We’re excited to introduce our new AI‑Powered SAST, a complementary analysis capability designed to extend the types of files and languages our platform can assess. While our traditional static analysis engines remain the most powerful and precise way to model application behavior—complete with deep dataflow, control‑flow, secret scanning and semantic understanding—the AI‑Powered SAST broadens coverage by using LLM‑guided reasoning with our expert guidance to evaluate files that don’t yet have full static modeling. It’s not a replacement for our established engines; instead, it enhances your overall security posture by delivering meaningful insight across a wider range of files and emerging technologies.

As with any new capability, it’s important to be clear about both the advantages and the limitations. This post covers what the AI-Powered analysis does best, how it fits into our existing SAST technology, and why both approaches matter in modern application security.

Why AI-powered SAST matters right now

⚡ Rapid coverage for new or niche languages

Traditional SAST requires deep modeling—grammars, semantic rules, control‑flow logic, data‑flow tracking, and years of refinement. That level of precision takes time.

The AI Analyzer, guided by our curated prompts and rules, lets us deliver meaningful analysis for entirely new languages much more quickly. This makes it ideal for:

• Emerging languages and frameworks
• Niche technologies not widely adopted
• Projects with fast‑evolving syntax or conventions

🧩 An immediate solution

AI-powered analysis is an immediate solution for languages otherwise on our roadmap. For some languages, results from the AI analyzer may be sufficient. For the languages that we plan to deliver full static modeling in the near future, the AI Analyzer gives teams a way to start getting actionable results now—rather than waiting months for a complete, highly specialized SAST implementation.

Where the AI Analyzer excels

1. Breadth of file coverage

Because the AI Analyzer is driven by LLM reasoning and predefined rule sets, it can interpret and analyze many different file formats—not only traditional source code.

2. Early visibility for previously unsupported files

Users gain immediate value scanning files that would otherwise receive no SAST coverage until a fully modeled engine is developed.

3. Rapid adaptation to framework variations

Frameworks evolve quickly; prompt‑guided analysis can adapt its detection patterns more rapidly than conventional static models.

Where traditional SAST still leads

While the AI Analyzer is powerful and flexible, it is not a replacement for traditional static analysis. Our established SAST engine remains the preferred choice for languages we already support.

1. Deep, multi‑file understanding

Traditional SAST performs:

• Cross‑file data flow
• Control‑flow reasoning
• Taint analysis
• Semantic resolution
• Interprocedural modeling

The AI-powered analyzer currently performs single‑file analysis, which limits the depth of insight for complex vulnerabilities.

2. Highly tuned accuracy

For mature languages in our SAST catalog, traditional modeling produces more precise results with lower false‑positive risk.

3. Complete vulnerability tracing

Full SAST can show the path of a vulnerability across multiple files, components, and layers of a codebase due to the additional depth of analysis.

One tool to rule them all

Both traditional SAST and AI-powered SAST coexist in the same tool delivering the best of both worlds seamlessly:

• Traditional SAST: Deep, deterministic security analysis for fully supported languages.
• AI-Powered SAST: Fast coverage for new languages, unconventional file types, and early visibility.

With OpenText SAST dynamically switching between type of analysis to retrieve optimal results depending on the language, we’re expanding what developers and security teams can accomplish—ensuring that more file types, more languages, and more parts of your repository can be analyzed than ever before while getting the best results possible every time.

Fortify everything

With the depth of traditional SAST and the ongoing rapid development of AI-Powered SAST, organizations are able to scan more of their repositories than ever before while getting the best results possible.

We’re excited for you to try it and see how it enhances your security workflows. More improvements are already underway, and we look forward to continuing to evolve the platform to meet the needs of modern development teams. To learn more about AI Analyzer and what we have already released, visit our most recent security release announcement!

The post Introducing AI-powered SAST: Expanding the boundaries of static analysis appeared first on OpenText Blogs.