Data Theorem announces three artificial intelligence security products for application protection, delivered as a single platform for exploit discovery, remediation, and runtime prevention.
The new products, AI Exploits, AI Auto-Remediation, and AI Active Protection, are available now and work without source code.
The announcement comes as security teams face an increase in AI-assisted attacks. Data Theorem argues that traditional application security tools do not take into account how AI accelerates exploit discovery and links vulnerabilities into attack chains.
The approach follows a three-step process. This means identifying exploitable attack chains within running applications, remediating the most severe weaknesses, and applying protection while the software is running.
AI exploits cover the discovery stage. The product uses reverse engineering, dynamic analysis, static analysis, and binary analysis to analyze running applications and identify a set of vulnerabilities, even when complete source code is not available.
Data Theorem says this is important because real-world production applications are often difficult to completely rebuild from a code repository alone. This tool is designed to evaluate applications as they actually run, rather than relying on a theoretical view of your software assets.
The company ties this discussion to broader industry concerns about the cost and reliability of large-scale language models in security testing. This article cites research from Gartner that shows that the structure of the test harness is more important than the model itself in finding vulnerabilities, and that token costs can make agent testing more expensive than traditional static analysis.
AI auto-remediation addresses the next challenge after detection: quickly resolving critical defects. The product can prioritize critical vulnerabilities and automate remediation while allowing organizations to maintain human approval steps for sensitive application code.
You can also push code changes to your production cloud environment, reducing the gap between discovery and patching. The product includes command-line workflows and application programming interfaces for development teams using automated remediation processes.
runtime focus
AI Active Protection is designed to be used when your application or API is already under attack. According to Data Theorem, this is an extension of the company’s existing API Protect and Mobile Protect runtime software development kits that are already deployed in customers’ production environments.
The company says this means customers don’t have to rebuild their architecture or undertake long-term integration projects to add runtime control. The product includes attack path mapping, large-scale language model misuse detection, behavior detection, prompt injection, data exfiltration, and memory scraping defenses.
Data Theorem also argues that runtime controls are important as the gap between exploit discovery and patching is widening. Citing research from Gartner, it says less than 1% of potential vulnerabilities identified in Anthropic’s Mythos Preview are fully patched by maintainers, while more than 99% of vulnerabilities discovered using Mythos are never patched publicly.
Market background
The company is positioning the announcement to counter the broader growth in application security testing. Gartner predicts the application security testing market will reach $5.1 billion, reflecting demand from companies managing more complex software assets and larger attack surfaces.
Data Theorem says the new product will sit on top of its existing Analyzer Engine, which powers its application and API security products. The company currently protects more than 25,000 modern applications for enterprise customers and claims to have detected more than 5 billion application incidents.
The release also highlights how security suppliers are moving beyond alert systems to more automated responses. Increasingly, vendors are looking to not only flag potential weaknesses for engineers to review, but also to identify reachable vulnerabilities, rank the most severe risks, and deploy remediation and compensating controls directly into production environments.
Data Theorem’s pitch is that it’s faster and easier to create exploits than it is to improve patching. As such, they argue that handoff between testing, remediation, and runtime protection will become even more important for security teams managing live applications and APIs.
Doug Dooley, chief operating officer at Data Theorem, explained the launch: “The moment the first AI-discovered zero-day went live, the attack surface changed. Attackers can now leverage AI to chain exploits faster than any engineering team can patch them. The answer is a platform that can find and automatically remediate exploitable chains and enforce guardrails at scale at runtime. This is what we are shipping to all our customers today,” Dooley said.
