big congrats to our champion, Yoed Grizim, and runner-ups! ⚽️🔥

🔍 Every Product Security Team wants to focus on resolving CVEs that are easy to fix and have a high security impact, which requires understanding two things (among others): 1. Is the vulnerability reachable in the real environment 2. Is it sitting in a direct dependency where a fix is fast and low-cost That’s where most of the work begins. 𝗕𝗲𝗳𝗼𝗿𝗲 𝗝𝗶𝘁 Security engineers manually pull CVE data, compare it against architecture diagrams to find what’s reachable, and trace dependency graphs to find the direct dependencies. It’s hours of validation to filter noise. 𝗔𝗳𝘁𝗲𝗿 𝗝𝗶𝘁 Jit has a Custom AI Agent that performs the correlation automatically. It identifies CVEs that are both reachable at runtime and located in direct dependencies, and surfaces only the fixes that meaningfully reduce exploitability risk. No more recurring triage sessions. No more digging through dependency trees. No more reviewing CVEs that can’t be exploited. You open a dashboard that’s continuously updated with the info you need to focus on high-impact CVE fixes: who owns them, which ones are reachable, and an auto-generated PR to resolve the problem. ⚡ 𝗕𝘂𝗶𝗹𝗱 𝗮𝗻𝘆 𝗮𝗴𝗲𝗻𝘁 𝘆𝗼𝘂 𝗻𝗲𝗲𝗱 Create your own Custom AI Agent to track, enrich, prioritize, and act on the specific issues they care about. If you can describe the use case, you can automate it with Jit. Read more from the link in the comments!

Ever try to solve a puzzle when thousands of extra pieces from other puzzles are mixed into the box? That’s what it’s like trying to find toxic combinations in product security backlogs. Each issue is just a piece — harmless on its own. But when the right pieces fit together, they form a clear, exploitable attack path. The trouble is: those pieces are scattered across thousands of findings, across multiple scanners, and across constantly changing environments. Manually correlating them is one of the hardest (and most time-consuming) parts of product security. This is where Jit’s Security Evaluation and Remediation Agent (Sera) changes the process. Sera automatically pieces the puzzle together. It correlates every issue with each other and their surrounding system components to reveal the toxic combinations that create real attack paths, which are explained visually and in plain English. The result: 🔍 Backlogs lose the noise. 🧩 Hidden risks become obvious. ⚡ Security teams have all the evidence they need to justify a fix. When the pieces fit, the picture becomes clear. Sera makes sure you see it before an attacker does. Check the link in the comments!

Thanks Om Nalinde for highlighting how AI Agents can transform security! 💪 AI-powered attacks are getting smarter — it’s time our defenses do too.

AppSec engineers will shift from triage to tuning — guiding AI Agents to act on real risk. — Aviram Shmueli, Co-Founder and Chief Research & Innovation Officer at Jit What are your thoughts?

AppSec engineers won’t 𝙙𝙤 more — they’ll 𝙤𝙧𝙘𝙝𝙚𝙨𝙩𝙧𝙖𝙩𝙚 more. The era of agentic AppSec has begun. — Jit CTO & Co-Founder, David Melamed, PhD

🚀 Big news from Jit: customers can now try our Security Evaluation and Remediation Agent (Sera) and Custom Agents! Product security complexity just met its match. Sera and Custom Agents shift product security work from manual digging to supervising agents that automate time-consuming security work. 🔍 Meet Sera. Sera correlates scanner findings across your environment to uncover real, exploitable attack paths, not just isolated issues. No more chasing false positives or manually piecing together toxic combinations. Sera identifies the risks that truly matter and even generates human-in-the-loop remediation plans and code fixes to resolve them faster, with accuracy you can trust. 🧠 Custom Agents — your product security automators. What are you spending too much time on? With Custom Agents, you can create your own AI agents with a simple prompt — like “monitor new attack paths in customer-facing APIs” — to automate the workflow from detection to remediation with a live, continuously updated dashboard. 💡 The result: Product security teams focus on validated risks, not filtering out the noise. We’re building the agentic future of product security. One where security work gets done for you, not by you. Learn more or see a demo in the comments!

Thanks Rohit Ghumare for the detailed analysis! AI Agents are only as good as the data you give them, and the way you structure that data. With Jit's Company Knowledge Graph, our AI Agents produce reliable, accurate, and relevant results.