Novee has announced Agentic Fix, an enhancement to its AI penetration testing platform that helps teams move from validating security findings to deploying fixes in a single step. Agentic Fix extends Novee’s platform by generating remediation guidance from the same exploit context used to uncover an issue, then routing that guidance to the AI coding agents developers already use.
Autonomous pentesting has compressed vulnerability discovery timelines from quarters to hours, but the rest of the vulnerability workflow has not kept up. Once a finding surfaces, it still has to be triaged, assigned and explained to engineering. Then it must be contextualized, patched, reviewed and re-tested. That process remains overwhelmingly manual, leaving exploitable vulnerabilities open in the backlog.
This is where Agent Fix shines. When Novee identifies an issue, users can hand it off to their coding agent of choice, such as Claude, Codex, Copilot, Cursor and Devin. Novee generates a detailed GitHub issue with remediation guidance grounded in the specific exploit path validated against the application being tested.
“We’re bringing security and engineering teams into the same loop and eliminating bottlenecks,” said Ido Geffen, CEO of Novee. “AI coding agents are already helping engineering teams write and refactor production code daily. Pointing those tools at the remediation queue is the obvious next step. What has been missing is validated security context and orchestration. That is what Novee is delivering.”
Agentic Fix is built around the exploit path Novee validates during autonomous pentesting. The platform translates that context into a detailed GitHub issue that gives the selected coding agent the information it needs to generate a fix and open a pull request against the repository. Once the fix is implemented, Novee reassesses the affected asset to confirm the original vulnerability has been resolved.
Instead of another scanner finding or static remediation ticket, Agentic Fix gives security teams a way to move from a validated issue to a fix without forcing engineers into a new workflow. Developers continue using the coding assistants already embedded in their process, while security teams retain the context needed to validate that the fix addressed the root cause.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。