SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Ai code security scan software engineer modern office monitor
#
Application Security
#
Physical Security
#
DevSecOps

DryRun unveils AI DeepScan Agent for faster code risk

Thu, 5th Feb 2026
Author image
By Shannon Williams, News Editor

DryRun Security has launched DeepScan Agent, an AI-based tool that reviews entire software repositories and produces a risk-ranked security report within hours.

The company is positioning the product as a substitute for traditional full-repository assessments, which often involve lengthy manual work by internal specialists or external consultants. DryRun Security also aims the tool at teams that rely on static application security testing, where large volumes of findings can slow remediation work and mask higher-risk issues.

DeepScan Agent analyses code across a repository and builds an overall picture of how an application functions. It reviews workflows, identity controls, data flows, dependencies and trust boundaries. It then produces a set of findings prioritised by risk, alongside explanations and remediation guidance.

"Security teams don't need more alerts, they need answers," said James Wickett, CEO and Co-Founder, DryRun Security.

"Our new DeepScan Agent combines automated full-repo analysis with human-like reasoning about how an application actually works. Instead of flagging every possible issue, teams can quickly understand what's truly risky and fix it before it becomes a problem. It's like having an always-on senior security engineer at your fingertips."

Big code

Software teams have expanded their codebases over the past decade. Automation and AI-assisted development have also increased the volume of code shipped and the pace of change. That environment can make periodic deep reviews harder to schedule, since large assessments can pull senior engineers away from delivery work.

Traditional SAST tools remain common in application security programmes. These tools scan code for patterns that match known weaknesses. Security teams often need to triage large numbers of findings. That process can take time, and false positives can erode confidence in results.

DryRun Security says DeepScan Agent focuses on how code behaves in context, rather than relying on pattern matching alone. The company describes the approach as reasoning about intent and exploitability, with the goal of reducing low-value output and highlighting issues that present higher real-world risk.

What it flags

The vendor says the agent can surface flaws that depend on application-level logic and cross-cutting context. Examples include authorisation and authentication weaknesses, complex insecure direct object references, and multi-tenant isolation failures. DryRun Security also lists business logic vulnerabilities, secrets exposure in large repositories, and server-side request forgery with internal trust-boundary bypasses.

Those categories can be challenging for automated tools where signals are spread across multiple files, services, or frameworks. Security teams often need to understand how requests move through an application and how identities map to data access. In practice, that work typically involves an experienced reviewer reading code paths end to end.

Delivery cycles

DryRun Security is pitching the speed of analysis as a factor that changes how often teams can run full-repository reviews. The company says the agent can be run ahead of major releases, after large refactors, during acquisition due diligence, or when leadership requests an updated assessment of exposure.

One early user framed it as a shift from occasional assessment to routine use in development processes.

"The speed changes the equation. DeepScan Agent gives us a full-repo security view fast enough to use it as a normal part of delivery, not a once-a-year event," said Kyle Rippee, Staff Product Security Engineer, Tines.

DryRun Security also links the new repository-wide analysis to its pull request analysis tooling. The company says the broader application context from DeepScan can inform how risk is evaluated when code changes are proposed and reviewed. That approach reflects a wider trend in application security towards combining point-in-time scanning with continuous assessment in developer workflows.

Quality signals

Another customer reference highlighted the prioritisation and coverage claims, which are central to how DryRun Security differentiates the agent from traditional scanners.

"What stood out with the DeepScan Agent was the quality of the findings. It's a very helpful way to get meaningful coverage of an entire codebase quickly, and it points engineers to what matters most," said Adam Dyche, Manager, Application Security Engineering, Commerce.

DryRun Security says DeepScan Agent produces a smaller set of issues ranked by risk, with remediation guidance intended for engineers working directly in the code. The company plans to position the product as part of an application security workflow that runs on demand at key engineering moments and feeds into ongoing review of changes as repositories evolve.

Related stories
OT cyber threats shift from spying to disruption in 2025
LockBit 5.0 ransomware targets Windows, Linux, ESXi
Veriff & Data Zoo partner to combat AI identity fraud
CompTIA launches SecAI+ to tackle AI security skills
Proofpoint revamps global partner network for AI era

Top stories

AI-driven phishing surge dominates 2025 cyberattacks
Tailscale unveils Aperture to govern workplace AI use
Palo Alto warns on earnings as guidance disappoints
Gr4vy adds Sardine tools to unify fraud & payments
AI & endpoints reshape global information governance