Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In our last post, we explored how short-term memory enables agentic AI to hold a conversation that doesn’t reset after every message. That form of memory is all about flow—preserving context, user intent, and logic within a single session, even as interactions stretch across multiple turns. The longer the session, the more memory is required to maintain continuity. But not all memory needs to be verbose. Long-term memory serves a different purpose: persistence across sessions.

As part of the DevSecNext AI series, Jit hosted Michael Balber—Principal Software Architect at CyberArk—for an in-depth session on how his team built and evaluated real Retrieval-Augmented Generation (RAG) agents in production. Unlike abstract discussions about LLMs and assistants, Michael shared a grounded view of what it takes to deploy agents that don’t just talk—they act.

As part of the DevSecNext AI series, Jit hosted Sahar Carmel—Principal AI Engineer at Flare—for an inside look into what it really takes to become an “AI-first” developer. With nearly a decade of experience in AI and machine learning, Sahar has been hands-on with copilots and agents long before they were mainstream. In this session, he walks through his radical shift in workflow: from writing code line-by-line to orchestrating prompts, tokens, and memory banks.

In today’s fast-moving development environments, vulnerability backlogs are growing faster than AppSec teams can keep up. Scanners can surface thousands of issues, but which ones actually matter? With our new integration with Upwind, Jit’s AI Agents can incorporate runtime context detected by Upwind to help inform the continuous vulnerability triage process – enabling security teams to focus on the issues that matter most.

We’re excited to announce a new integration with StackHawk—a developer-first DAST platform that brings runtime vulnerability testing directly into CI/CD workflows. With this integration, StackHawk findings are now ingested directly into Jit’s unified product security backlog—right alongside SAST, SCA, CSPM, secrets detection, and more.

I am beyond excited to announce that we are launching the first ever Agentic Application Security Platform, which will revolutionize the way AppSec teams and engineers work. Jit will enable customers to build the teams of the future, a blend of human experts who collaborate with purpose-built AI Agents that can operate and remediate risks within your existing stack, exposed by Model Context Protocol (MCP).

We’re excited to announce Jit’s new integration with Bright Security, a best-of-breed DAST solution built for developers. This integration brings Bright’s accurate, low-noise security testing into Jit’s unified product security platform—so your AppSec team and developers can manage, prioritize, and remediate vulnerabilities from one centralized backlog. The problem?

Balancing security and developer experience has always been a challenge. On one hand, teams need best-of-breed security scanners to minimize false positives and surface the most critical vulnerabilities. On the other, too many disparate security tools create complexity, slowing developers down. The key to effective security is combining best-in-class scanning with a unified and intuitive developer experience.

Dynamic Application Security Testing (DAST) is a cornerstone of web application security, allowing organizations to detect vulnerabilities that are actually exploitable in runtime – minimizing false positives. However, managing security findings across multiple tools can prolong risk assessments, prioritization, and remediation. Jit users who want to leverage Invicti, one of the best DAST solutions in the market, have had to manage security findings in a completely separate interface.

We’re excited to announce Jit's Customizable SAST Rulesets, a powerful new feature that allows AppSec and DevOps teams to create and manage custom Semgrep rules tailored to their specific security needs. With Jit orchestrating Semgrep scans across the entire codebase and continuously analyzing every code change, teams can now ensure security gaps are identified and addressed before they reach production.