The way organizations think about application security is shifting—fast. OX Security Co-Founder and CEO Neatsun Ziv talks about why the old playbook of “scan, list, and hand over to developers” has run its course.

Ziv explains how the flood of vulnerabilities—now averaging close to 100 new disclosures daily—collides with today’s resource-strapped security teams. Add to that the surge of GenAI-generated code, much of it riddled with flaws, and the burden on developers and AppSec engineers is heavier than ever. A static list of issues is no longer enough; developers need evidence, prioritization, and guidance they can act on without stalling innovation.

He highlights a sobering truth: Not all vulnerabilities matter equally. Research shows that a relatively small subset of flaws drives the majority of breaches. The challenge is separating the noise from the real risks and then proving those decisions to auditors and boards. Ziv outlines how OX Security is trying to reframe the conversation—helping teams zero in on the critical 5% of issues and even providing suggested fixes through agentic remediation.

It’s a model built around trust and practicality: Give developers context and confidence, give auditors evidence, and give security leaders a way to stay ahead of an accelerating threat curve. With AI changing how code is written, reviewed, and exploited, the industry needs tools and approaches that match that pace.

For practitioners, the takeaway is clear: AppSec can’t just be about detection. It has to be about focus, collaboration, and enabling secure software delivery—even as the ground shifts beneath us.