SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Data Theorem launches AI security platform for apps

Data Theorem launches AI security platform for apps

Fri, 3rd Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

Data Theorem has launched three artificial intelligence security products for application protection, presenting them as a single platform for exploit discovery, remediation and runtime defence.

The new products - AI Exploits, AI Auto-Remediation and AI Active Protection - are available now and can work without source code.

The launch comes as security teams face a rise in AI-assisted attacks. Data Theorem argues that conventional application security tools do not account for how AI can accelerate exploit discovery and link vulnerabilities into attack chains.

Its approach follows a three-stage process: identify exploitable attack chains in running applications, fix the most serious weaknesses, and apply protections while software remains live.

AI Exploits covers the discovery stage. The product analyses running applications using reverse engineering, dynamic analysis, static analysis and binary analysis to identify chains of vulnerabilities, even when complete source code is unavailable.

Data Theorem says that matters because live production applications are often difficult to reconstruct fully from code repositories alone. The tool is designed to assess the application as it actually runs, rather than relying on a theoretical view of software assets.

The company links that argument to wider industry concerns about the cost and reliability of large language models in security testing. It cites Gartner research showing that the structure of the testing harness matters more than the model itself in vulnerability discovery, and that token costs can make agentic testing more expensive than traditional static analysis.

AI Auto-Remediation addresses the next challenge after detection: closing serious flaws quickly. The product prioritises critical vulnerabilities and can automate fixes, although organisations can retain a human approval step for sensitive application code.

It can also push code changes into production cloud environments to shorten the gap between discovery and patching. The product includes command-line workflows and application programming interfaces for development teams using automated remediation processes.

Runtime focus

AI Active Protection is designed for use when an application or API is already under attack. It extends the company's existing API Protect and Mobile Protect runtime software development kits, which are already deployed in customer production environments, according to Data Theorem.

That means customers do not need to rebuild their architecture or undertake a lengthy integration project to add runtime controls, the company says. The product includes attack path mapping, detection of large language model misuse, behavioural detection, and defences against prompt injection, data exfiltration and memory scraping.

Data Theorem also argues that runtime controls matter because the gap between exploit discovery and patching is widening. It cites Gartner research saying fewer than 1% of potential vulnerabilities identified with Anthropic's Mythos Preview had been fully patched by maintainers, while more than 99% of vulnerabilities discovered using Mythos had neither been patched nor publicly disclosed.

Market backdrop

The company places the launch against broader growth in application security testing. Gartner has projected that the application security testing market will reach USD $5.1 billion, reflecting demand from enterprises managing a more complex software estate and a larger attack surface.

Data Theorem says the new products sit on top of its existing Analyser Engine, which underpins its application and API security products. It says it currently secures more than 25,000 modern applications for enterprise customers and has detected more than 5 billion application incidents.

The release also highlights how security suppliers are trying to move beyond alerting systems toward more automated response. Rather than only flagging possible weaknesses for engineers to review, vendors are increasingly seeking to identify reachable vulnerabilities, rank the most serious exposures, and feed fixes or compensating controls directly into production environments.

For Data Theorem, the pitch is that exploit creation is becoming easier faster than patching is improving. That, it argues, makes the handoff between testing, remediation and runtime protection more important for security teams managing live applications and APIs.

Doug Dooley, chief operating officer at Data Theorem, described the launch in those terms. "The attack surface changed the moment the first AI-discovered zero-day went live. Attackers can now use AI to chain exploits faster than any engineering team can patch them. The answer is a platform that can find the exploitable chains, automatically fix them, and enforce guardrails at runtime, at scale. That's what we're shipping today for all customers," said Dooley.