WTF is ... - AI-Native SAST?
Ladies and gentlemen, my name is Parsia and I'm here to ask and answer one simple question: WTF is AI-Native SAST? (RIP TotalBiscuit). Spoiler: It's SAST+AI. But that doesn't make it useless. Quite the opposite, I'll make the case for passing all your code to AI while tokens are cheap. Don't believe the marketing, though. Current LLMs need serious hand-holding to go beyond surface-level bug discovery, and that hand-holding comes from static analysis.
